How To Become The Worlds No. 1 Hacker

Book Review, by Ben Rothke & Brian Baskin

Jun 10, 2010 11:37:33 PM

Updated: Wed Jun 30 13:26:26 CDT 2010

Original: https://365.rsaconference.com/blogs/securityreading/2010/06/10/how-to-become-the-worlds-no-1-hacker

Original: http://www.thebaskins.com/main/index.php?option=com_content&view=article&id=52:an-independent-plagiarism-review-of-how-to-become-the-worlds-no-1-hacker&catid=15:work

Ben Rothke wrote a book review for the latest book "written" by Gregory D. Evans, titled "How To Become The Worlds No. 1 Hacker". Rothke found the book to be full of errors and grammatical mistakes for the few parts that were actually written by Evans, and he found sweeping plagiarism for parts of the book that covered technical material. Rothke's entire review is reproduced here, as is, with his permission. We thank him for writing this review, performing the plagiarism analysis and letting us include it on Errata.

Update: Almost 20 days later, Brian Baskin did an independent review and found that 95% of the book was plagiarized from various sources. This defies Evans' claims that he wrote 60% of the book in a video rebuttal to Rothke's article. Evans wrote 3,638 words of the book, only about 8.5 pages of content.






How To Become The Worlds No. 1 Hacker

Posted by Ben Rothke on Jun 10, 2010 11:37:33 PM

When I first saw the title of How To Become The Worlds No. 1 Hacker by Gregory Evans, it reminded me a pitch I get from people trying to hawk Amway. But just as there is a limit to the amount of people who can buy and sell soap, there can only be a single #1 hacker in the world. With that, let.s hope no one buys this book, so Neo can keep his title.

The book does get your attention with its audacious title. But a more appropriate title, albeit less flashy, would be The Not So Refined Art of Cut and Paste.

Using Princeton University's definition of plagiarize of "take without referencing from someone else's writing", the book is a poster child for plagiarism. This is somewhat ironic in that the book has a disclaimer of "All rights reserved. No part of this book may be used or reproduced in any manner whatsoever without written permission except in the case of brief quotations embodied in critical articles and reviews."

This is a 342 page book, of which the first 25 pages are somewhat self-serving with an extended biography of the author, and dated letters of praise from former clients.

In short, this is merely a work of cut and paste. In the parts of the book where the author attempts to write original text, it's ripe with various errors. I could list many such errors, but why bother. In fact, the errors start in the preface, where the author calls GLBA the "Gramm-Leach-Billey Act".

On page 5, the author states "first before you start any hack, security audit or any other computer security testing you must have all the write tools in place". Ironic that he meant to use the word right.

On the next page, he recursively writes about Wireshark when he says it was "originally named Wireshark, in May 2006 the project was renamed Wireshark due to trademark issues". It was actually originally named Ethereal. But this is just one of many spelling, grammar, and factual errors in the book. If nothing else, this book screams out for editorial review. But it was self-published, with seemingly no oversight.

But the real offense is the author's blatant use of unattributed sources. I am not talking about a paragraph here or there, it is about wholesale plagiarism, often taking the form of an entire chapter.

Here are a few of the many examples of where the author copies extensively without attribution:

Page/Section Source
Page 16: section 2.3 - port scanning?. Over 1,700 words taken verbatim from http://www.auditmypc.com/port-scanning.asp
Page 22 - section 2.5 - packet sniffing Over 260 words from http://www.grc.com/oo/packetsniff.htm
Page 25 - section 2.8 - wireless LAN/WAN monitoring Over 300 words from http://www.cromwell-intl.com/security/monitoring.html.

The book states "also see the COMSEC section of another page of mine for details on how GSM encryption can be broken".

But "another page of mine" refers to Bob Cromwell, the site's author.
Page 29 - section 3.1 - What are Accounts? Over 400 words directly from http://www.nmrc.org/pub/faq/hackfaq/hackfaq-03.html
Page 31 - section 4.0 - What are Some password basics? Over 1,600 words http://www.nmrc.org/pub/faq/hackfaq/hackfaq-04.html
Page 61 - section 7.1 - Buffer overflows Direct copy of the entire 589 word article Buffer-overflow attacks: How do they work? by Brien Posey
Page 65 - section 7.2 - How do I write a buffer overflow? Copy of the entire 3,100 word article Writing Buffer Overflow Exploits.



My approach until page 70 was to check the text against a Google search. The results were immediate, apparent and undeniable: this book is a systematic cut and paste effort.

Wanting a more sophisticated approach, I used the iThenticate plagiarism checker from iParadigms. The iThenticate scan of the book confirmed what was obvious. In fact, some sections averaged as high as a 95% plagiarism rate, with one chapter coming in at 100%.

While there is no hard and fast definition of where fair use ends and plagiarism begins, Bob Creutz, General Manager at iParadigms told me that "if I had to offer an average, I would say a 10% or greater similarity index warrants editorial scrutiny".

Plagiarism.org notes that it comes down to the amount you've used. The more you've borrowed, the less likely it is to be considered fair use. What percentage of your work is borrowed material? What percentage of the original did you use? The lower the better.

iThenticate is a powerful and fascinating tool, as it shows exactly what web sites the author copied from. It identified the biggest plagiarized section, namely the 5,354 words, which is the entire chapter 12. The author never mentions that he copied it verbatim from the Hacker's Center Security Portal.

Even when plagiarizing, most authors will attempt to cover their tracks somewhat by making even trivial changes to the text; Evans never does that. In the areas the original text has hyperlinks, he neglects to modify his text, in which the paragraph ends on a loose end, confusing the reader.

The author scoured the web and copied information from hundreds of web sites. And therein is the problem of such plagiarism; the output, in which the author calls a book, is a confused assortment of ideas, lacking a coherent stream of thought.

The books failure is not that it is plagiarized; even if the author would have attributed his myriad sources, the book still would have been equally incoherent. This so called step by step guide is simply a disjointed set of topics, slurred together.

For anyone who wants to learn the art of hacking, this book will only serve to give them a lukewarm taste at best, while confusing them the entire time. Used copies of first edition of Hacking Exposed are available for 1 cent plus shipping in the used book section on Amazon.com. Even though it is a decade old, it will serve you much better than this title. As to How To Become The Worlds No. 1 Hacker, it's an epic fail of a book.



Tags: amway, how_to_become_the_worlds_no._1_hacker, gregory_evans, cyber_crime_media, 0982609108, 978-0982609101, rothke, hacker, hacking, plagiarize, plagiarism, ithenticate, iparadigms


main page ATTRITION feedback