The Fundamentals of Manipulating Perception Through Press Releases
Gregory D. Evans and LIGATT Security
Thu May 20 18:43:59 EDT 2010
attrition.org
0. Overview
Most information security companies offer products or services, have a client base and tend to
appear in articles or reviews based on merit. Invariably, if you offer something with real value
it will begin to advertise itself. Other than an initial public offering (IPO) or significant
event like a 'split', most companies rarely talk about their own stock. Some companies offer
penetration testing (i.e., "legitimate hacking") as a service, but wouldn't think of teaching
random people "how to hack" as the notion brings to mind a company arming the bad guys.
Company executives spend time building the firm rather than promoting their stock price.
Enter LIGATT Security, a "cyber security" company that breaks the mold entirely. Led
by convicted petty criminal Gregory D. Evans, LIGATT is engaging in an aggressive media
campaign designed to influence their almost non-existant stock price. By using press releases,
Twitter and non-discerning media sources, the only thing LIGATT seems to do on a daily basis is media
whoring, not providing security services.
1. Press Release Post-mortem
"With all the media attention the company receives, LIGATT Security
International will be a house hold name in the next 12 months." -- Gregory Evans
Thanks to $75 and the PRNewswire, anyone can create their own
"media attention" and blast it out to the world. Pay for enough of these articles, that are mostly a few
weak paragraphs followed by boiler-plate disclaimers, and a company can fill it's "Press Room".
This may give the perception of "media attention" to someone not familiar with PRNewswire and unable
to recognize that every press release appears to be written by the same person, in the same style
and uses the same format.
To build on the wave of "media attention", LIGATT bought space on billboards in key cities where their
shareholders live to give the perception that they are a bigger and more prominant company. Not wanting
to miss a chance at spin, Evans headlines it with
"teaming up with Clear Channel Outdoor Holdings" when it is
nothing more than LIGATT signing a contract to purchase billboard advertising. From the press release:
ATLANTA, GA-May 4, 2010 - LIGATT Security International, (OTC: LGTT) a cyber security company, is proud to announce their contract signing agreement with Clear Channel Outdoor Holdings (NYSE:
CCO) to start new media advertising.
Clear Channel is an American media conglomerate company that specializes in radio broadcasting, concert promotion and hosting, and fixed advertising in the United States through its subsidiaries. Clear
Channel is the largest owner of full-power AM, FM, and shortwave radio stations and twelve radio channels on XM Satellite Radio, and is also the largest pure-play radio station owner and operator.
"Starting this new marketing campaign will give our products and services the visibility we need in order to move to a more national platform," says Evans. "This also helps build current and potential
investors confidence in LIGATT Security. Our shareholders in the cities we are advertising in will be able to drive down the street and see that even though we may be a Pink Sheet company, we are a real
company competing against the big boys," comments Evans.
After headlining with "teams up with", Evans goes on to describe Clear Channel, not their
subsidairy Clear Channel Outdoor Broadcasting. This gives the impression that LIGATT
has partnered with Clear Channel, when the advertising deal has nothing to do with either company any more than your relationship
with the grocery store you frequent. One line of this press release does merit attention though:
"Over the past couple months we have worked really closely with our accounting department to make sure that at least 40% of our budget goes to our advertising and marketing department," says
CEO of LIGATT Security International, Gregory Evans.
A company spending 40% of their budget on advertising and marketing should be a warning flag and fully
explain the so-called "media attention" Evans touts. According to Entrepreneur Media,
there is a
recommended minimum and maximum budget for marketing that likely doesn't come out to 40% for LIGATT.
According IDC reports as quoted by marketo, tech companies
typically spend between 3.6 and 6.5% of their budget on marketing.
In
another press release, LIGATT announces their "teaming up" with a search engine to offer a "Caribbean Cyber Security Seminar and Workshop".
Search-Caribbean is "A Custom Search Engine for the Caribbean" and has no obvious ties to
computer security. Apparently, they do have a tie to the locale so LIGATT has "teamed up" with them and morphed the whole thing into
a grand event:
"After meeting with key decision makers in the government and the private sector, there was one commonality that was identified," says Rodney Ollivierre, Government Consultant. "All areas of
our economy would love to move into more ecommerce, but the fear of hacking cripples those efforts. By using their unique expertise and wide variety of services, I believe that LIGATT Security
International is the perfect vessel to help move us into this new age E-Commerce."
Currently a host of government officials, law enforcement agents, banking institutions, and business owners have already confirmed their participation. The two day seminar and workshop will include
educational sessions on topics such as, No More Fear for E-Commerce, Identity Theft, Password Cracking and Recovery, and Computer Crime Investigation. The workshop session will include topics and
demonstrations on How to Protect Wireless Networks, Computer Forensics, and Computer Security Audits Penetration Testing.
