Feeds

Experts troll 'biggest security mag in the world' with DICKish submission

Researchers SICK OF SPAM submit ridiculous piece to Hakin9

Internet Security Threat Report 2014

Updated Security researchers have taken revenge on a publishing outlet that spams them with requests to write unpaid articles – by using a bogus submission to satirise the outlet's low editorial standards.

Hakin9 rather grandly bills itself as the "biggest IT security magazine in the world", published for 10 years, and claims to have a database of 100,000 IT security specialists. Many of these security specialists are regularly spammed with requests to submit articles, without receiving any payment in return.

Rather than binning another of its periodic requests, a group of researchers responded with a nonsensical article entitled DARPA Inference Checking Kludge Scanning, which Warsaw-based Hakin9 published in full, apparently without checking. The gobbledygook treatment appeared as the first chapter in a recent eBook edition of the magazine about Nmap, the popular security scanner.

In reality there's no such thing as DARPA Inference Checking Kludge Scanning (or DICKS, for short) and the submission was a wind-up. Nonetheless an article entitled Nmap: The Internet Considered Harmful - DARPA Inference Checking Kludge Scanning appeared as the lead chapter in recent eBook guide on Nmap by Hakin9.

This content is normally only available to paid subscribers. However the rib-tickling chapter can still be found here (PDF), perhaps for a limited time only.

"Maybe they were sick of Hakin9's constant please-write-an-unpaid-article-for-us spam and decided to submit some well-crafted gibberish in response," security researcher Gordon Lyon (Fyodor) wrote in a post to the popular seclists mailing list last week. "They clearly chose that title so just so they could refer to it as DICKS throughout the paper. There is even an ASCII penis in the 'sample output' section, but apparently none of this raised any flags from Hakin9's 'review board'."

The nine-page article includes references to "the 10th-percentile latency of NMAP, as a function of popularity of IPv7". While the writers cite 27 references, including seminal journal articles like "Towards the Synthesis of Vacuum Tubes" and "Decoupling 802.11 Mesh Networks From Hierarchical Databases in DNS".

All, of course, complete cobblers from the authors, credited as Jon Oberheide, Nico Waisman, Matthieu Suiche, Chris Valasek, Yarochkin Fyodor, the Grugq, Jonathan Brossard and Mark Dowd.

"All credit for the Hakin9 article belongs to @endrazine [Jonathan Brossard] http://seclists.org/nmap-dev/2012/q3/1050 Hopefully the end result will be less Hakin9 spam in your inbox," said Jon Oberheide, in a Twitter update.

Lyon - the original developer of Nmap - reckons the authors used the Automatic CS Paper Generator as a starting point but this remains unconfirmed.

Amusingly, Hakin9 is now threatening unspecified legal action unless Lyon pulls the guide and his initial post ridiculing the publication of the nonsensical article.

"I guess they expected the security community to be impressed by their DICKS, but instead they faced scorn and ridicule," Lyon writes in a follow-up post to seclists. "Now they're so embarrassed by everyone mocking their DICKS that they had their lawyer send me a removal demand."

Despite these quasi-legal threats, Lyon (along with several other security researchers) still received a request to submit an article to Hakin9 on Wednesday. "Anyone have good ideas for what I should submit? Maybe a paper on the Continuously Updating Nmap Technology System," Lyon suggested.

The incident prompted one advertiser to withdraw support from Hakin9. "We have officially withdrawn any advertisement investment from HAKIN9 in response to the nmap guide fiasco," eLearnSecurity said.

The whole episode recalls the so-called Sokal hoax. Alan Sokal, a physics professor at New York University, submitted a nonsensical article to Social Text, an academic journal of postmodern cultural studies in 1996. The submission was designed to test whether the journal would publish an article "liberally salted with nonsense if it (a) sounded good and (b) flattered the editors' ideological preconceptions," as Sokal explains.

Social Text, much like Hakin9, fell for the ruse.

In a statement, Hakin9 admitted to El Reg that it was at fault for publishing the DICKS paper and promised to do better in future.

A mistake has been made on our part, which has led to a vast amount of criticism towards Hakin9. This situation has influenced us to reflect on our past choices and policies. We want to assure you that from now on we will be working even harder to bring you the best material on IT security out there. We also wanted to take this time to thank all of you for staying by our side; with special thanks to our authors, beta-testers, proofreaders and partners. Thank you all.®

Providing a secure and efficient Helpdesk

More from The Register

next story
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Zippy one-liners, broken promises: Doctor Who on the Orient Express
Series finally hits stride, but Clara's U-turn is baffling
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Win a year’s supply of chocolate
There is no techie angle to this competition so we're not going to pretend there is, but everyone loves chocolate so who cares.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.