Experts troll 'biggest security mag in the world' with DICKish submission
Researchers SICK OF SPAM submit ridiculous piece to Hakin9
Updated Security researchers have taken revenge on a publishing outlet that spams them with requests to write unpaid articles – by using a bogus submission to satirise the outlet's low editorial standards.
Hakin9 rather grandly bills itself as the "biggest IT security magazine in the world", published for 10 years, and claims to have a database of 100,000 IT security specialists. Many of these security specialists are regularly spammed with requests to submit articles, without receiving any payment in return.
Rather than binning another of its periodic requests, a group of researchers responded with a nonsensical article entitled DARPA Inference Checking Kludge Scanning, which Warsaw-based Hakin9 published in full, apparently without checking. The gobbledygook treatment appeared as the first chapter in a recent eBook edition of the magazine about Nmap, the popular security scanner.
In reality there's no such thing as DARPA Inference Checking Kludge Scanning (or DICKS, for short) and the submission was a wind-up. Nonetheless an article entitled Nmap: The Internet Considered Harmful - DARPA Inference Checking Kludge Scanning appeared as the lead chapter in recent eBook guide on Nmap by Hakin9.
This content is normally only available to paid subscribers. However the rib-tickling chapter can still be found here (PDF), perhaps for a limited time only.
"Maybe they were sick of Hakin9's constant please-write-an-unpaid-article-for-us spam and decided to submit some well-crafted gibberish in response," security researcher Gordon Lyon (Fyodor) wrote in a post to the popular seclists mailing list last week. "They clearly chose that title so just so they could refer to it as DICKS throughout the paper. There is even an ASCII penis in the 'sample output' section, but apparently none of this raised any flags from Hakin9's 'review board'."
The nine-page article includes references to "the 10th-percentile latency of NMAP, as a function of popularity of IPv7". While the writers cite 27 references, including seminal journal articles like "Towards the Synthesis of Vacuum Tubes" and "Decoupling 802.11 Mesh Networks From Hierarchical Databases in DNS".
All, of course, complete cobblers from the authors, credited as Jon Oberheide, Nico Waisman, Matthieu Suiche, Chris Valasek, Yarochkin Fyodor, the Grugq, Jonathan Brossard and Mark Dowd.
"All credit for the Hakin9 article belongs to @endrazine [Jonathan Brossard] http://seclists.org/nmap-dev/2012/q3/1050 Hopefully the end result will be less Hakin9 spam in your inbox," said Jon Oberheide, in a Twitter update.
Lyon - the original developer of Nmap - reckons the authors used the Automatic CS Paper Generator as a starting point but this remains unconfirmed.
Amusingly, Hakin9 is now threatening unspecified legal action unless Lyon pulls the guide and his initial post ridiculing the publication of the nonsensical article.
"I guess they expected the security community to be impressed by their DICKS, but instead they faced scorn and ridicule," Lyon writes in a follow-up post to seclists. "Now they're so embarrassed by everyone mocking their DICKS that they had their lawyer send me a removal demand."
Despite these quasi-legal threats, Lyon (along with several other security researchers) still received a request to submit an article to Hakin9 on Wednesday. "Anyone have good ideas for what I should submit? Maybe a paper on the Continuously Updating Nmap Technology System," Lyon suggested.
The incident prompted one advertiser to withdraw support from Hakin9. "We have officially withdrawn any advertisement investment from HAKIN9 in response to the nmap guide fiasco," eLearnSecurity said.
The whole episode recalls the so-called Sokal hoax. Alan Sokal, a physics professor at New York University, submitted a nonsensical article to Social Text, an academic journal of postmodern cultural studies in 1996. The submission was designed to test whether the journal would publish an article "liberally salted with nonsense if it (a) sounded good and (b) flattered the editors' ideological preconceptions," as Sokal explains.
Social Text, much like Hakin9, fell for the ruse.
In a statement, Hakin9 admitted to El Reg that it was at fault for publishing the DICKS paper and promised to do better in future.
A mistake has been made on our part, which has led to a vast amount of criticism towards Hakin9. This situation has influenced us to reflect on our past choices and policies. We want to assure you that from now on we will be working even harder to bring you the best material on IT security out there. We also wanted to take this time to thank all of you for staying by our side; with special thanks to our authors, beta-testers, proofreaders and partners. Thank you all.®