An Incident in Georgia Weidman's Training (or, Don't Mess With My Students)Thu 19 June 2014 by Wesley
Today I received an email from a student who had taken my security and reverse engineering classes that had attended Circle City Con in Indianapolis this past weekend, along with another former student. He had a good time, but mentioned an incident that occurred that he'd rather discuss over the phone. Concerned, I had him call me immediately to talk about what had happened.
He related a story to me about Georgia Weidman's interactions with him and his fellow attendee/classmate when they attempted to participate in her free training at that conference. She noticed that one of them was wearing a Mississippi State shirt and associated them with me, at which time things when downhill. It seems that she took out on them every frustration regarding conversations I've had with her publicly and privately about professionalism, accepting constructive criticism, and academic integrity in writing. Georgia asked if they were my "spies", indicated that I had sent spies to her classes before (which I haven't, I'm no Varys), and consulted with Circle City Con staff as to whether or not they should be allowed to attend.
It is my position that these students should not have been treated in this manner by Georgia, and I find it outrageous that she would make these two students feel so unwelcome and uncomfortable simply because of their association with someone that has criticized her. Having taken that as an opportunity to attack me, in my absence, at that conference in front of these two students and a room of other attendees, as you'll see below, I see no reason why I should remain quiet about it. After being pressured in private conversations with her, at times under threat of self-harm, I had agreed not to post a review of her book, and therefore did not attach her name, nor the title of her book, to a post that I had made on the topic of integrity in security writings. As I'm sure readers will understand, I no longer have any motivation to continue obfuscating that.
I'll refer to the students in this incident as Student A and Student B, and I will relay their account of the incident to you as accurately as I can below. I trust and respect these two students' integrity. Both were very professional and honest in my classes, to the point of disclosing to me that they were roommates and occasionally discussed assignments in general terms (which is fine, but I was impressed by them being forward about it). They attended BSides Jackson, representing Mississippi State University well. They have no motive, or anything to gain, from lying or exaggerating about the encounter. It's not surprising that they know nothing of my prior interactions with her. Relatively few of my students follow me closely on Twitter, most of Georgia arguing with me (or, at me) took place via DM, and she deletes her side of related public conversations. They were simply students in my class, interested in security. I don't direct their research, don't serve on their graduate committees, and no longer have any impact on their grades.
In my discussion with them about this incident, it's clear to me that it's their sense of professional honesty and fairness that has made them willing to overcome their discomfort with the situation to share their story with you. I have only edited parts which I feel might too-obviously identify them. I ask that if you do know who they are, please join them in their professionalism and do not "out" them, as they have (quite sanely) requested to not be identified.
Student A's account:
I am attempting to layout the events as I remember them as objectively and as accurately as I can.
[Student B] and I had no previous knowledge of the professional history between you and Georgia. The con started at 9:30 AM on Friday June 13th. Classes, including Georgia’s, didn’t start until 10. I was unable to leave [redacted] until approximately 1 PM due to [redacted]. I arrived at the conference at around 2:00 to 2:20. [snip conference activities]. At this point we decided to check out the remaining hour and half, two hours of the pentesting workshop Georgia was teaching. I find a seat in the back and boot up Kali.
[Student B] walks in and with no more open seats, stands behind me. When she gave the class time to play around with a tool they had just been taught a little about (maybe 5 or so minutes after I get there), I walk up to the front of the class to ask if she has a flash drive with the victim VM on it. She asks me why I’m late and if I had signed up for the mailing list. I explained that I left from [redacted], and I wasn’t able to leave until the afternoon due to a meeting, no problems at this point.
She starts looking for the flash drive and then notices my shirt. I was wearing [redacted excessive detail, MSU shirt]. She immediately stopped what she was doing and asked, “You’re from MSU? Do you know Wes McGrew?” (the tone wasn’t hostile, but she was on edge)
I replied, “Yes... I’m his student. Why?” There was an audible intake of breath from people in the class.
