The Doghouse: Demiurge Consulting

They claim to be "one of the nation's only and most respected security and intelligence providers" -- I've never heard of them -- but their blog consists entirely of entries copied from my blog since December 24. They don't even cull the ones that are obviously me: posts about interviews I've given, for example.

I contacted them last week and asked that they stop stealing my blog posts. I got an apologetic e-mail in response from Karim Hijazi, whose email sig file identifies him as "Principal/Founder," but nothing has happened since. They haven't stolen any new posts, but they haven't taken down the old ones either. I suppose I could sue them, but public ridicule seems more fitting. (If you're reading this post on the Demiurge site, I'm Bruce Schneier. Hi.)

EDITED TO ADD (2/23): The blog posts are down, and there's a message to me in its place:

Speaking to the team that handles the blog component of the Demiurge website, I have learned not only have they been able to find at least 23 other websites syndicating content from Mr. Schneier’s blog, but there are more than three websites offering full blog post syndication links including Schneier’s blog.

Further, why would you find it offensive if we find your content very interesting to our clientele? If we really were trying to make it look like our content, don’t you think we would have scrubbed it? Besides all the links went back to your bloody blog… just more viewers for you. You weren’t thinking when you tried to flame us Bruce.

All you had to do was ask us to stop syndicating, which we did.

And for completeness, here's Hijazi's original e-mail response to my request: "Please stop stealing my blog posts and republishing them as your own."

Please accept my apologies about the republishing of your blog posts. Quite honestly our web development team was tasked with finding some interesting content to keep the blog component of our firm's website compelling and up to date; it is clear that they took my request out of context. Ironically, I rarely even look at my own firm's website!

I have had them stop the republishing immediately. I know of you by reputation, truly respect your work and thank you for being so gracious in your request; you very well could have been obtuse.

Again, I personally apologize for this situation.

Best,

Karim

I know, I know. But the posts are down, and that's what matters.

Posted on February 23, 2010 at 1:47 PM • 128 Comments

Comments

kog999February 23, 2010 1:51 PM

you should have posted this before they stopped stealing your posts. that way it would also be on there site.

Bruce SchneierFebruary 23, 2010 2:01 PM

"you should have posted this before they stopped stealing your posts. that way it would also be on there site."

I know, but it seemed proper to ask them nicely first. And this might end up on their site after all; I don't know how often they stole my posts. Did they do it every day? Every week? I have no idea.

peteFebruary 23, 2010 2:01 PM

That's very funny. Anyone with access to CapitalIQ or such service should post info about Demiurge. I think "demiurge" loosely translates to "half-assed." I note that they ran a TSA logo contest, too.

BernieFebruary 23, 2010 2:06 PM

They even stole your squid posts. It is like stealing your possessions without wiping your fingerprints off.

AndyFebruary 23, 2010 2:06 PM

I like this quote from the homepage.

"Demiurge Consulting can facilitate and initiate full service consultancy in the event that a key executive, employee or high net worth individual is the subject of a potential kidnap for ransom."

BetaFebruary 23, 2010 2:06 PM

I really wouldn't worry about "theft" like this.

1)Even if they weren't laughably incompetent at it, anyone who became seriously interested in "their" posts would notice your blog pretty soon.
2)They couldn't duplicate the comment dialogue, which is a significant part of the draw of this blog.
3) At worst, some of your ideas will reach some people anonymously whom they wouldn't otherwise have reached at all.

BillyFebruary 23, 2010 2:09 PM

If ever there was a legitimate reason for a DMCA takedown notice, this is it. Their server is 67.192.183.162, hosted at Rackspace.

According to http://www.rackspace.com/information/legal/copyrightnotices.php , You should report rackspace customer copyright violations to:
Director of Compliance
Rackspace US, Inc.
5000 Walzem, MS US-109-1302
San Antonio, TX 78218
1-800-961-4454 ext 3005
abuse@rackspace.com

Tell em: "Don't fuck with Bruce.", give them the IP, a link to this blogpost, and ask them nicely to pull the plug.

CraigFebruary 23, 2010 2:13 PM

In the religious philosophy of the ancient Gnostics, the entity known as "God", "the LORD", "Jehovah", etc. in the Bible is said to be a "demiurge", a usurping entity inferior to the true God. The demiurge claims to be the creator, but he is not, and in fact is incapable of really creating anything. This is entirely too appropriate for this "Demiurge Consulting." They can't even write their own blog, all they can do is rip off Bruce and present his stuff as their own work.

DKFebruary 23, 2010 2:15 PM

I hate to say this but this is what you get for not encrypting your blog. Don't you realize that once you put your site on the web in clear text that anybody can read it?

