Ligatt, Moralism, The Law, and The Batman
Recent events have brought some interesting ideas to the fore as well as situations that some are grappling with. The catalyst for all of this is the Ligatt hack. Ligatt, for those of you not playing the home game, is the name of a company in Atlanta GA who’s CEO is named Greg Evans.
Evans has for a long time, been a joke in the security community at large, but this last year, he decided to up his game and put out a book called “How To Be The Worlds #1 Hacker” This title of course got people interested and Ben Rothke, a security researcher decided to review it. What he and others found was that great swaths of the book had been plagiarized from other researchers books and articles across the security sphere.
What has commenced since then has been a free for all of litigiousness as well as outright lying and machinations on the part of Evans to bully those who called him on his plagiarism. The height of which was a law suit against 25 ” stock bashers” as he and his lawyer termed it. That suit was a tort suit and was aimed at silencing his critics. This however did not work. The suit was lost by him and all that remains now is a decision on how much Evans will owe in legal fees for the defendants lawyers fees.
But… Evans would come back again and again. He would perniciously attack those same people he had tried to sue with more threats of legal actions as well as physical threats. He then turned to making t-shirts with “I’m a Racist Hacker” on them with Chris John Riley’s picture on them. Lastly, he bought the domain names of whoever he could, and re-directed their domain names to his personal site where he had created pages for each person/personae. What was worse, was that each page claimed that the individual “recommended” him as the worlds number one hacker or as an infosec speaker.
There were other antics and much bloviating but, you get the point. It had become plain to us all that nothing we could do to Evans would change his ways. Nothing we could say or do would stop him being who he is.. He is the equivalent of the infosec worlds Joker. Not the joker of the Dark Knight films, but more like the goofball on the animated series. Just dangerous enough, to be a threat to the community but not one that would kill us all.
And that’s where we were until the escalation started.
First there was Ligattleaks. A novel idea, but one that has been done. Ligattleaks encouraged the insiders to leak the real story behind the facade that Evans put out unceasingly on YouTube and in endless press releases. It had seemed that Ligattleaks was starting to get people to talk, but wasn’t coming up with any real data. Until recently, when an unknown finally had had enough and leaked his email spool file.
Was it hacked? Or was it a leak? What would the data within the file hold with regard to Evans’ wrongdoings? The file was released on the internet in torrent form and began to be downloaded and seeded. It was out, and the leaks began showing up on pastebin with more rapidity. Ligattleaks took on the role of being the single location for anyone to look to find all that data that had been posted and something amazing happened…
Evans has been silent.
Blissful silence, no videos, no press releases, and no more escalation on his part claiming to be suing everyone in a higher Federal court. Perhaps his time is up we all thought, and then the Twitter feeds started up with the moralizing about the ethics of what had been done and what was happening post the leak of his data. The hand wringing had begun and to that I must respond.
Ligatt will not change. Ligatt will continue on his way and he will only become more bold with each success he has. Legal means have been sought as a remedy, but this guy has used the system so well and so long, that it is impossible to make things stick to him. He is in fact the civil court version of the “Teflon Don” Sure, he loses many of his cases that he brings to the court, but in the process he harms those he decides to use tort law against for his own personal goals. He just keeps on with his criminal behaviour and there is nothing the police can do. In fact, in this case, Ligatt/Evans have skated for quite a long time. Not even the FBI or the SEC could get the dirt on him… Yet.
Sometimes it takes extraordinary means to effect the ends for the good of others. In this case, someone either leaked that data to the Internet as an insider, or, someone hacked Greg and Ligatt and put the data out in the open. Either way in my eyes, the ends justified the means. In as much as has been leaked on the Internet so far, some interesting patterns of behaviour have turned up. More litigation manoeuvres have been released and we all have seen just how well he uses the system to cause others pain. So, if that data, now out in the open, prevents him from doing more harm, so be it. No matter what means the data was obtained. What we can hope for though, is that those who are in possession of the data do the right thing and redact information that will harm others, even those he does business with.
So, for those who are hand wringing about the hacking that may have gone on and the ethics within our community as we laud whoever it was, let it go. It’s done and it has possibly put at least a temporary stop to the particular brand of crazy that is Gregory Evans.
Sometimes the world needs a Batman.