Feeds

'World's No. 1 hacker' tome rocks security world

Plagiarism, racism, and fake Mitnickism alleged

Beginner's guide to SSL certificates

A recently published e-book penned by the self-proclaimed “world's No. 1 hacker” is rocking the security community with back-and-forth allegations of plagiarism, racism, and even threats against a security podcaster and his family.

How to Become the World's No. 1 Hacker is purportedly written by Gregory D. Evans, an animated felon who went on to become CEO of Ligatt Security International, a publicly traded company worth about 0.0002 cent per share that bills itself as a full-service computer security firm. Released by the obscure Cyber Crime Media publishing house, the 342-page PDF is a comprehensive, step-by-step guide for consumers who want to learn how to harden their networks against attackers. Unix security, Wi-Fi cracking, and web service configuration are all covered.

But it turns out that huge chunks of the book weren't written by Evans at all, even though no other authors are credited. For instance, virtually all of Chapter 12 – 5,894 words, to be exact – is identical to this tutorial on port scanning written by Armando Romeo and published on the hackerscenter.com website in early 2008. And 1,750 words found in Chapter 9 were lifted from this manual posted to ethicalhacker.net, including screenshots that make reference to Chris Gates, the original author.

In all, at least 13 of the e-book's 26 chapters were lifted almost entirely word-for-word from other sources without attribution, according to this analysis from Ben Rothke, a senior security consultant for a professional services firm, who ran the portions through iThenticate, an online tool for spotting plagiarism. Other sources that were used without credit include Security Focus, Auditmypc.com, and Squidoo.com.

“Mr Evans has never asked any permission from me and I'm the only owner of the copyrights of my website,” said Armando Romeo, CEO of eLearnSecurity who says in all five Chapters in How to Become the World's No. 1 Hacker “have been literally copied and pasted from my guides” on the Hacker Center website. He added that this is the second run-in he's had with Evans, who regularly appears on local and national TV shows to talk about computer security.

Chris Gates and Donald Donzal, the author and editor respectively of the articles on the Ethical Hacker site, are also steadfast that Evans never had permission to use their content, which was first published published in 2007. Donzal said he's in the process of filing a take-down demand under the US Digital Millennium Copyright Act.

Evans – who in 2002 was sentenced to 24 months in federal prison after pleading guilty to wire fraud – has vociferously defended his use of the previously published articles. In an interview with The Register, he said he began work on the book in 2008, and largely drew on ghost writers who by contract agreed to submit “original content.” He insisted the submissions were vetted for authenticity by a service he declined to name. But he nonetheless went on to challenge the authors who have stepped forward to complain their work has been misappropriated.

“What you're doing is you're saying Greg, you put other people's stuff in your book, but if I go out on the internet, you cannot tell me who owns those other people's stuff,” he said. “All you're doing is you're telling me that who owns a website where other people publish at that website, but they're not the owners of the content.”

'Mitnick under my wing'

Evans, who is African American, has pushed back equally hard against other people asking hard questions about the true origins of his book. In a reference to another company Evans leads, he published a this rebuttal headlined “National Cyber Security Uncovers Racism Within the Computer Security Industry,” and continued to refer to himself as the author of the book.

In an accompanying video blog that was posted late last week, Evans went on to defend his hacker credentials, noting the he was incarcerated on the same floor as Kevin Mitnick during the latter's five-year prison stint for hacking and fraud crimes.

“When I get in there, I take Kevin Mitnick under my wing,” Evans said in the video. “We used to turn around and have contests like who can get free phone calls, who can get away with making a three-way call without getting caught.”

Evans went on to claim that he advised Mitnick on a plea bargain he was negotiating with federal prosecutors and was in the same room as Mitnick when he learned he was going to be interviewed on the CBS News show "60 Minutes." Mitnick denies the account.

“He basically misrepresented our relationship, our meetings” Mitnick told The Register. “He certainly didn't take me under his wing, whatever that means. I didn't really discuss my case with him because you don't discuss your case with other people in jail because they'll become informants.”

According to Mitnick, by the time he was approached by "60 Minutes," he had been transferred to the Lompoc Federal Correctional Complex and hadn't seen Evans in months.

Evans “made that whole story up,” Mitnick said. “He was never there.”

Remote control for virtualized desktops

More from The Register

next story
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
Regin: The super-spyware the security industry has been silent about
NSA fingered as likely source of complex malware family
You stupid BRICK! PCs running Avast AV can't handle Windows fixes
Fix issued, fingers pointed, forums in flames
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
HACKERS can DELETE SURVEILLANCE DVRS remotely – report
Hikvision devices wide open to hacking, claim securobods
prev story

Whitepapers

Why and how to choose the right cloud vendor
The benefits of cloud-based storage in your processes. Eliminate onsite, disk-based backup and archiving in favor of cloud-based data protection.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
Go beyond APM with real-time IT operations analytics
How IT operations teams can harness the wealth of wire data already flowing through their environment for real-time operational intelligence.
Why CIOs should rethink endpoint data protection in the age of mobility
Assessing trends in data protection, specifically with respect to mobile devices, BYOD, and remote employees.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.