EYFebruary 23, 2010 2:24 PM

They're located in Boca Raton? One hotbed of spamming? Makes one wonder, why is FL so conducive to fraudulent businesses?

Geri SullivanFebruary 23, 2010 2:31 PM

Wow. That's some reputation they're building for themselves there. The Principal/Founder and anyone else associated with the theft of your blog posts deserves the burden of that reputation.

You're right; they belong in the doghouse. I certainly hope they get some obedience training before they're allowed out on a leash.

ChibiRFebruary 23, 2010 2:45 PM

"They claim to be 'one of the nation's only and most respected security and intelligence providers'"

Maybe that's because they copypasted their "About Us" page from Accuvant (first paragraph) and Kroll (second and third paragraphs)?
http://www.kroll.com/about/
http://www.accuvant.com/AboutUs/History/

Oh, and "Our Skills" comes from Total Intelligence, it seems.
http://culturewav.es/public_thought/45942 (not their site, but I only found the snippets on such profile caches - either they moved it around or changed/removed it, I guess?)

ShaneFebruary 23, 2010 2:51 PM

@pete

demiurge |ˈdemēˌərj|
(noun) a being responsible for the creation of the universe, in particular
• (in Platonic philosophy) the Maker or Creator of the world.
• (in Gnosticism and other theological systems) a heavenly being, subordinate to the Supreme Being, that is considered to be the controller of the material world and antagonistic to all that is purely spiritual

StephenFebruary 23, 2010 2:52 PM

It appears that he wiped the blog from his site in the last 30 minutes. It is now blank.

I kinda hoped that he'd keep the blog up, as it would be a red flag to observant prospective clients that he is not to be trusted.

NostromoFebruary 23, 2010 3:02 PM

It's not unusual for bogus websites to copy stuff from another site. Usually they register a domain name which is similar to the real domain name of the site being plagiarized; sometimes they just rely on a google search (googling for: "security intelligence consulting" without the quotes will find the Demiurge site). The idea is to attract hits from people who confuse the "similar" domain name with the real one.

What's the point? If the site invites entry of email addresses, harvest those. Otherwise, show visitors ads.

spaceman spiffFebruary 23, 2010 3:03 PM

@DK - Encrypting the blog would be way cool. It would certainly weed out the security wannabe's (like myself)... :-) Of course, he could always put the key somewhere in the post in plain text, so all we would have to do is figure out the algorithm Bruce used to encrypt it. Fun!

mikeFebruary 23, 2010 3:06 PM

I also noticed his Art History Major, that's obviously where he got all his experience in 'intelligence gathering' ie. look at Bruce's website!

SlonobFebruary 23, 2010 3:06 PM

DK, you cracked me up.

ViBueiBwaGVlcmFneWwgcmFwZWxjZ3ZhdCB6bCBveWJ0LiAgR3VuYXhmIHNiZSBndXIgdXJucWYgaGMuIA==

Michael TFebruary 23, 2010 3:09 PM

The site is a sock puppet.

He's a web designer, graphic artist, and brand manager. It's likely that he's using this "Demiurge" site as a showcase of his work. He's created a web presence for this fake site using twitter, blogging, linkedin, as well as numerous other third party sites. It's actually pretty impressive.

If you go to FoxLogic Productions, he's got a showcase of other websites. If you don't pay attention to any of the content, they are quite nicely done. Problem is:
gymcentric.com - All Links are for products, there is zero actual fitness content.

dietcentric.com - "Lorem ipsum dolor sit amet, consectetuer adipiscing elit, sed diam nonummy nibh." Yep, display only.

www.originalwit.com - Nothing original...

and it just continues from there.

So the moral: He's trying to show off his web management and branding skills more than his security 'skillz'.

Definitely naughty to be plagiarizing though.

ShaneFebruary 23, 2010 3:15 PM

@Michael

I was just about to pour into that whole rant.

This is a classic case of some dumb designer / flash kid building hundreds of off-the-shelf cute-sy web sites to make himself look like some kind of experienced developer with decades of on-the-job-experience and a huge portfolio.

It probably wasn't the best idea for him, being an aspiring web developer, to garner all this ill attention from the comp/security community, haha, unless he's extremely confident in his development work ;)

Michael TFebruary 23, 2010 3:21 PM

@Shane

Or maybe it was all part of the branding plan....

I bet his site traffic just spiked, along with hits to his LinkedIn Profile. And I'm not exactly sure how, but he's connected to members of the Control System Cyber Security community, a very niche area of cyber security. How he got there, I have no idea.

