Ankit Fadia - "Unofficial Guide to Ethical Hacking" 32% Plagiarized

Sat Jan 1 01:08:44 CST 2011

Ankit Fadia's career is built on the cornerstone of him writing a 'hacking' book when he was 14, which he used as a means of establishing his expertise on the subject of computer security. Since the book 'Unofficial Guide to Ethical Hacking' (ISBN 0333 93679 5) was published in 2001, Fadia has not been able to keep sales figures straight.

.. the author, ankit fadia, who at the tender age of 14 wrote this book, is the youngest author for macmillan india limited in their 110 years of history.

At 15, his book on Ethical Hacking made him the youngest author to be published by Macmillan India.

Even his parents and siblings weren't aware how tech-savvy Ankit was till he surprised everyone by writing his first book on ethical hacking at 14.

By fourteen years he published his first book titled The Unofficial Guide to Ethical Hacking which became an instant bestseller worldwide, sold 3 million copies and was translated into 11 languages.

The book was clearly written by a 14 year old and did not enjoy the benefit of an editor or technical editor (even as of the 6th reprinting). Countless misspellings, technical errors, repeated material and a high level of disorganization make the book difficult to use even as a reference. The book attempts to dismiss some of this in a "Publisher's Note" saying "Many words in this book have been spelt in the manner that the author is comfortable with and is retained in respect to the inexhaustible spirit of enterprise and adventure of the generation X." While words such as 'kewl' are understood in this context, it does not cover words like 'bascially', 'ubehackers' or 'stricted' [sic].

The book is comprised of many articles written by Fadia for his web site, and later used with minor edits for the book. Throughout the book, there are over a dozen cases of Fadia using material that he did not write. In some cases, he quietly removes headers or text that would give attribution. In others, he blatantly claims credit for writing something he did not. In addition, almost 130 pages at the end of the book are blatantly taken from other sources, sometimes without attribution or honoring explicit copyright statements. This flagrant plagiarism advertised as original work launched his career and now leads to him receiving five-figure speaking engagements.

The Plagiarism

The following table details the portions of the book that were taken from other sources, making up 32.2% of the material. Information is included to distinguish not only plagiarized material, but also what was done in an attempt to obscure the original source (e.g., removing text or credit). This shows willful infringement of copyright and inexcusable plagiarism.