This important quote by Ollivierre, only identified as a "Government Consultant", is suspicious as that title is meaningless in the security world since tens (hundreds?) of thousands of people have
provided consultation to governments. One has to wonder if this is the same Rodney
Ollivierre mentioned in the article. Moving past that level of spin, the press release goes on to make what is likely a provable lie:
Gregory Evans is a world expert in the field of Cyber Security, and the featured facilitator for this event. Evans has guided the company to spectacular growth. The company has currently
conducted more security penetration tests - designed to evaluate the effectiveness of a business information system's defense against intrusion by hackers - than any company in the USA.
If LIGATT will publish the number of penetration tests it has performed, we are confident that several other companies can confirm they have performed
a substantial amount more. While using lingo such as "recognized leader" and "world expert" is very common and vague enough not to be (easily) proven
as factually false, this claim of penetration test numbers moves into the realm of absurdity. According to the LIGATT site on December 14, 2007, they claimed
"We are proud to announce that we have become the masters in computer security audits, with over 200+ security audits done within a 365 day period and a 100% success rate!" With
this number, we can personally vouch for this not being the most penetration tests performed in 2007.
If all of the press release spin is giving a negative impression of LIGATT, then move on to the press release
about Lunarline and Mantech that has absolutely nothing to do with LIGATT. Looking past that, Evans and company
filed a press release just to announce their ability to fill out a basic form granting
them the ability to receive government contracts. Of course, that is only if they actually win a bid or find their way into a sweetheart
no-compete deal.
It should be noted that many of their press releases come with an additional disclaimer before the standard Safe Harbor Act message, assuring you
that they do not use stock promoters or outside investor relations firms. I believe they add such a message because their press releases, stock activity and "media attention" show many of the same signs as
seen by fraudulent pump-and-dump stock schemes.
***This press release was done in-house by a LIGATT Security International staff member. LIGATT Security International never has and never will use stock promoters, or outside Investor
Relations firms.***
2. Silly Twitter Campaign
LIGATT Security International began tweeting on October 13, 2008 with an informal style
linking articles, engaging in social conversation and even offering to help with computer problems. Over time, the tweets appeared to be
done by multiple people and expanded to include motivational quotes, stock activity and events related to Evans or LIGATT. Aside from the
abundance of CAPS, it appeared to be a fairly normal corporate Twitter feed. However, mixed in with the above were little nuggets of technical wisdom
from the person claiming to be the "World's #1 Hacker", comments you don't see on most corporate feeds, as well as Evans losing his temper.
Early tweets even demonstrated some questionable advice, saying that "social engineering tricks .. the system into letting you in the system", when it is a human-based
attack, not a technical one. Eventually these pro tips turned into a twitter campaign to teach
people hacking 140 characters at a time. When called a 'douchebag', presumably Evans got riled
up and lashed out with a "your mother" insult. Of course this type of tweet doesn't really
bestow a professional image on Evans or LIGATT, but neither does the excessive use of CAPS,
ultra-nano stock activity or dozens of other tweets the past couple of years.
LIGATT apparently didn't keep up with the world of defeating CAPTCHA implementations,
telling one person that "adding captcha images [..] will definitely stop spammers" despite
methods being around for a year to defeat many common implementations.
When not doling out solid technical advice, LIGATT was airing workplace drama in the form
of talking about the recently departed.
One of Evan's proudest services is the 'SPOOFEM.com' site that lets you spoof caller
ID for various reasons. That leads one to wonder why he would ask
"Does anyone prank call/text/email anymore?". In a somewhat cryptic message
that begs the question of LIGATT's own technical management, they call for
"all CTO, CIO and IT
Managers to be fired".
In a curious change of names,
"Cyber Defense Systems Changes Name to SPOOFEM.COM and Gears up to Focus on International Homeland Defense".
Personally, the first sounds more appropriate for "homeland defense", international or otherwise.
Perhaps a first move in this campaign is LIGATT
"[introducing] its first firewall: Cyber Crime Fighter IPS". Firewall, IPS .. same difference.
On may 5, 2010, LIGATT
announced a new daily Twitter campaign to teach people how to become a hacker in 15 minutes:
ATLANTA, GA-May 5, 2010 . LIGATT Security International, (OTC: LGTT) a cyber security company, announced the launch of their first social media campaign that will inform their followers on how
to become a computer hacker in 15 minutes. The concept of this campaign is to educate LSI's followers how to think like a computer hacker.
Beginning May 12, 2010 LIGATT Security will began to tweet daily tips on how a person can hack into an individual's wireless network. How to Become a Hacker in 15 minutes is a series of security
applications prepared by the world's no. 1 Hacker, Gregory Evans. This short training course displays how a hacker can find anyone by their email address, and how to hack into a personal computer to
steal an individuals' personal information.
The twitter messages will include step-by-step instructions on how to become a computer hacker so that LSI's twitter followers will be able to protect their wireless networks from being hacked.