When I go entrepreneur, I may actually give him a call.

timFebruary 23, 2010 3:29 PM

From the department of people who don't get it... from their front page:

"Further, why would you find it offensive if we find your content very interesting to our clientele? If we really were trying to make it look like our content, don’t you think we would have scrubbed it? Besides all the links went back to your bloody blog… just more viewers for you. You weren’t thinking when you tried to flame us Bruce."

ArchonFebruary 23, 2010 3:39 PM

Good one Slonob.

R3Z4c21yeHpvb2IsIGdzemcgZHpoIHZteGx3cm10IGdzdiBoeGlya2cuICBZZmcgcmcgZHpoIHVmbW1iIG1sbXYtZ3N2LW92aGguICA7KQ==

Actually, it would be pretty neat to have random interspersed cryptograms on blogsites. Or maybe that should be the new CAPTCHA technique.

Michael AshFebruary 23, 2010 3:39 PM

"Syndicating", what a great euphemism for "copyright infringement". I'll have to remember that word next time I decide to "syndicate" a TV show or game.

BillyFebruary 23, 2010 3:43 PM

@Bruce:

You should have written this post before you contacted them, sha1summed the text, and included the checksum in an unrelated post a week ago. Then today you could have revealed what the sha1 was about, and grinned, having gotten your readers to play with some (albeit pretty simple) form of crypto.

You could have done the same with your message to them a week ago, so their denial of it today could be refuted with evidence that existed on their own site before they ever denied it.

ShaneFebruary 23, 2010 3:49 PM

@tim

"Speaking to the team that handles the blog component of the Demiurge website, I have learned [...]", and blah blah blah.

Haha, I seriously just spit coffee everywhere.

Some blokeFebruary 23, 2010 4:11 PM

Who was it who said:

"Any publicity is better than no publicity"

and look what this guy is now getting from you lot!

KenjiFebruary 23, 2010 4:16 PM

Has anyone looked at their PGP key? I was trying to see if it was copied from some other website, but as far as I can tell (I'm no expert), it's invalid.

LeprechaunFebruary 23, 2010 5:24 PM

Being the curious sort, I googled a few quoted sections to see what was being copied from where.

One line in the section discussing services that included executive protection was quoted almost verbatim by several security companies that I got more curious. They all copied from wikipedia. I guess the security services industry isn't to be trusted about copyright.


Source: Executive protection - Wikipedia, the free encyclopedia
Address :
Protective measures may include home security systems, bodyguards, armored vehicles and vehicle scramble plans, mail screening, private jet travel, background checks for other employees, and other precautions.[2] Executive protection may also provide security for immediate and/or extended family members to prevent kidnapping and extortion.

Petréa MitchellFebruary 23, 2010 6:01 PM

Michael T:

I see! Clicking on "Methodology" (in the FoxLogic menu) reveals that one of the services it offers is "Auto populating mega-sites". So the blog scraping was a demo of sorts...

KenjiFebruary 23, 2010 6:09 PM

They PGP key was actually generated for info-request@demiurgeconsutling.com. There were problems with the begin/end lines and a special character that should have been an 'x'.

Bruce ClementFebruary 23, 2010 7:55 PM

Well, he's taken the whole demiurgeconsulting.com site down now, there's just a black with white letters frontpage.

Dietcentric.com is still up, interestingly he didn't even bother to remove the source of this one from the bottom "Powerful Wordpress Themes Design from TemplateMonster."

I had a brief look at the html source in the other sites & find it a little difficult to believe they were all written by the same author (or authoring tool), so I suspect the design work is largely acquiring other peoples' templates.

Not that that is necessarily a bad thing, as long as you have a licence to use and give credit to the original author, which I think is where we came in.

Nick PFebruary 24, 2010 12:30 AM

@ Kenji

So, they can handle intelligence gathering, counterintelligence, pen testing, security architecture, and kidnapping but... they lack the skills to create a valid PGP certificate. With such simple mistakes, I just can't help but feel sorry for the guy who gets kidnapped and dies because they picked the wrong replacement batteries for their cell phones, which die during the pivotal point of an already shaky negotiation.

larsFebruary 24, 2010 5:13 AM

And another one for the Bruce Schneier Facts:

"The demiurge just copied Bruce Schneiers ideas."

Well, it's not crypto, but obviously the physical world is controlled by the might one, Bruce.

[This must all be a big Schneier-controlled conspiracy. How else can you explain that someone first goes for a title like that and than so explicitly subordinates himself under someone so publicly known? Obviously Bruce himself was after some new title for himself: original author of the demiurges blueprint.]

BF SkinnerFebruary 24, 2010 6:19 AM

Oh Come on all--measured response.