Pages / total Description Original Source
68-69 (2) Perl program demonstrating sockets, removing one line: "#Perl Socket Coding Demonstration by jus" Forbidden Knowledge E-Zine Issue 7 (Oct 1999)
99-102 (4) Sendmail exploit, described as "Here's a brief description of Sendmail (qmail) hole I found recently". Bugtraq post by Valentin Pavlov quoting a mail from Michal Zalewski (1998-01-10)
126-127 (1) A broken Perl script to finger a user, described as "The following is a Perl script [which I created] that allows you.." The script is missing many special characters required for the program to run. Posted to the Happy Hacker Windows Digest list, which Fadia contributed to. Original script "copyright 1999 Keydet89"
156-160 (3) A C program demonstrating port scanning shortcomings. The 47 line header has been removed including the first line: /* Fakescan.c (c) 1999 Vortexia / Andrew Alston andrew[at]idle.za.org fakescan.c by Vortexia (1999)
160-164 (4) 9 paragraphs and a C program about detecting portscans on Unix, with minor edits of original source. Defeating Portscan Detection by Wyzewun, references Vortexia code frmo 1999.
174-177 (3.5) A C program demonstrating password cracking. glide.c by Frank Andrew Stevenson (frank[at]funcom.no) (Dec 1995)
193-196 (4) A C program to decrypt a screen saver program, introduced as "I have written a neat C program for you..", with minor edits to program output. Original by Lonely Hawk, modified by Ryan Veety in Bugtraq post (May 1998)
204-206 (3) A C program for unshadowing password files, with one line removed: /* This source will/should print out SHADOWPW passwd files. */ Original source unknown, but used in Hacking Kit v2.0.b (Mar 1997)
216-217 (1) 5 paragraphs and Perl program for DESBreak, taken verbatim. DESBreak and text by Caboom (2000-03-26)
218-219 (2) A C program to decrypt the admin password in Wingate Version 3.0.0.1, with 18 line header removed. wgdecode.c by Ralph (mustang[at]digivill.net) (1999-03-10)
220-225 (4.5) Description of "Cracking the ICQ Password", based on "The ICQ Security Tutorial" by R a v e N (barakirs[at]netvision.net.il). While most was re-written, several pieces are directly lifted and it is clear where the material came from. The ICQ Security Tutorial / Written by R a v e N (blacksun.box.sk) version 1.9 (2000-07-13)
228-232 (4) A C program for decrypting Netzero passwords. The introduction does not cite the source. The included source code, on the 4th page, leaves in the original author via printf statements. Net Zero Password Decryptor by Brian Carrier of the L0pht (2000-07-18)
232-236 (4) A C program demonstrating decryption of a Cisco password, with the 1 line header removed. Bugtraq post by Jared Mauch (jared[at]puck.nether.net) (1997-11-01)
237-253 (16) Default password list. Taken from Eric Knight's (knight[at]securityparadigm.com) "DAD" list. Default Password List Version 3.03 (2000-07-10)
365-371 (6) Source code for a virus, described as "The following piece of text has been written by me with some help from Drako." Text is taken verbatim from a larger file Drako wrote in 1996, that does not mention Fadia. Virus programming (basics) #1 (1996-08-04)
376-379 (4) Source code for the 'Little Brother' virus. Fadia removed part of the header with full copyright: "Boot record program (C) Copyright Peter Norton 1986" Boot record program source
399-404 (6) Source code for the Leprosy-B virus, with original copyright header left in: "Copy-ya-right (c) 1990 by PCM2." Leprosy-B Virus Source (1990)
483-529 (46) 17 Java applets written by Mark D. LaDue. Note: LaDue's name is mentioned in the book for each, but without the 'Copyright (c)' tag or disclaimer saying that the code may be distributed for any purpose. Using LaDue's code in this book would be acceptable if properly cited. Mark LaDue's Hostile Applets Home Page
529-538 (9) "Ready to Use Sendmail Exploits" section, originally posted by Fadia to the HH digest and re-used in the book. All material taken from Zhart's list. Uses code from sirsyko, John MacDonald and Leshka Zakharoff. http://www.angelfire.com/linux/hack3d/hacking/buglist.txt (now 404) Data collected by: Zhart (1996-11-26)
mime7to8() Exploit Bugtraq post (1996-10-16)
538-542 (5) Sendmail <= 8.9.3 local DoS. Fadia says "taken from PacketStorm", but the post is from Bugtraq by Michal Szymanski, used without editing. local DoS in sendmail (1999-04-03)
543-548 (5) "Ready to Use FTP Exploits The FTP BOUNCE Exploit", taken verbatim from a Bugtraq post. Fadia strips out the 'From' line of the mail as well as the footer signature of Hobbit (_H* 950712). The FTP Bounce Attack, Bugtraq post (1995-07-12)
548-564 (16) Several exploits, written by TheCa, StaTiC (statik[at]free.org), joey__ (youcan_reachme[at]hotmail.com), duke (duke[at]viper.net.au) and James Abendschan (jwa@nbs.nau.edu). Each appears to be left as is, except an injected header from anticode.com is left in. Fadia took each exploit from that site, a repository for exploit code. "FTP Exploits By Ankit Fadia ankit@bol.net.in"
564-566 (2) "Wiping your presence from the target system", a C program for cleaning logs. Code has an injected header from hackingtruths.box.sk (Fadia's site) implying he wrote it or had something to do with it, but does not credit the original author and removes the 3 line header including: "/* invisible.c - a quick hack courtesy of the rogue */" invisible.c by 'the rogue'
566-597 (32) A C program for editing Unix log files, written by Proff (proff[at]suburbia.apana.org.au). Fadia forgot to remove the header that reads "You may not use this program in relation to your employment, or for monetary gain without express permission from the author". marry v1.1 (1991)
597-601 (5) A C program for messing with SYSLOG, written by Matt (panzer[at]dhp.com). SYSLOG Fogger (1994-10-12)
605-608 (4) "CWEM" section, taken verbatim from Zoa Chin of Securax. The book mentions "Special Thanks to Securax team." but does not credit Chin or cite the original source. OFFICIAL RELEASE of the [device]\[device] advisory (2000-03-07)


Total Pages Plagiarised
196 / 608 (32.2%)