Ethical Hacking and Countermeasures: Threats and Defense Mechanisms by EC-Council / Cengage Learning's Course Technology / Michael Goldner - Heavy Plagiarism

Fri Dec 9 18:39:57 CST 2011

The book "Ethical Hacking and Countermeasures: Threats and Defense Mechanisms" is dual-branded as "Course Technology / Cengage Learning" on the upper left and EC-Council | Press on the upper right, along with EC-Council's Certified Ethical Hacker (C|EH) at the bottom right. The book's information page at the start lists Course / Cengage, but the copyright is 2010 EC-Council. Both Course / Cengage and EC-Council staff are listed under the book title. The preface on page xi has an introductory paragraph, then "About EC-Council", followed by "About the EC-Council | Press". According to the paragraph there, and a press release from Course / Cengage, EC-Council | Press is a partnership between EC-Council and Cengage.

On page xvii, titled "Acknowledgements", it credits Michael H. Goldner as working "closely with both EC-Council and Delmar/Cengage Learning in the creation of this EC-Council Press series". While it does not explicitly call him the author, having an entire page acknowledging him suggests he wrote the book or was the lead in putting together the material.

Why does all of the above matter?

It is not abundantly clear who wrote this book, and who is responsible for the book. When we contacted Jay Bavisi, President of EC-Council on December 9, 2011, he told us:

This book belongs to Cengage Learning. It is written and published by them for our exam standards in our name. They hire authors, they write the content, they transfer copyright to ECC and they publish it in our name based on our exams.

Mr. Bavisi also confirmed that Michael Goldner is not an EC-Council employee or a contractor of EC-Council. Based on that, the following material identified as plagiarized appears to be the responsibility of Cengage Learning's Course Technology group, formerly Thomson Course Technology. From page xvii:

Michael H. Goldner, is the Chair of the School of Information Technology for ITT Technical Institute in Norfolk Virginia, and also teaches bachelor level courses in computer network and information security systems. Michael has served on and chaired ITT Educational Services Inc. National Curriculum Committee on Information Security. He received his Juris Doctorate from Stetson University College of Law, his undergraduate degree from Miami University and has been working for more than 15 years in the area of information technology. He is an active member of the American Bar Assocation, and has served on that organization's Cyber Law committee. He is a member of IEEE, ACM, and ISSA, and is the holder of a number of industrially recognized certifications including, CISSP, CEH, CHFI, CEI, MCT, MCSE/Security, Security +, Network +, and A +. Michael recently completed the design and creation of a computer forensic program for ITT Technical Institute, and has worked closely with both EC-Council and Delmar/Cengage Learning in the creation of this EC-Council Press series.

Based on this, it seems Goldner is the author, or perhaps the lead editor who collected content from additional consultants.

The Plagiarism

The following table details the portions of the book that were taken from other sources, making up a considerable amount of the material. A cursory examination was performed on portions of 3 chapters due to time limitations; however, we feel that the amount of material found to be taken from other sources is considerable and likely represents only a fraction of the plagiarism present. Information is included to distinguish not only plagiarized material, but which material was edited to some degree. This shows willful infringement of copyright and inexcusable plagiarism.

Note: Page numbers in this book are in the format #-#, so page 1-7 represents Chapter 1, page 7, and 5-7 represents Chapter 5, page 7.