How do you handle problems? At the lowest level possible. First you ask for offending material to be removed and only if they don't THEN you escalate. Cost effective.

Do you want Bruce to get the same rep that the Milano's or RIAA have? 'Execution First, then the trial.' Besides I believe DCMA offendors have to be informed about the infringed material before a take down can occur.

That said Mr Hijazi could probably profitablely spend time developing his consultancy's ethical infrastructure. Likely he's got kids out of school developing his website.

@Trichinosis - That! was truly funny.

BF SkinnerFebruary 24, 2010 6:21 AM

Or...Maybe those kids don't work for demiUrge anymore. Except for a home page the entire site seems down.

Nick LancasterFebruary 24, 2010 8:19 AM


If one is promoting web design skills, then samples should be clearly identified as such, which was apparently not the case for the Demiurge Consulting site.

And the script-kiddie response isn't exactly a smart move, either - let's say a potential client surfed to the site and saw that. Hmm. An argument with the person whose content I lifted.

Above and beyond that, it would suggest to me that I direct my business to Counterpane rather than Demiurge, and that's not because Demiurge was syndicating Bruce's content, but because they've shown themselves to be irresponsible/incompetent/unethical.

AguirreFebruary 24, 2010 10:44 AM

Karim's a busy boy.

http://www.karimhijazi.com/about/

"Karim Hijazi is among the world’s most innovative photographers as well as being Director & Founder of foxlogicproductions.com the fashion & art internet enterprise firm. Combining elements of high fashion photography and a vast array of weaponry, Hijazi explores the intersection of the formidible, lethal and seductive.

As a fashion photographer, Karim Hijazi has consistently challenged conventional notions of beauty. He has produced karimhijazi.com, a 10 year retrospective, and Arbalest, a series of weapons pictures. He is currently producing the permanent installation, Powder Keg, for a private client.

As an entrpreneur, Hijazi is the founder and CEO of Demiurge Consulting, a premier counterintelligence agency. As one of the world’s leading risk consulting and private intelligence firms, Demiurge Consulting has helped companies, government agencies and individuals reduce their exposure to risk and capitalize on business opportunities."

BF SkinnerFebruary 24, 2010 11:12 AM

@Aguire "among the world’s most innovative photographers "

..even if i DO have to say so myself.


Hmmmm wait...wait just a pea picking minute here now...

Founder of a COINTEL company since the oughts...traveler...scuba diver...world class fashion photagrapher...web developer and all around good guy technologist...praticionaire of the subtle art of ninjitsu...yachtsman and race car driver.

Why boys and girls I do believe what we have here is an International Man of Mystery. Austin Powers eat your heart out.

By the way what's a boutique intelliegence agency anyway. Somthing that covers just the Rodeo Drive beat?

Petréa MitchellFebruary 24, 2010 11:22 AM

Well, if we're writing a complete biography, here's the part missing from his LinkedIn page:

http://www.prleap.com/pr/74794/

"ComCorp, Inc. announced today that its Board of Directors asked for and received the resignation of President and CEO Karim Hijazi [...]"

airborneFebruary 24, 2010 11:27 AM

Haven't any of you actually read Bruce's post? We can all agree that Demiurge should have asked permission to republish, but the guy responded immediately, and was complementary.

He has a point that there was no "scrubbing" done to the post trying to alter the content to their own. I would be with all of you if he never got back to Bruce, claimed the content was his and didn't have any experience in the industry, but from the looks of it, he does.

The guy actually checks out pretty well. One of my buddies at Bragg said he worked with him in Dubai on some hairy stuff.

I can appreciate the fact the guy is entrepreneurial and has a number of things going on. I am with Michael T: I just might get in touch with him!

Nick LancasterFebruary 24, 2010 11:43 AM

@airborne:

While Karim's exchange with Bruce is perfectly civil, the nanny-nanny-neener response that was posted on the site is an entirely different thing.

Would I entrust my company's security to a firm that seems to be hiring a bunch of ill-mannered script kiddies for their web design team? Doubtful. I'd probably do better trying to hire hackers, even if it means photographing a few squirrels and pigeons to prove my bona fides.

BF SkinnerFebruary 24, 2010 11:52 AM

@Nick

Although the neener tone was juvi. They (well he) did have a point about the syndication upflow.

I just ran a google on "The Doghouse: Demiurge Consulting" and got over 700 hits back on it.

BF SkinnerFebruary 24, 2010 12:00 PM

@Nick

While their, well his I guess, tone was juvi the point was accurate.

I just ran a google of "The Doghouse: Demiurge Consulting" and retrieved over 700 hits.

I looked for a shneier acceptable/fair use statement here but i couldn't find it.

