Rahul Tyagi - "Hacking Crux 2" Heavily Plagiarized

Tue Jun 19 02:16:58 CDT 2012

Jericho


Rahul Tyagi is a self proclaimed "leading computer security and ethical hacking trainer" in India. He is affiliated with TCIL-IT CHD, an "IT division of TCIL (Telecommunications Consultants India Limited), a Govt. of India enterprise under Ministry of Communications & Information Technology" where he teaches their branded courses. These include the TCIL-IT "Certified Ethical Hacker", "Certified Penetration Tester", and "Certified Cyber Kid". He maintains a Facebook page, personal blog, LinkedIn profile, and Twitter feed (@rahultyagihacks).

His book, Hacking Crux 2, came to my attention several times. The first two were reports that his book contained plagiarism. The third was Tyagi asking me to review the book, to which I replied I did not have the time. Apparently, his name had not stuck in my name as someone that was reported to us, but ultimately it led me to purchase a copy of his book. Eventually, I took the time to review it and had a long string of emails with Tyagi asking about the plagiarism. All of those mails are being made available to emphasize that he denied plagiarizing many times, and ultimately blamed other people before finally admitting he may have.

His initial email to me was seeking a review of the book. Ignoring the plagiarism, the book is a poor attempt to teach hacking in every meaning of the word. The order of material is not logical and the topics are very broad which isn't suitable for a book that weighs in at only 165 pages (172 total, text starts on 7). Tyagi has a consistent lack of understanding of many topics he presents, relying on entire chapters that are primarily screenshots with a brief explanation of some tool of the day. Like many "hacking" books, it is a collection of tools that are often outdated by the time of publication, and that style of book has been the norm for some time. It is abundantly clear that Tyagi is not an expert on hacking, and doesn't have a real clue what it entails or what is really involved. If you see a "hacking" book explain how to send spam, that is a big warning sign you should stay away from it.

The Plagiarism

I reviewed the book "Rahul Tyagi's Hacking Crux 2: Hack The Hackers Before They Hack You", published by GyanKosh Publishers and Distributors (ISBN 9788192359601) for plagiarism. Despite Tyagi's claims that he wrote 92%, the book contains a considerable amount of plagiarized material that he simply did not write.

The following table details some of the portions of the book that were taken from other sources, making up a considerable amount of the material. Information is included to distinguish not only plagiarized material, but also what was done in an attempt to obscure the original source (e.g., removing text or credit). This shows willful infringement of copyright and inexcusable plagiarism. The book was spot checked for plagiarism; this does not constitute an exhaustive review.

Ch/Pg Description Original Source
Ch2, p14, Para 4/5 Description of "Network Scanner" Verbatim from vendor page
Ch2, p16, Para 1 Description of Nmap tool Verbatim from vendor page
Ch4, p24 Explanation of trojans and backdoors Almost entire page from CEH Module 8
Ch6, p38-39 Two paragraphs on SQL Injection, entire section (1 full page) on "simple bypass authentication" SQLi verbatim from Imperva's website, authentication bypass verbatim from CMS Wire article by John Conroy
Ch6, p39-42 Cross-site Scripting section Verbatim from Web Application Security Consortium. Tyagi made small edits to the URL examples in attempt to obscure original source.
Ch7, p45 Intro paragraph on email forging/spoofing Paragraph widely used on many sites.
Ch7, p49 Spamming section Mostly taken from Wikipedia
Ch7, p49-50 Techniques of spamming Verbatim from spam.gov.sa (PDF)
Ch7, p50 Section on spamdexing Mostly taken from previous work (similar work used in many other places)
Ch7, p50-51 Spam on video sharing sites Verbatim from Wikipedia
Ch7, p51 XMS spamming section Verbatim from spam.gov.sa (DOC)
Ch7, p52-54 Email bombing section Mostly taken from CERT
Ch8, p56-57 Keylogger section Verbatim from TechTarget
Ch8, p57 Family Keylogger tool Both paragraphs from New Scientist
Ch8, p60 Secret questions paragraph Verbatim from different New Scientist article
Ch11, p86-87 Types of viruses Verbatim from MakeUseOf article by Matt Smith
Ch11, p87-89 Sample code of a fake virus, some text, and screenshot Verbatim from MakeUseOf article by Tim Watson
Ch13, p95 Section on Proxy Servers Most of the 3 paragraphs from answers.com Wiki
Ch14, p105-106 Penetration testing section One paragraph and all bullets from SecPoint
Ch17, p157-158 WiFi Attacks section Some of the intro, the image, and most of 4 paragraphs from About Online Tips
Ch17, p159 Explanation of protocols HTTP intro paragraph from about.com
FTP both paragraphs from about.com
POP3 paragraph from msu.edu user page
Ch17, p163-164 Working of a sniffer Part of section from About Online Tips