'World's No. 1 hacker' tome rocks security world
Plagiarism, racism, and fake Mitnickism alleged
A recently published e-book penned by the self-proclaimed “world's No. 1 hacker” is rocking the security community with back-and-forth allegations of plagiarism, racism, and even threats against a security podcaster and his family.
How to Become the World's No. 1 Hacker is purportedly written by Gregory D. Evans, an animated felon who went on to become CEO of Ligatt Security International, a publicly traded company worth about 0.0002 cent per share that bills itself as a full-service computer security firm. Released by the obscure Cyber Crime Media publishing house, the 342-page PDF is a comprehensive, step-by-step guide for consumers who want to learn how to harden their networks against attackers. Unix security, Wi-Fi cracking, and web service configuration are all covered.
But it turns out that huge chunks of the book weren't written by Evans at all, even though no other authors are credited. For instance, virtually all of Chapter 12 – 5,894 words, to be exact – is identical to this tutorial on port scanning written by Armando Romeo and published on the hackerscenter.com website in early 2008. And 1,750 words found in Chapter 9 were lifted from this manual posted to ethicalhacker.net, including screenshots that make reference to Chris Gates, the original author.
In all, at least 13 of the e-book's 26 chapters were lifted almost entirely word-for-word from other sources without attribution, according to this analysis from Ben Rothke, a senior security consultant for a professional services firm, who ran the portions through iThenticate, an online tool for spotting plagiarism. Other sources that were used without credit include Security Focus, Auditmypc.com, and Squidoo.com.
“Mr Evans has never asked any permission from me and I'm the only owner of the copyrights of my website,” said Armando Romeo, CEO of eLearnSecurity who says in all five Chapters in How to Become the World's No. 1 Hacker “have been literally copied and pasted from my guides” on the Hacker Center website. He added that this is the second run-in he's had with Evans, who regularly appears on local and national TV shows to talk about computer security.
Chris Gates and Donald Donzal, the author and editor respectively of the articles on the Ethical Hacker site, are also steadfast that Evans never had permission to use their content, which was first published published in 2007. Donzal said he's in the process of filing a take-down demand under the US Digital Millennium Copyright Act.
Evans – who in 2002 was sentenced to 24 months in federal prison after pleading guilty to wire fraud – has vociferously defended his use of the previously published articles. In an interview with The Register, he said he began work on the book in 2008, and largely drew on ghost writers who by contract agreed to submit “original content.” He insisted the submissions were vetted for authenticity by a service he declined to name. But he nonetheless went on to challenge the authors who have stepped forward to complain their work has been misappropriated.
“What you're doing is you're saying Greg, you put other people's stuff in your book, but if I go out on the internet, you cannot tell me who owns those other people's stuff,” he said. “All you're doing is you're telling me that who owns a website where other people publish at that website, but they're not the owners of the content.”
'Mitnick under my wing'
Evans, who is African American, has pushed back equally hard against other people asking hard questions about the true origins of his book. In a reference to another company Evans leads, he published a this rebuttal headlined “National Cyber Security Uncovers Racism Within the Computer Security Industry,” and continued to refer to himself as the author of the book.
In an accompanying video blog that was posted late last week, Evans went on to defend his hacker credentials, noting the he was incarcerated on the same floor as Kevin Mitnick during the latter's five-year prison stint for hacking and fraud crimes.
“When I get in there, I take Kevin Mitnick under my wing,” Evans said in the video. “We used to turn around and have contests like who can get free phone calls, who can get away with making a three-way call without getting caught.”
Evans went on to claim that he advised Mitnick on a plea bargain he was negotiating with federal prosecutors and was in the same room as Mitnick when he learned he was going to be interviewed on the CBS News show "60 Minutes." Mitnick denies the account.
“He basically misrepresented our relationship, our meetings” Mitnick told The Register. “He certainly didn't take me under his wing, whatever that means. I didn't really discuss my case with him because you don't discuss your case with other people in jail because they'll become informants.”
According to Mitnick, by the time he was approached by "60 Minutes," he had been transferred to the Lompoc Federal Correctional Complex and hadn't seen Evans in months.
Evans “made that whole story up,” Mitnick said. “He was never there.”
Hacker, hustler, or class clown?
“What I recall of him, he wasn't too savvy with hacking, but he did understand phone phreaking,” Mitnick continued. Evans's 1998 prosecution “was a typical fraud case. It wasn't hacking or phone freaking, really. He seemed to be a nice guy, a very evangelist type personality. I kind of sized him up kind of like a hustler, a grifter.”
Indeed, in video blogs promoting Ligatt Security to potential shareholders, Evans comes across at some points as a high-pressure salesman and at others as a class clown. In this video from last year discussing a deal involving a property known as spoofem.com he shares this nugget:
“I got the news this morning on my way to work, got here late because I caused an accident when I was reading my email and I saw it and I started screaming and I swerved and then this tractor trailer fell over and hit this bus full nuns and it was just [a] mess, but I took off real quick because I got a fast car. They didn't know it was me, so I'm here doing this video blog. Pray for me."
Be like 'Googles'
In the same video a few minutes later, he compared Ligatt shares to those of Google – which he mistakenly refers to as “Googles” – before the stock hit sky-high prices: “It's just like buying Googles,” he said. “You could have bought Googles years ago. Just imagine if you bought Googles at a penny or less than a penny how trillionaire you'd be today. I'm trying to give you that same vision."
But it's fair to say Evans, who says he's 41 years old, has a temper as well. About a half hour into his interview with The Register, after growing increasingly agitated with the questions, he abruptly stopped the conversation and, through a spokeswoman, refused to continue.
And according to this account from security blogger and podcaster Chris John Riley, someone left a post threatening “to go after you family [sic]” less than 15 minutes after he spoke with Evans on the phone to arrange a taped interview regarding the allegations of plagiarism.
“I will have my friend in your country tracked down [sic] everyone you are friends with and your family and see what you are all about,” the posting stated. The person didn't sign the message, but the IP address used to leave the message belongs to a Bell South customer in the Atlanta area, where Ligatt Security is headquartered.
Evans – who often refers to himself as the "world's No. 1 hacker" and is regularly interviewed by various Fox News anchors and affiliates – has yet to say whether he played any role in posting the comments. He terminated his interview with The Register before the issue could be addressed.
Riley said that nothing during his brief conversation with Evans on Wednesday gave any indication there were any hard feelings. But when the time they had arranged to conduct the podcast came, Evans was a no-show.
Said Riley: “I did log onto Skype and I did wait and nothing ever came around. I thought it was funny. To be honest, I think Greg is more bark than bite.” ®
This story was updated to link to Evans's video on Vimeo. A separate Evans video is here.