Bruce what are your limits on redistribution?

airborneFebruary 24, 2010 12:04 PM

@ Nick Lancaster:

You make my point for me:

Who is on the stand here? Hijazi or the script kiddies of the website. The guy says he wanted content that was relevant. Wow, what a prick! When he was informed of their actions, he dealt with it and directly with Bruce in a stand up way.

Can you find me decent web designers who are not script kiddies? C'mon, what an inquisition over nothing and on a guy that is clearly on our side.

HJohnFebruary 24, 2010 12:11 PM

Advertisements like "leading authority", "industry leader", and "highly respected" always leae me a chuckle.

When I was road tripping to Florida this month, I got a similar chuckle from billboards: "Voted Best BBQ" (more than one claimed this in the same town); "award winning ribs" (what award?); "cleanest bathrooms on I-75" (and they know this how?).

Then, by the grace of God, a sign for a place in Seffner, FL read: "Chinese Food." Which is exactly what it was. At long last, truth in advertising.

:)

ShaneFebruary 24, 2010 12:16 PM

@airborne

"The guy actually checks out pretty well. One of my buddies at Bragg said he worked with him in Dubai on some hairy stuff. "

Haha, I'm taking a small risk at putting my foot in my mouth here, but I call bullshit.

GreenSquirrelFebruary 24, 2010 12:24 PM

Well, there is the assumption that the site was designed by a "team" consisting of people *other* than Hijazi himself.

The evidence in his favour is not great and I strongly wonder where he has found time to achive his impressive array of claims - unless we are actually talking about Dr Who rather than Austin Powers.

As I see it: A site unethically (if not illegally) scraped content from Bruce's blog. Bruce contacted them and asked them to stop. They responded by putting up a childish response.

After a lot of bad publicity the whole site seems to have condensed into a single page. There are however a few other websites about Hijazi which paint a hard to reconcile picture.

Whether or not Hijazi is the person who designed the site is irrelevant. A company he claims is his own has done two wrong things now and he should resolve the problem properly. If he is the Ninja Assassin Photographer he claims to be then surely he is able to manage his "web design team" in a better manner. If he has so little control over his staff that they can humiliate him in this manner I dread to think what "intelligence" work he can provide.

@airborne - you may well have a "buddy a Bragg" who did some "hairy stuff" with him, but it leaves open the question - when? Was Hijazi one of the Dubai hit team?

I cant for the life of me work out how Hijazi is on anyones side except his own.

HJohnFebruary 24, 2010 12:24 PM

@Shane: "Haha, I'm taking a small risk at putting my foot in my mouth here, but I call bull****."
___________

That's one of the beauties of a blog like this. Putting one's foot in one's mouth isn't as bad when no one knows who you really are, and you can always change names if you do what I'm notorious for and stick both feet in your mouth. lol.

I've used basically only this name for a couple years. I changed names in 2008 or 2007 after too many name collisions and to start over with some people that I wanted a better blogging relationship with. It's a beautiful thing. :)

But you won't be the only one with their foots in their mouth, I suspect BS too.

ddefenseFebruary 24, 2010 12:29 PM

@ Shane

Can't verify the Dubai comment but do know for a fact he (Hijazi) has had some serious talent working closely with him:

Patrick Stach (Optyx) - Seems he has been associated with Demiurge Consulting for years. That's a crypto kid and a half! You all know Stach & Liu, well he's the Stach half.

David Maynor of Errata Security - I hear they are very close friends and worked a number of projects together.

The list goes on.

Don't know about you, but this guy has me intrigued.

bisonFebruary 24, 2010 12:45 PM

@ ddefense

I know Patrick Stach, so I will try to verify this.

At the moment I think it looks like bullshit and smells like bullshit....

ShaneFebruary 24, 2010 12:45 PM

@Green, HJohn

Well, considering 'airborne' and 'ddefense' are both first-time callers around here, I'm guessing it's not that big of a risk after all ;)

BatmanFebruary 24, 2010 12:49 PM

I can vouch for Karim.

He and I did worked closely together years ago when I was gathering intelligence on the Joker.

He was also instrumental in negotiating the safe release of Bruce Wayne after he had been kidnapped for ransom by a rival corporation's henchmen.

A master of ninjitsu as well (and single ladies, rawr!).

airborneFebruary 24, 2010 12:53 PM

@ BF

"I just ran a google of "The Doghouse: Demiurge Consulting" and retrieved over 700 hits.

I looked for a shneier acceptable/fair use statement here but i couldn't find it."

