• United States



What would Salvador Dalí make of LIGATT and LulzSec?

Jun 08, 20114 mins
Data and Information Security

This whole to-do about LIGATT vs. LulzSec is the stuff of a Salvador Dali painting. Too bad he’s not around to enjoy it.

I’ve always been a fan of Dali. His “Persistence of Time” painting was a favorite. I had a poster of it hanging from my bedroom wall during college.

You might be wondering how the heck I’m going to connect this to what’s going on with LIGATT and LulzSec. The answer is simple: These two entities have warped the fabric of information security.

The industry has never been as black and white as the good guys (security vendors, white hat hackers) against the bad guys (botnet herders, organized crime and the black hat hackers they employ). That’s probably one of the things about security that attracts people to it as a career choice: There’s enough gray to keep it interesting.

But these two entities represent the gray zone in the extreme.

In one corner is LIGATT, a security company whose business practices and credibility have been called into serious question all year. In the other corner is LulzSec, who plays itself up as a Robin Hood-like band of hackers who just want to expose the vulnerabilities of big companies and have fun doing it.

A string of posts on the Infosec Island website show just how surreal these guys have made it for the rest of us. First came a post about a press release where LIGATT claimed to be hot on the trail of LulzSec, followed by a post where LIGATT’s Gregory Evans decried the press release as a fake designed to further tarnish his company’s reputation. You can see both articles HERE.

From the first article:

Sometimes there is a strange convergence of elements in the daily news cycle that defies reason and challenges the depth of one’s own imagination – this is one of them.

Gregory Evans, infamously known as the self-proclaimed “Worlds #1 Hacker” and CEO of the much-maligned LIGATT Security, claims to have successfully doxed the hacker collective known as LulzSec, and promises to publish the information sometime soon.

LulzSec recently claimed responsibility for attacks against Sony and PBS, as well as for the hacking of networks belonging to the Atlanta chapter of FBI affiliate InfraGard. The group defaced the organization’s website and exposed InfraGard’s email database.

的 have gone into their IRC servers and I have located names and addresses of users. Since the attack on Infragard I have felt that these guys need to be stopped,” LIGATT Security’s Gregory Evans stated in a press release.

LIGATT and Evans already have enough problems of their own making, and it seems counter-intuitive for the company to so aggressively invite more.

LIGATT Security had suffered an embarrassing hack back in January that resulted in the public release of as many as 80,000 company emails and internal communications.

Security industry pundits have for some time been highly critical of LIGATT’s business practices, and Evans has been the subject of well documented allegations of plagiarism.

And now it gets wierder. From the second article:

LIGATT Security’s Gregory Evans returned Infosec Island’s phone call regarding an article we ran based on a press release issued at

The press release indicated that LIGATT Security had undertaken an investigation into the hacker collective LulzSec in an effort to reveal members’ names and locations.

Evans confirmed that the press release was fake, and was not drafted or submitted my LIGATT security staff as indicated.

“It was completely made up, just like the LIGATTLeaks incident, and it’s all over the web,” Evans said. “That’s what makes your site different, you actually took the time to call us about it.”

“They took elements of our real press releases and used them. they even added the Safe Harbor Act,” Evans explained. “And we only use PR NewsWire, we never use Free Press Release.”

As Charlie Brown would say: “Good Grief!”

The other day I wrote a post critical of LulzSec. Exposing companies’ vulnerabilities the way they do disregards the law and common decency. My opinion is unchanged.

Meantime, I share the dislike many security practitioners have with LIGATT. The shady way they do things makes everyone else look bad. Security practitioners have a hard enough time as it is getting the respect they deserve from company execs. The drama sparked by the LIGATTs of the world makes that effort all the more difficult.

I like the surreal when it’s portrayed in art.

In real life, though, it’s just the mark of insanity.

— Bill Brenner

Sign up today.

Get your morning news fix with the daily Salted Hash e-newsletter!