Tekblog

To Whom It May Concern:

Hello, my name is Kris French Jr., better known through the online moniker of BlueShellSec.  I am an Information Security blogger and the administrator of the website http://BlueShellSec.com.   However, more importantly, I am an active and deeply concerned member of the Information Security Community at large.  It has come to our attention that your organization has accepted Gregory Evans of Ligatt Security International as a speaker at the Sixth International Conference on Information Assurance and Security 2010.  The purpose of this letter is to ask that you reconsider allowing this man to speak.  It is my personal belief, as well as that of many others in the community, that this man is, at best, a poor example of what an Information Security professional should be.

This man has shown low moral character time and time again.  His exploits are well documented throughout the web.  The best compilation of these exists on the Attrition.org website.   As you can see on the site, his offenses are numerous and serious.  I realize this site would take an impractical amount of time for you to sift through, so I will summarize the most egregious of these below.

Gregory Evans, as you’re probably aware, claims to have written several books; the most notable of which is How to be the World’s No. 1 Hacker: Short and Simple.  Since the book’s release, Evans has been accused of plagiarism by several notable members of the Information Security community.  Following these claims, the book was analyzed by Ben Rothke of the RSA Conference using the iThenticate software (http://bit.ly/9HZE31, http://bit.ly/dvagcI)  As you can see for yourself in the links I’ve provided, the software produced results beyond what anyone was expecting.  The book is shown to be almost completely plagiarized.  Evans defends this by saying that he used several ghost writers in the process of creating this book and that all original authors were informed they would not receive credit for their works, only a fixed payment.  This, however, has been shown to be false as several of the authors were contacted and deny any such payment or communication of any kind.  TheBaskins.com has also done an analysis of the book, completely independent of the RSA Conference and Ben Rothke’s influence.  Their report can be found here: http://bit.ly/d15eir.

An important quality in any Security professional would certainly be that of honesty.  Despite this, Evans has been caught in his lies an incredible amount of times during the previous few months.  Here I will list the three which I believe to be most important to our community.  One of the basic certifications of the Information Security world is that of Certified Ethical Hacker.  Although Evans has claimed many times over that he is a holder of this most basic of certifications, this has been shown to be a falsehood. (Source: http://bit.ly/cR9672)  He has also been found lying about holding several other honors and certifications including: CISSP (http://bit.ly/9aqJFm), CISA/CISM (http://bit.ly/dpXylr), Teaching Credentials (http://bit.ly/b1hqTd), Licensed Private Investigator (http://bit.ly/9Xqw9g), and CFE (http://bit.ly/9N7BCP).  Evans claimed at one point that Keith Flannigan of USGMI had accepted a position on Ligatt’s board of directors.  Mr. Flannigan denies this claim outright.  (Source: http://bit.ly/deGVIB)  Finally, Mr. Evans has claimed to not only have befriended, but in fact, mentored one of the world’s most famous and influential hackers, Mr. Kevin Mitnick.  Mr. Mitnick does not deny meeting Evans, but he claims that is where the relationship between the two comes to a close.  “He certainly didn’t take me under his wing, whatever that means. I didn’t really discuss my case with him because you don’t discuss your case with other people in jail because they’ll become informants.” Says Mitnick.  (Source: http://bit.ly/bS633G)

I now bring you the final and most disturbing of the events thus far in the Ligatt saga.  On June 16, 2010 noted Security blogger, Chris John Riley of the Eurotrash Podcast was threatened by Gregory Evans himself.  Mr. Evans, of course, denies the allegation, even with all evidence pointing to the contrary.  I will spare you the gory details and allow you to read the evidence and decide for yourself (http://bit.ly/cgJw3k).   Needless to say, this is at best, unprofessional, and at worst, a lawsuit waiting to happen.

Given the evidence presented, I implore you, on behalf of the Information Security community, do not allow this man to speak.  Do not allow him to garner further media attention of which he is clearly unworthy.  Do not allow this man to be shown as a representative of the Information Security world at your conference, or indeed, any other.  This man does not personify hacker culture; he is not one of us, he is not worthy of that title.  Mr. Evans is a charlatan and nothing more.  Do not give him the honor of gracing your stage.  There are many more worthy speakers, especially in the Atlanta area.

I thank you for your time and consideration and urge you to research this issue further on Attrition.org and elsewhere and to decide for yourself: is this a man that you really want presenting at a conference such as yours?  I hope you will agree with my assessment and that of the hacker community of which I am a part.  I bid you good day and the best of luck with your conference and all future events.

-Kris French Jr.
BlueShellSec.com

Thanks to Kris French Jr. of  Blue Shell Security  - please alert all infosec/security/tech event organizers