So what now? Go after the other 700+ guilty republishers?

jgrecoFebruary 24, 2010 12:53 PM

@ddefense

Psssh, that's nothing. I once teamed up with Alan Turing and took down the Soviet Union in a day using only unarmed combat and cold hard logic.

Citations? Citations are for wusses.

GreenSquirrelFebruary 24, 2010 12:58 PM

@ airborne

Well its a given that unscrupulous, unethical people will scrape blogs. It happens.

Are you saying it should be ignored because there are 700+ scrapers trying to get ad revenue from Bruce's blog posts?

Or are you saying that Demiurge is legitimate because it is mirroring the tactics of unscrupulous, unethical scrapers?

BF SkinnerFebruary 24, 2010 1:04 PM

Must be nice to be Batman.

I couldn't become Green Lantern unless I was chosen by the guardians of OA, but given enough startup capital and adequate research facilities I could be Batman.

airborneFebruary 24, 2010 1:11 PM

@GreenSquirrel

My point is to the right of your screen is a full text feed with what BF clearly pointed out has no shneier acceptable/fair use statement. Stop addressing the symptoms and go for a cure.

@Shane

Just a guy not going with the hate flow and trying to work with some facts. Really creative and open-minded group here...

ScottFebruary 24, 2010 1:13 PM

In reading through this post again, checking out the claims made by Hijazi (whoever he really is), and the cumulative good stuff from the comments, why am I reminded of "The Adventures of Baron Munchausen", and where *is* Terry Gilliam these days?

jgrecoFebruary 24, 2010 1:15 PM

@airborne

I'll take this as a chance to bring up one of my favorite quotes:

"'By all means let's be open-minded, but not so open-minded that our brains drop out." -Richard Dawkins

ShaneFebruary 24, 2010 1:17 PM

@GreenSquirrel

Yea, it's hard not to be at least mildly entertained by his relentlessness. The amount of effort he's willing to put into keeping up the paperless-paper-trail facade he's built for himself makes me wonder if there shouldn't be a new term christened in the sociopathy/psychopathy vein for the purely internet-based manifestations of the disorders.

jgrecoFebruary 24, 2010 1:22 PM

@BF Skinner

That would be a very interesting adaption, I wonder how that would work. Maybe some sort of "ejection seat" for the brain to get it out of danger. :)

HJohnFebruary 24, 2010 1:25 PM

@Shane: "Well, considering 'airborne' and 'ddefense' are both first-time callers around here, I'm guessing it's not that big of a risk after all ;)"
____________

The way I see it is that BS makes for great guy talk over a cold brew. So if we're wrong, I'll buy the first round for airborne and ddefense so we can all make up some more BS to chat about.

GreenSquirrelFebruary 24, 2010 1:26 PM

@ airborne

A fair use statement would give you, or Karim, an idea on what you could or couldnt use the feed for. Without it you can only assume you cant use it.

Now, some element of "syndication" is acceptable - normally in the form of "I saw an interesting post on XYZ blog here [URL]" or a commentary on the post. You see this all the time on decent blogs (here for example).

Alternatively you get scrapers, which suck up the RSS feed and republish it as their own work. Often to get advertising revenue but sometimes to make it look like a bedroom outfit is a legitimate organisation with a live news service.

From what I can find about the Demiurge site (thanks to Google Cache and WayBackMachine) there wasnt any attempt to produce its own content. Which I find strange for a "premier intelligence" company.

There is no real cure to unethical people trying to pass of the work of another. However the one thing you can do when you find it happening is out the "Company" responsible to make sure they get no tangible benefit from their acts.

What would you suggest instead?

RHFebruary 24, 2010 1:30 PM

I think the author should have come clean when Bruce emailed him. But in this day and age, with marketing what it is, many people are looking for the viral marketing sucess. just look at "pimp my bum.com" where people donated to help a bum get a job.

I think the doghouse is a perfect place for him. I don't think any real damage was done (other than wasting Bruce's time), but a good thwapping with a ruler was in order!

How sad would it be if we just ruined some big online RPG that someone was running, making all of these sites?

By the WayFebruary 24, 2010 1:31 PM

Bruce,

I took the liberty of running "Applied Cryptography," "Secrets and Lies," and "Beyond Fear" through OCR, and I'll be posting them on our website shortly. I'm sure you won't mind, because why would you find it offensive if we find your content very interesting to our clientele?

WillSFebruary 24, 2010 1:49 PM

I'm going to go ahead and assume that the general consensus is that ddefense and airborne are sock puppets for our gallant hero Hijazi.

Bryan FeirFebruary 24, 2010 1:55 PM

@Scott:

Well, Terry Gilliam's latest film was The Imaginarium of Doctor Parnassus, also known as the film that Heath Ledger was doing when he died. Before that it was Tideland, which pretty much disappeared without a trace because distributors didn't want to touch it.

