How To Become The Worlds No. 1 Hacker

Posted on by Ben Rothke

[For an update to this issue and a comprehensive list of the plagiarized text, see Fair use, plagiarism and the World’s No. 1 Hacker book

When I first saw the title of How To Become The Worlds No. 1 Hacker by Gregory Evans, it reminded me a pitch I get from people trying to hawk Amway.  But just as there is a limit to the amount of people who can buy and sell soap, there can only be a single #1 hacker in the world.  With that, let’s hope no one buys this book, so Neo can keep his title. 

The book does get your attention with its audacious title.  But a more appropriate title, albeit less flashy, would be The Not So Refined Art of Cut and Paste. 

Using Princeton University’s definition of plagiarize of “take without referencing from someone else’s writing”, the book is a poster child for plagiarism. This is somewhat ironic in that the book has a disclaimer of “All rights reserved. No part of this book may be used or reproduced in any manner whatsoever without written permission except in the case of brief quotations embodied in critical articles and reviews”.  

This is a 342 page book, of which the first 25 pages are somewhat self-serving with an extended biography of the author, and dated letters of praise from former clients. 

In short, this is merely a work of cut and paste.  In the parts of the book where the author attempts to write original text, it’s ripe with various errors.  I could list many such errors, but why bother.  In fact, the errors start in the preface, where the author calls GLBA the “Gramm-Leach-Billey Act”. 

On page 5, the author states “first before you start any hack, security audit or any other computer security testing you must have all the write tools in place”.  Ironic that he meant to use the word right. 

On the next page, he recursively writes about Wireshark when he says it was “originally named Wireshark, in May 2006 the project was renamed Wireshark due to trademark issues”.  It was actually originally named Ethereal.  But this is just one of many spelling, grammar, and factual errors in the book.  If nothing else, this book screams out for editorial review. But it was self-published, with seemingly no oversight. 

But the real offense is the author’s blatant use of unattributed sources.  I am not talking about a paragraph here or there, it is about wholesale plagiarism, often taking the form of an entire chapter.

Here are a few of the many examples of where the author copies extensively without attribution: 



Page   16:  section 2.3 - port scanning?.

Over 1,700   words taken verbatim from

Page 22 – section 2.5 – packet sniffing

Over 260   words from

Page   25 – section 2.8  - wireless LAN/WAN monitoring

Over 300   words from


The book   states “also see the COMSEC section of another page of mine for details on   how GSM encryption can be broken”. 


But   “another page of mine” refers to Bob Cromwell, the site’s author.

Page   29 – section 3.1 - What are Accounts?

over 400   words directly from

Page 31 – section 4.0 - What are Some   password basics?


Over 1,600 words

Page 61 – section 7.1 - Buffer overflows


Direct copy of the entire 589 word article Buffer-overflow   attacks: How do they work? by Brien Posey

Page 65  -   section 7.2 - How do I write a buffer overflow?

Copy of the entire 3,100 word article Writing   Buffer Overflow Exploits.

My approach until page 70 was to check the text against a Google search.  The results were immediate, apparent and undeniable: this book is a systematic cut and paste effort. 

Wanting a more sophisticated approach, I used the iThenticate plagiarism checker from iParadigms.  The iThenticate scan of the book confirmed what was obvious.  In fact, some sections averaged as high as a 95% plagiarism rate, with one chapter coming in at 100%. 

While there is no hard and fast definition of where fair use ends and plagiarism begins, Bob Creutz, General Manager at iParadigms told me that “if I had to offer an average, I would say a 10% or greater similarity index warrants editorial scrutiny.” notes that it comes down to the amount you've used.  The more you've borrowed, the less likely it is to be considered fair use. What percentage of your work is borrowed material? What percentage of the original did you use? The lower the better. 

iThenticate is a powerful and fascinating tool, as it shows exactly what web sites the author copied from.  It identified the biggest plagiarized section, namely the 5,354 words, which is the entire chapter 12.  The author never mentions that he copied it verbatim from the Hacker’s Center Security Portal.

Even when plagiarizing, most authors will attempt to cover their tracks somewhat by making even trivial changes to the text; Evans never does that.  In the areas the original text has hyperlinks, he neglects to modify his text, in which the paragraph ends on a loose end, confusing the reader. 

The author scoured the web and copied information from hundreds of web sites. And therein is the problem of such plagiarism; the output, in which the author calls a book, is a confused assortment of ideas, lacking a coherent stream of thought. 

The books failure is not that it is plagiarized; even if the author would have attributed his myriad sources, the book still would have been equally incoherent.  This so called step by step guide is simply a disjointed set of topics, slurred together.  

For anyone who wants to learn the art of hacking, this book will only serve to give them a lukewarm taste at best, while confusing them the entire time.  Used copies of first edition of Hacking Exposed are available for 1 cent plus shipping in the used book section on  Even though it is a decade old, it will serve you much better than this title.  As to How To Become The Worlds No. 1 Hacker, it’s an epic fail of a book.

Ben Rothke

Senior Information Security Manager, Tapad

Blogs posted to the website are intended for educational purposes only and do not replace independent professional judgment. Statements of fact and opinions expressed are those of the blog author individually and, unless expressly stated to the contrary, are not the opinion or position of RSA Conference™, or any other co-sponsors. RSA Conference does not endorse or approve, and assumes no responsibility for, the content, accuracy or completeness of the information presented in this blog.

Share With Your Community

Related Blogs