“Did he send you to spy on me?” (very on edge if not a fight or flight response and everyone in the class is paying attention at this point.)
I told her “Nooo”. It was drawn out because at this point I’m baffled.
She responded with something very similar to, “Okay, so you aren’t going to go back to him and tell him that my class sucks are you?” I told her no.
At this point she gets a little more under control, and leaves to talk to the con coordinators. After a minute or two of awkwardly standing there, I decided that I would rather be a part of whatever conversation is going on and follow after her. [Student B] comes with me (this is the point where he involves himself). The con coordinator calms her down some.
[Student B] explains that we had no knowledge of your and her “beef” and didn’t want to get into, that we were just there to learn.
She says, “Well, if you truly here to learn then you can come to class.” The way she said this was a mix of suspicion and begrudgement.
She leads and we begin walking back to the class. [Student B] pulls me aside and we discussed quickly how we were uncomfortable with the situation, how she had behaved unprofessionally, and that it would be best for us to not attend the class. This took a minute or so, enough time to be noticeably delayed from reentering the class room.
When we reentered the classroom, I heard her say “Oh, there they are”. [Student B] goes and begins to pick up his things. I believe it was at this point she said that you accused her of plagiarism, and she stressed that you lied. She hadn’t committed plagiarism and you lied about it. I got her attention and told her that we felt it would be best if we left, that we didn’t want to make her uncomfortable in her own class, and that we talk to her on Saturday morning (this never happened due to neither her, nor [Student B] and I starting the conversation). As I went to pack up my things she spoke with a someone saying that you had sent students to spy on her at BSides [edit: Nashville, not Jackson].
At this point [Student B] and I leave. The main coordinator thanked us being understanding (he was genuine about this. I believe he appreciated us not escalating the situation but attempting to diffuse it). [redacted a nice story about how CircleCityCon made it up to them, but might expose them more] and that’s pretty much it. [redacted post stuff].
Student B's account:
On Friday, the first day of the event, [Student A] and I went into Georgia's lecture after lunch. (We had not attended her first session as G had a meeting regarding his research and I had been at the keynote address and other talks.) We came in and took our seats to find out what we needed to get started and determined we needed a VM environment. [Student A] went to Georgia to get a flashdrive and see if there was anything else we needed.
She started to explain and then caught that [Student A] had an MSU shirt on and proceeded to say "You are from Mississippi State. Did Wes McGrew send you to spy on me?"
She then explained to the class of 30 or so people that you had accused her of plagiarism and that you had sent students to spy on her in the past. She seemed to be thinking for a moment then left the room. [Student A] and I briefly discussed what was happening then followed her out.
When we found her, she was talking to the event staff and was finishing explaining what was happening. I interjected and told them that [Student A] and I were not there to spy but we had come to the conference to learn and meet people and that we were not here to cause drama and would not attend her class if it made her uncomfortable.
The event staff asked us why we were late (we explained) and they then told Georgia that it was her decision as to whether or not to let us in. I told Georgia that previous to her announcement to the class that we did not know her relationship to you and had only come to learn not to get in whatever beef was between the two of you. She said (grudgingly I think because the staff was still listening) that we could come.
As we walked back towards the class [Student A] told her that we could tell that she was uncomfortable and that we would talk with her at the beginning of the next day about coming to class (we did not talk to her though.) We went into the classroom and got our stuff and went back outside to where the event staff were.
[Student A] and I discussed emailing you and telling the event staff that we felt that what Georgia did was unprofessional, but ultimately decided not to say anything until later (I did not want to risk being thrown out because I had spent a significant amount of money to be able to attend) and that we would represent MSU better by continuing to go to other talks and acting more like professionals than she had. [Redact same feel-good-but-identifying CircleCityCon story].
This is my account of the events that happened to the best of my memory, feel free to use whatever you like however you like.
Some points about the above accounts:
- It sounds like Circle City Con handled his about as well as they could have given the situation, and I really appreciate them treating their guests from MSU so well.
- There appeared to be no protest about them being late until they were identified as my students.