He tends to be a bit of a one-man show, often writer/director/producer, so one film every three or four years or so is about all you can expect.

BF SkinnerFebruary 24, 2010 2:03 PM

@Bryan
I quite liked Tideland and recommend it.

@By the way
Congratualtions on your new job at google. I hear they are great to work for.

KingsnakeFebruary 24, 2010 2:22 PM

http://www.google.com/#hl=en&q=%22karim+hijazi%22&start=70&sa=N&fp=82a61fa7758c1e9

Googling for "Karim Hijazi" is amusing. There is this on SERP 8:

"LuxMedia Altitudes Arabia magazine presents Air Synapsis
Hence its choice for the business aviation development & advisory company established by Karim Hijazi, an eleven year veteran of the aviation sector with ..."

Which if the rest of the cruft is to believed, would mean he has been an "industry leader" since he got his driver's license.

KingsnakeFebruary 24, 2010 2:32 PM

There's at least another 30 sites doing the same thing. (Assuming they are not all Karim doppelgangers ...)

Google [+Schneier +"Karim Hijazi"

WillSFebruary 24, 2010 3:19 PM

Apparently he used to be Information Services Director at Julaiah Group. Interesting how he still hosts their website on top of Foxlogic Productions. Seems a bit odd to let a former employee have that kind of control over your company.

ShaneFebruary 24, 2010 3:45 PM

Well, I've had my fun here, haha.

At least he went splash-page-up before some lonely widow emptied her savings into Demiurge to keep the Boogeyman from clawing holes in her good bed linens.

BF SkinnerFebruary 24, 2010 4:15 PM

@Shane @ziesta

Don't jump to conclusions. He was being released today. Any number of things, up to and including just living in the UK could be keeping him off line.

Me? I'd head to the first pub and show off my stiches for free drinks.

But it IS worrisome. Clive let us know you still live and I'll stand you to a pint of Smiths Stingo.

'course the whole topic could just be a colossal bore to him.

johnFebruary 24, 2010 5:04 PM

It appears that the site has now been deleted with the exception of the opening page. What a shame...

Nick PFebruary 24, 2010 10:49 PM

@ others on Clive R.

He's ok. He's resting his fingers after typing a two-three page rebuttal to me in the botnet's section. Remember that he does his posts on a mobile phone that he can't always be seen with. He usually takes breaks after the essays, err, posts. ;)

Clive RobinsonFebruary 24, 2010 11:06 PM

@ BF Skinner, Shane, ziesta,

"Don't jump to conclusions. He was being released today. Any number of things, up to and including just living in the UK could be keeping him off line."

Well yes. Due to complications I did not go under the "gas" thus the "knife" today. Thus I'm in a catch 22 position of what is making me ill enough to require the surgury is also making me to ill to operate on safely.

Thus I have to go through a stabalisation and testing process first.

Thus it's a bit like filling a bucket with holes in it with water and saying it's good to go when the bucket overflows but not otherwise...

That is they know I'm going to continue to get worse unless other treatment is given, and then when I'm at an acceptable level get me under the knife quick befor I degrade to a dangerous point again.

However this other treatment also potentialy endangers my life and well being as much if not more than the problem they are trying to solve.

The trick the doctors have to do is find the "sweet spot" and hope it's enough to get me under the knife...

With regards

"Me? I'd head to the first pub and show off my stiches for free drinks."

Saddly I'm not alowed to enjoy the benifits of good honest beer or other fermented beverages.

Secondly the problem is internal and these days they tend to go for laprascopic (key hole) surgury where possible as it minimises the impact on the patient.

And for some (sound?) reasons the medical profesion appear to do some quite bizzar things.

Like to fix your heart they make a hole in your groin and shove thin tubes up you (angioplasty). And for some procedures they just use the holes that nature provides (hose pipe down your gullet or worse the opposit direction).

But the ultimate indignity they inflict on you when in hospital has got to be the "stockings -n- gowns".

Now from what I have heard (from the nurses no less) there is a small percentage of the population that like to play doctors and nurses and some men apparently like to dress in nurses apparell.

But I can assure you I just do not look good in white (TED) stockings and a yellow wrap around (gown) that on me is shorter than the most daring of mini skirts and well lets just say drafty around the back.

Mary Quant / Twiggy I most definatly am not, and I'm not ammused by looking like a cross dressing bear, though others appear to find it takes their mind of their own problems...

bclFebruary 25, 2010 4:30 AM

@BF Skinner: google of "The Doghouse: Demiurge Consulting" and retrieved over 700 hits.

