Jack Koziol APT Presentation Plagiarism

Wed Nov 2 16:25:51 CDT 2011

Jack Koziol of the InfoSec Institute (infosecinstitute.com) gave a presentation in 2010 titled "Advanced Persistent Threat: Understanding attacks on America's most sensitive computer networks uncovers startling security gaps". The slides can be found on the ISI web site or slideshare.net, uploaded by 'Infosec Institute'. According to the PowerPoint advanced properties, they were created on Wednesday, July 21, 2010 by author 'Jack Koziol', but the company shows 'Georgia Tech'. Google searches showed no link between Koziol and Georgia Tech, but searches did reveal the source of his slide deck.

Based on a comparison, Koziol copied a slide deck from John Copeland, used a significant amount of material without editing, and then added additional slides to it. Copeland's PowerPoint file shows the author as 'Copeland John', company listed as 'Georgia Tech' and created Monday, April 21, 2008.

The Plagiarism

The following table details Koziol's slides that were taken from other sources, making up 65% or more of the material. Given the variety of sources used, it is clear that Koziol willfully infringed copyright and plagiarized most of the material. Given the list of ISI clients he includes at the beginning, it is disturbing that so many agencies and companies have paid them for services.

Several slides appear to be written by Koziol, but contain typo/spelling and technical errors. For example, on slide 52 he uses "drives" instead of "drivers". On slide 40, he states "because it is a zero day, [Adobe] Reader is unpatched, Antivirus has no signature for the attack, ASLR is defeated". ASLR is not inherently defeated just because an attack happens to be zero-day, and neither is ASLR a reactive technology like Antivirus.