Hakin9 Magazine - Frequent Plagiarism & Improper Citation

Wed Oct 10 12:20:17 CDT 2012

After a couple tips from the security community suggesting Hakin9 articles contained plagiarized material, we performed a cursory review of several issues to determine if it was true. Our review was not comprehensive; instead, we sampled small bits from a wide variety of articles to determine if it was a systemic problem. Our review determined that there were several articles that showed signs of plagiarism, to varying degrees. In the future we may do a more thorough analysis on a per-author basis, but this review was done to determine if Hakin9 editors performed any review of submitted articles to ensure the works were original. Based on our findings below, it appears that Hakin9 does nothing to ensure that submitted works are original, or properly sourced.

Vol 7 No 01 (01/2012) ISSN: 1733-7186, contains several minor instances of plagiarism, where an author heavily used material with only cosmetic changes and no citation.

Page(s) Content / Original Source
Page 16 Five sentences describing OpenSSH taken almost verbatim from http://www.openssh.com/.
Page 18 At least one OpenSSH option taken verbatim from man page. Amusingly, another option cites the man page.
Page 37-39 Several portions taken from Wikipedia and a codinghoror.com blog. Two pages later, both URLs are included in a 'References' box, but that is not proper citation and still constitutes copied material.

The Hakin9 Extra on Cryptography (01/2012) contains several interesting instances of improper citation (rather than plagiarism), because the article author was involved in, but not necessarily the exclusive author of, the original source. Given the credentials of the authors, several with a Ph.D. or professors at respected universities, proper citation should be second nature to them.

Page(s) Content / Original Source
Page 12 The Hakin9 article "Combining Intrusion Detection and Recovery for Building Resilient and Cost-Effective Cyber Defense Systems" is written by Zsolt Nemeth and Arun Sood. The article borrows material from a paper titled "Combining Intrusion Detection and Recovery for Enhancing System Dependability" written by Ajay Nagarajan, Quyen Nguyen, Robert Banks and Arun Sood. The first three authors are from George Mason University, while Sood is from SCIT Labs, Inc. Given the other contributors, and the fact that one of the two Hakin9 article authors did not contribute to that paper, it should be properly cited as a source for Hakin9.
Page 40 The Hakin9 article "Quantum Key Distribution for Next Generation Networks" is written by Solange Ghernaouti-Hélie and Thomas Länger. This article uses material from a paper titled "Applied quantum cryptography for secure information transmission in critical environment" by Ghernaouti-Hélie and I. Tashi. Like the example above, given the mixed authors, a citation should be made to the original paper to account for I. Tashi's contributions.
Page 48-52 The article "Securing Your Vital Communications" is written by Paul Bakker. In it, he says that he is "lead maintainer for the [PolarSSL] project". However, most of the code examples and a significant amount of text can be found on the PolarSSLTutorial page for the project. While he is the lead maintainer, it is not clear if he is the author of that tutorial, or one of several contributors. Referencing the tutorial in some fashion would be proper citation, as it does not list an author.

The "NMAP Guide" released by Hakin9 already demonstrates that their editors do no sanity checking of submitted content. In addition, one relatively minor instance of plagiarism occurs. Normally we would consider this to be a small enough violation that it didn't warrant publication. However, the author of the article is Sahil Khan, who has already been exposed for plagiarizing more than 99% of one of his books.

Page(s) Content / Original Source
Page 57 The paragraph on the Nmap Scripting Engine (NSE) borrows material from two different pages on nmap.org, verbatim.

Vol 6 No 6 (6/2011) ISSN: 1733-7186, titled "Insecure Access Control", contains several instances of plagiarism in one article.

Page(s) Content / Original Source
Page 26 Most of the second and third paragraph of "Access Control: Lock- down Your Network" are taken verbatim from an article titled "Removing Security Holes" written in 2007.
Page 27 The first text paragraph on this page also borrows several sentences from the same article mentioned above.

Vol 5 No 10 (10/2010) ISSN: 1733-7186, titled "Spyware", contains several instances of plagiarized content in one of the articles.

Page(s) Content / Original Source
Page 41 The "National Do Not Call List" section is cobbled together from several public resources. It uses the text verbatim and does not cite the original sources.
Page 41 The "Opt Out Prescreen" section mentions a URL as a resource, but does not properly cite it as a source. Text from this section is mixed and matched from the reference URL.
Page 44-45 Paragraphs 2 through 8 of the conclusion are taken verbatim from part of an e-book on optout.com.

Vol 5 No 9 (9/2010) ISSN: 1733-7186, titled "Email Security", contains several instances of plagiarism between at least two articles.

Page(s) Content / Original Source
Page 11 The entire table of terms is taken verbatim from voipterms.com.
Page 44-46 The section titled "Finger Pointing (Until the Guilty Plea Bargain)" is over 50% taken from Wikipedia.
Page 46 The section titled "The Breach: Cyber Crime Objectives" is taken almost verbatim from a 2008 blog on the same topic.
Page 46-47 The section titled "The Breach: Cyber Crime Methods" is taken verbatim from an affidavit related to the case. While it is a U.S. government document and not subject to copyright laws, it should still be cited given the amount taken without modification.
Page 48 The third paragraph of the section on Wardriving is taken verbatim from an O'reilly.com publication.

Vol 5 No 7 (7/2010) ISSN: 1733-7186, titled "Securing the Cloud", contains several instances of plagiarism in one article.

Page(s) Content / Original Source
Page 34-35 The section titled "The Long Answer: A Formal Definition of Cloud computing" cites NIST as the source of the definition. However, the next page and a half are verbatim from the same NIST document but not clearly cited as the source.
Page 36-37 The section titled "Key Areas of Security Concern" appears to be taken verbatim from a Cloud Computing course from Strayer University.
Page 39-40 All but the first paragraph of "Host-based Intrusion Prevention Systems (HIPS)" is taken from Wikipedia.

main page ATTRITION feedback