I juste googled "and for completeness, here's Hijazi's e-mail response to my request" and got:
- one RSS mirror www.xfruits.com/crowe_sec/general/
- one virus injector (?) ko-kr.facebook.com/note.php?note_id=326119851775
- a few RSS scrapers (calling themselves aggregators) possibly hosting ads: planet.phekda.org/ www.chuvakin.org/rss2html/ www.ibez.ru/aggregator risspa.ru/aggregator/categories/1 risspa.org/aggregator www.libertysys.com.au/aggregator www.planetwebsecurity.org/ antareja.rvs.uni-bielefeld.de/~made/reading/ www.politicalforum.com/political-blogs/ complianceandprivacy.com/blogs/Bruce-Schneier-index.html

@BF Skinner: I looked for a shneier acceptable/fair use statement here but i couldn't find it. Bruce what are your limits on redistribution?

Possible answer, the last RSS scraper above states that "Each blog item is reproduced from the relevant feed from the originating blog, either in full or in part as that feed itself determines."

@airborne "So what now? Go after the other 700+ guilty republishers?"
Ho did you (or your "colleagues" ddefense or Hijazi) count 700 republishers ?

@GreenSquirrel "There is no real cure to unethical people trying to pass of the work of another."
You can make an abuse complaint to providers.

GreenSquirrelFebruary 25, 2010 7:15 AM

@ BCL

Fair one - that would be effective for some cases but would depend heavily on who the host was.

They may lose that site but its easy enough to set up another one and scrape again.

The point I was trying to make to [airborne | sock puppet] was that all you can do is treat the symptoms. In my mind that is what Bruce did by sending an email to [Karim | Austin Powers].

GregWFebruary 25, 2010 8:20 AM

Ah yes, delegating decisions to the clueless to in-theory save a buck... I smell the hidden cost of using offshore IT.

(ObligPCHatTip: I am not saying all offshore people are clueless.)

Nick LancasterFebruary 25, 2010 8:26 AM

@airborne:

Actually, it doesn't prove your point, which seems to be 'anyone can syndicate Bruce, 'cause it doesn't say you can't.'

If you are a 'security consultant' and posting a direct syndication feed to the work of another, unaffiliated consultant whose reputation is far more verifiable than a string of vague testimonials, it is unethical by any measure.

It is even less palatable to then excuse the act by saying, "Well, I thought my clients would be interested," even as your web team acts like a bunch of kids dissing an opponent in team deathmatch.

Finally, because the site now consists of nothing but a static title page, we can gather that Demiurge Consulting offers nothing. Take away the stuff ripped from Bruce - permissible or not - and there's ZERO CONTENT.

I think I'll give my business to Bruce and Counterpane.


MemVandalFebruary 25, 2010 9:24 AM

They took down all posts and apparently entire site, but forgot that GOOGLE the almighty maintains cache ;) LOL

BF SkinnerMarch 1, 2010 6:18 AM

One of our first guesses that it's a demo site -- I think is wrong.

Looks like they are serious. AND as @GreenSquirrel notes serious about using public domain info.

It is a good looking site.

GreenSquirrelMarch 1, 2010 6:57 AM

@ BF Skinner

I agree - it is an attractive and apparently functional site. It strikes me that [karim|whoever] coded the site has a definite talent.

If I was looking for a web designer and this was a demo site, I'd be sold.

Sadly, if I was (weirdly) looking to contact a random "intelligence" company over the internet, and had never read this thread, I woud also be sold on the idea that it was totally legit and above board.

As it stands, should I ever be in the bizarre situation that I was looking for the type of work he offers, I would go elsewhere....

Nick PMarch 2, 2010 12:57 AM

Wow! Talk about reinventing yourself! This site indeed looks amazing. I particularly like how they did the menu bar and color scheme. The first blog article was also nice from a lay perspective. They also redid their services page to make it sound more professional and specific.

I still have a picture of their Google search results, though. It starts with their site, with tons of praise. Next link is: "In the Doghouse..." Then a bunch of sites linking to Bruce's post. Talk about death by advertising [via Google]. Hilarious. I wonder if I should post it.

MostKnownUnknownsMarch 16, 2010 4:38 PM

Beware of anything arising out of South Florida. It's mostly all smoke and mirrors.

wdsMarch 17, 2010 3:52 AM

Uhm, that new site is pretty bad too. The grey on dark is horrible for reading, it's way too dark overall and the little highlight when mousing over sections is tacky and breaks down when you mouse of "socialize".

Leave a comment

Allowed HTML: <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre>

Photo of Bruce Schneier by Per Ervland.

Schneier on Security is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..