Readers of Yahoo Finance were treated to the following wackadoo press release on Friday: National Cyber Security Uncovers Racism Within the Computer Security Industry. In our article Friday we made a case for a better title: “Ligatt Discovers that People Don’t Like Being Plagiarized”. The web site referenced, National Cyber Security by Ligatt, is a not so subtle take off of the name of the National Cyber Security Division (NCSD) in the Department of Homeland Security. This “National Cyber Security” is another strange project from confidence man Gregory Evans of Ligatt Security.
Here is the stated mission:
“National Cyber Security is the number one cyber security related reference and news portal. It is their vital mission to help secure not only the nation, but the world from cyber criminal threats being faced daily. Their references include a cyber security watch news, blogs written by cyber security professionals, cyber security links, and email correspondence to their professionals who help protect website visitors from any cyber threat.
But with fake reporter profiles, plagiarized articles, dubious cyber-terrorism experts, bizarre biographies of other people, and a site riddled with security flaws: the actual message of the web site is overtaken by a subtler truth about charlatans in the information security industry.
“By purchasing National Cyber Security, we will be able to partner with fellow computer security experts like Grey McKenzie to be a force against cyber-crime.” – Gregory Evans
McKenzie was part of an anti-keylogging product called SpyCop that appears to have gone dark or continued under a different form according to forum posts. Strangely, while McKenzie lists himself as creator of the National Cyber Security Portal, he lists no affiliation with Ligatt on LinkedIn. It appears the site was purchased by Ligatt on 3/31/09 and redesigned, although the original site had republished news stories as well.
IronGeek has done excellent job making the case against Ligatt’s plagiarism on this web site with the following Youtube video which amusingly begins with Evans stating that the site is “all original content” not stories gathered through “Googles”:
It is sad when you can’t even steal effectively. The answer is both, this picture is of J.L. Smith aka Judith Pugh, author of Reporting for Doodie, One Grandmother’s Story of Commitment, Frustration & Unwavering Love and not a National Cyber Security author.
Riddled with Security Flaws
The site was victimized on Friday by a vulnerability allowing for what appears to be a persistent XSS attack that allowed whoever exploited it to replace the picture of Gregory Evans with a picture reference to Epic Fail Guy, itself a pseudo reference to ‘Anonymous’, Guy Fawkes, et al.:
The flaw that allowed this is in addition to numerous cross site scripting (XSS) issues on the web site:
http://www.nationalcybersecurity.com/search?Query=%3CIMG+SRC%3D%22http%3A%2F%2Fattrition.org /images/squirrel-mascot-iconL.gif%22%3E&fromSmall=true&searchWhat=searchAll&submit.x=20&submit.y=10& searchField=searchContentBody&searchField=searchContentBody
Is having these types of flaws on an information security site the end of the world? We just wrote a story about F-Secure having something similar on their US site last week. The difference: F-Secure corrected the issue, and wrote a post describing the problem, within twenty four hours of notification. Web site injection flaws are common, security companies will have them from time to time, and the key to deriving meaning from such stories is evaluating how the security firm responds.
Edmund Burke once said, “All that is necessary for evil to triumph is for good men to do nothing.”
Filed Under: Industrial Complex