Does no one do any fact checking anymore? Is it no longer considered fashionable to check who you are interviewing? Dan Raywood wrote a story for SC Magazine which ran today about the Hersey company (Editor Note: SC Magazine UK has removed the quote from the online article) being hacked by a chocoholic. Did SC Magazine think, “hey, I know, let’s see what bottom of the barrel “hacker” type we can find to interview”.
They called Gregory D. Evans.
Don’t know who this is? Here is an excerpt from Attrition.org:
A supposed “hi-tech hustler”, “WORLD’S NO 1 HACKER” and convicted felon (Bureau of Prisons #13432-112), Gregory Dante Evans has invented himself as some form of hacker with the ability to break into anything and spin that supposed knowledge into advising companies on security. In reality, Evans and his company have little real knowledge beyond pedestrian hacking techniques found in plagiarized books and beginner hacking texts. His company, LIGATT Security International, offers a “suite” of products that are bloated version of common tools such as ping and nmap. Evans, who plagiarizes content rather than write it himself, is over US$11 million in debt due to his own history of crime and his inability to run a company. Every press release, every video cast, every public communication is full of discrepancies, half-truths and outright lies.
For more on this, Fast Company wrote about Evans and his plagiarism efforts.
Jericho isn’t the only one to note Evans’ widespread word theft. He got wind of it from a book review by Ben Rothke, an information security manager for Wyndham Worldwide, who ran text from How to Become the World’s No. 1 Hacker through the iThenticate plagiarism scanner and found thousands of words from other sources. The Register, a British tech publication, also reported on the wholesale plagiarism, pointing out that Evans included screenshots that cited the original author. In addition, it questioned other Evans utterances, including his claim that he acted as a mentor to hacker Kevin Mitnick while they were both in prison. Mitnick denied it, calling him a “hustler, a grifter.”
SC Magazine doing charity work?
If anyone should know better it would be an industry publication. One would hope anyway. This is a perfect example of cyberdouchery.
Bravo SC Magazine.
/me golf clap
Bravo.
UPDATE: SC Magazine UK quietly deleted the quote from Gregory D. Evans from their article. Here is the original copy (.pdf) from their mobile site. I noticed that the Google cache of the article has been removed as well. Stay classy.
UPDATE 2: Received a response from Dan Raywood.
(Main image used under CC from Mike Schmid)
Hi Dave
Ok thanks for the post, most of which I found to be interesting. To give my side of the story, I get contacted almost daily with spokesperson opportunities for any number of security related issues which keeps me (and others in similar positions) very busy – needless to say using spokespeople is an interesting business and there is a reason why a bunch of people get quoted constantly, because they are reliable and insightful.
Among those spokespeople are a large number of vendor-based researchers, White Hats, even hacktivists (I interviewed Anonymous last year). I am always looking for new spokespeople who can offer a new perspective, a different angle for a story.
This week I was contacted by someone representing ‘an ex-hacker’ and with several White hats in my contacts list already I decided to take him up on his offer. I asked him some questions on the hack and was given some perspective, I also recieved some vendor-side comment from a network security company I had initially approached.
So I decided to run with this comment as it offered a different perspective on a story that we hear of time and again – website hacking.
Now in a week when the tech media got stung by a hoax (the IE IQ story) and we were shown that more research should be done, I appreciate that the appearance and timing is a little unfortunate. In my defence though, if I spent time doing a background check on each spokesperson I would spend most of my time Google-ing and checking records!
Following the obvious disatisaction from yourself and some others at Gregory’s inclusion I decided to remove his comment, did I do it quietly? Yes, after all was there another way to do it without drawing further attention to a story that people were not happy with.
As for the future, well the tech media have been given a couple slapped wrists this week. Rather than being annoyed with your blog and hosting the original comment, I hope this serves to remind people that not every ex-hacker is who they say they are.
Dan Raywood
P.s. I have let the PR for Gregory Evans know why his clients comment was removed
Also just had a comment back from Gregory Evans’ communications person, who when I told I had removed the comment, said: “We’ve had problems with a few people, who for some reason, don’t like Mr. Evans”
Almost certainly related to Evans trolling journalists for quote opportunities:
http://blogs.csoonline.com/1621/ligatt_security_gregory_evans_and_the_damage_done
@Dan “who for some reason, don’t like Mr. Evans” < freaking brilliant!
@Dan I appreciate the comment.
I will be brief by saying that in a case like this a mea culpa would have been appropriate, as you’re doing now. I appreciate that you are busy but, to be fair, fact checking is a required practice as we saw with the bogus IE story last week.
Mistakes happen. We need to own up to them when they do.
@Michael yes, and see who fell for it!
@Dave understand, my thought when seeing your and other reactions was to get the offending material out of there. But yes you are right, my mistake all the way and I know it will not be the last I make, but it is good to know that things can be sorted properly and efficiently. I also hope that this is not the last time we speak, as there is a lot I can gain from you.
@Dan Thanks.
Next time we cross paths, the first round is on me.
This is the highly unfortunate side of modern “journalism,” without a stringent editorial process. We are awash in information, but the quality is steadily declining.
I’m surprised that a writer for a security publication was unaware of Gregory Evans and his negative reputation. You have to wonder how else SC Magazine is out of touch with our industry.
I’m also shocked at Mr Raywoods response that if he “spent time doing a background check on each spokesperson [he] would spend most of [his] time Google-ing and checking records”. Is fact checking not an essential part of journalism? Really, how long does it take to Google someone? I typed in GDE’s name and the first entry that didn’t point to gregorydevans.com was Attrition’s Charlatan page (http://attrition.org/errata/charlatan/gregory_evans/). I believe that 60 seconds should have been enough to dissuade a responsible journalist from giving Evans the time of day.
“I’m an airplane technician. Sorry I didn’t check the lugnuts on the plane your daughter just took off in, but I’m awash in the busy and can’t hit all my fundamentals each time.”
Cheers to Dan for owning up, but the media passed off this IE IQ FAIL as if it was all a funny joke and they don’t utterly suck at their jobs, the first part of which involves a BS detector. This is the third time today I’ve seen the excuse, “Well look who else failed.” TAGG above is more eloquent, but for some reason this IE IQ was the straw…
Nobody sees the irony in Mitnick calling Evans a hustler? Pot, meet kettle.