Pages / total Original Source & Comments
1-2 Definition of Trojan Horse from Standards for Technology in Automotive Retail
1-4 Trojan horse section. Some verbatim, some paraphrased from About Online Tips: What is Trojan Horse and how to recover from a Trojan Horse Infection
Para 1, Sentence 1 = verbatim
Para 2, Sentence 1/2 = verbatim
Para 4, Sentence 1/2 = almost verbatim
Para 5, Sentence 2 = almost verbatim
1-4 Para 7 - 13 = verbatim from ITExperts4u Blog: Places where trojans hide in ur system (2009-03-11)
1-5 Different ways a Trojan can get itno a system, the first 6 of 8 is the same list/order as About Online Tips: What is Trojan Horse and how to recover from a Trojan Horse Infection
1-9 Para 2 - 7 uses almost 100% of the text verbatim from About Online Tips: What is Trojan Horse and how to recover from a Trojan Horse Infection, but expands on it some.
1-12 / 1-13 Netbus section, Para 1, Sentence 2 - 8 and Para 2 verbatim from NetBus - Backdoor For Win 95/98 and Win NT (1998-10-05)
Para 3 - 6 verbatim from NetBus, BO's Older Cousin (1998-10-13)
1-13 Netcat section, Para 2 - 3 verbatim from Netcat Home Page
1-14 Netcat section, Para 4 list verbatim from Netcat Home Page with a little original material added
1-19 RemoteByMail section. Some verbatim, some paraphrased from RemoteByMail 1.01 Page
1-21 Perl-Reverse-Shell section. A few small changes to PHP-Reverse-Shell page
1-22 XSS Shell section. A few small changes to excerpt from Ferruh Mavituna
1-23 XSS Tunnel section. Paragraph almost verbatim from Portcullis Security PDF. Diagram 1-19 in book is redone, but exactly like the one in the PDF.

CCTT section. Almost verbatim from GRAY-WORLD.NET TEAM CCTT Page
1-27 Loki section. Some verbatim, some paraphrased or rewritten from Phrack 49 (Aug, 1996)
1-29 Mosucker section. Some verbatim, some rewritten from dark-e.com. Note: EC-Council book even includes "process manger", as seen on the original source, instead of correcting it to "process manager".


Stopped review of Chapter 1 after establishing a clear pattern.

Pages / total Original Source & Comments
3-3 / 3-4 How Does a Sniffer Work. ~ 90% verbatim from tstc.edu - Sniffers: Basics and Detection
3-6 through 3-8 Lawful Intercept. ~ 95% verbatim from Cisco: Lawful Intercept Overview
3-10 Wireshark. ~ 80% verbatim from Wireshark User Documenation
3-13 ARP. ~ 80% verbatim from erg.abdn.ac.uk - Address Resolution Protocol (arp)
3-14 ARP Poisoning. Last paragraph (9 sentences) ~ 80% verbatim from WatchGuard


Stopped review of chapter 3 due to pages 3-15 through 3-50 being composed of very brief descriptions of a tool, a list of features, and many screenshots.

Pages / total Original Source & Comments
7-5 Para 1/2, verbatim from "Writing Security Tools and Exploits" by James C. Foster, Vincent T. Liu (Syngress, 2006), page 315
7-5 / 7-6 Two bullets and sample code verbatim from "Hack Proofing Your Network" By David R. Mirza Ahmad, Ryan Russell (Syngress, 2002), page 259
7-6 Para 1, half of Para 2, verbatim from "Writing Security Tools and Exploits" by James C. Foster, Vincent T. Liu (Syngress, 2006), page 315
7-7 Simple Heap Contents image (figure 7-3), taken from "Writing Security Tools and Exploits" by James C. Foster, Vincent T. Liu (Syngress, 2006), page 315. Image has "Copyright EC-Council" warning under it.
7-7 Para 1/2, verbatim from "Sockets, Shellcode, Porting & Coding" by James C. Foster, Mike Price, Stuart McClure (Syngress, 2005)
7-7 Para 4 and sample code, verbatim from "Writing Security Tools and Exploits" by James C. Foster, Vincent T. Liu (Syngress, 2006), page 315. Image has "Copyright EC-Council" warning under it.
7-8 Program output and Figure 7-4 from "Writing Security Tools and Exploits" by James C. Foster, Vincent T. Liu (Syngress, 2006), page 165. Image has "Copyright EC-Council" warning under it.
7-8 / 7-9 Entire shellcode section, verbatim from "Hacking Exposed - Network Security Secrets and Solutions" by Stuart McClure, Joel Scambray, George Kurtz (Osborne Publishing, 1999)


Stopped review of Chapter 7 at this point.