- Student A's statement that "[t]here was an audible intake of breath from people in the class" when he stated that he was my student precedes either student's account of her informing the class about what she thinks of me. Student A may be mistaken, but it seems likely she had already been talking about me at some point before they even arrived.
The accusation that I've sent spies to take her classes is ludicrous. Especially with regards to BSides Jackson. I didn't know who she was before BSides Jackson 2012, so I couldn't have mustered a spy to attend on such short notice, and I never saw her at BSides Jackson 2013 (and I'm certain she didn't teach a class there).This was a typo on the Student's part. He has corrected it to indicate that it was BSides Nashville, not Jackson, that I allegedly sent spies to. Georgia did indicate that at least one MSU student was on the waiting list for her class in Nashville, which I confirmed with BSides Nashville's organizer. I have no idea who it was though. If I wanted to see her course material, I'd simply sign up and pay for a class myself.
- How much of the other attendees' time was wasted on her reaction? Arguably more than it would have taken to briefly inform the students on what they needed to do to catch up on their own, or to simply ask them to leave.
- I'm unbelievably proud of how professional our students acted in the situation, and their concern for how they represent MSU. They (rightly) recognized the situation as being volatile and defused it rather than let it painfully escalate.
I contacted Georgia for her comment on this, and had a long conversation with her, but later on she stated that I could not quote her on any of it. I will respect that. While simultaneously trying to not misrepresent what she said and not quote her, I will present the points she made, with my response:
- They were 7 hours late. (It's a two-day training, they're fairly familiar with the basics, and had scheduling issues that prevented their on-time arrival. From their accounts, it sounds like they at least arrived at a time that did not disrupt the flow of class, and did not interrupt.)
- She did not have time to set up students who were behind. (I agree she shouldn't spend any time getting them "caught up", but I don't believe they insisted upon her doing so)
- The class was full. (One seats appear to have been available, though I agree the other student probably shouldn't have stood if no one else was standing. Could be my fault, as I have told my students I don't mind people standing in the back of a classroom to stay awake. I concede they were perhaps unaware of pre-registration, though it doesn't seem like they was any mechanism for them to know that going into the room)
These would be excellent arguments for denying these two students entry into the class, if presented to them in a polite and professional way. It does nothing to address how she treated them upon finding out they were associated with me, and simply distracts from the fact that there was no incident until she noticed one of them wearing Mississippi State apparel. I never could get a straight answer when asking her if she'd accused them of being spies or claimed that I had previously sent spies.
I also contacted Circle City Con, whose organizers have promised to look into it and get back to me, though honestly I believe they're as much of a victim in this as anyone. Deferring to the teacher for allowing a student in the class is about the best they can do, and they really treated the students well after the incident. Both students have told me they enjoyed the conference, and it seems to be a class act.
It is my opinion that this is not acceptable for someone who provides training, and should be considered when one thinks of taking one of Georgia's classes, or signing her on to provide training at a conference. Students shouldn't have to be mindful of who they have associated with in the past when they attend events at community-centric events. It reflects poorly on her, the events at which she provides training, and the information security community as a whole.
Speaking at DEF CON 22
Chinese Military Hacker Indictment
Very quickly, and without much comment yet, as I haven't dug into it much myself, here is the PDF for the indictment of the five Chinese military hackers that the Department of Justice announced today:
If you like following stories like this, I highly recoommend ...read more
Initial Look at FireEye's Saffron Rose Report
FireEye just posted a new report, Operation Saffron Rose on a likely-Iranian-based hacker group, Ajax Security Team. It's always interesting to read reports like this as they come out, and try to see what you can find on Google and various malware-related sites before all of the search results ...read more
A few notes "...the Importance of Originality and Citation"
It has been brought to my attention that specifically mentioning the plagiarism incident involving the first edition of Dissecting the Hack in my previous post, On the Importance of Originality and Citation, might be considered unfair or insulting to the author, Jayson Street. While I have not heard personally from ...read more