It's one thing to teach someone some steps used in hacking, but another thing entirely to teach someone the hacker mindset. Limiting yourself to 140 character tweets to try
to teach someone a psychology just doesn't happen. In addition, the press release is curious with wording, going from "how to hack into a personal computer" to "LSI's followers
will be able to protect their wireless networks". What about their wired network? Their Internet connection? Based on the press release, consider the first two lessons and consider
if they are meeting their stated goal:
After three "days", all we get is a high level overview that can be found in any pedestrian hacking book that largely copies
the same material from other pedestrian books that largely copied
liberally from sources on the Internet or the first generation of security books. In short, this Twitter campaign is a marketing gimmick at best,
a disservice to LSI customers at worst.
Not one to miss a media whoring opportunity, Evans conned Chris Sweigart of WXIA 11Alive News in Atlanta to run a whopping
three paragraph puff piece on the "news". This began the
cycle of additional media whoring via tweets
as well as the LSI press release. Seriously, this is news?
3. Employees, Directors, Offices and Illusions
Companies trying to break into a market must compete with established names and competitors with large
resources. It is common for a new startup to take steps to appear as if they are a larger, more established company.
This gives potential customers a certain level of confidence that the company is secure, able to provide advertised
services and won't vanish the next day. While such activity is generally accepted, at a certain point these
steps cross over from managing perception to outright lying.
3a. Employees
Depending where you look or who you ask, LIGATT has between 6 and 60 employees. Their website claims 60 while their
LinkedIn Company profile "key statistics" says 25 while listing "(7 total)" current employees and only showing 6. Scouring
the various resources, a sizable list of names can be found. However, almost half of them hold or held a position
related to marketing or public relations.
| Name |
Position |
Status |
Reference |
| Gregory D. Evans |
CEO and Founder (Web)
Managing Director (LinkedIn Profile) |
Current |
About Us - Leadership Page |
| Kendric Embree |
Director of Business Development (Web)
Assistant (LinkedIn Profile) |
Current |
About Us - Leadership Page |
| Quinton Ash |
Head of Software Development |
Current |
About Us - Leadership Page |
| Roman Koyfman |
Software Development |
Current |
About Us - Leadership Page |
| Edward Mitchell |
Head of Cyber Investigations |
Current |
About Us - Leadership Page |
| Chicoby Bates |
IT Administrator |
Current |
About Us - Leadership Page |
| Dallas Solomon |
HR Director |
Current |
LinkedIn |
| Dami Kabiawu |
Chief Financial Officer |
Current |
LinkedIn |
| LaKesha Wilson |
President and Chief Operating Officer |
Past |
LinkedIn |
| Denfield Baptiste |
Computer Engineer |
Current |
LinkedIn |
| Shalynndra Thompson |
Human Resources Director/Office Manager |
Past |
LinkedIn |
| Dereck Heim |
Security Analyst |
Past |
LinkedIn |
| ?? |
Consultant (Engineer, MIS, CCNA, CCDA, ITIL) |
Past |
LinkedIn |
| Jeremy Wolfe |
Marketing / Web Development |
Current |
About Us - Leadership Page |
| Lea Bargen |
Marketing Intern |
Current |
LinkedIn |
| Amanda Duggan |
Public Relations Assistant |
Current |
LinkedIn |
| Katrina Highsmith |
Director of Public Relations |
Current |
About Us - Leadership Page |
| Ashley Blakely |
Assistant Public Relations |
Current ? |
LinkedIn |
| Sheehan Toufiq |
IT/Marketing Intern |
Past |
LinkedIn |
| Laura McGarey |
Assistant Public Relations Director |
Past |
LinkedIn |
| ?? |
Public Relations Intern (1) |
Past |
LinkedIn |
| ?? |
Public Relations Intern (2) |
Past |
LinkedIn |
| Marc Thalheim ? |
Social Media Marketing Coordinator |
Past |
LinkedIn |
| C. B. |
Spokesperson |
Past |
LinkedIn |
| Cymone Coker |
PR |
Current |
LIGATT Press Releases |
The sheer number of people engaged in press and marketing that have cycled the company calls into question LIGATT's primary goal.
Generally, new companies looking to grow their business hire sales representatives to sell their product or services, not the company image.
The heavy use of press releases and abundance of resources lends to the theory that
LIGATT is focused on managing public perception to increase stock value.
With Evans proudly claiming having "over 65 computer security experts on staff",
it is curious that only a couple technical workers can be found through LinkedIn and other sources.
3b. Board of Directors
According to their web page, LIGATT has a board of directors with two individuals on it: Stacy L. Merrell and Charles
Randolph Anderson. While Merrell and Anderson don't seem to have any ties to security companies, they both appear to have better business sense than Evans. A press release in April announced that Keith Flannigan
joined the board, but his name doesn't appear on the web page. The release goes on to extoll Flannigan's experience in counter-terrorism and list impressive-sounding credentials.
Giving second thought to the credentials raises more questions about Flannigan's experience and calls into question if his appointment
was strictly to give LIGATT some level of credibility in government circles. Coupled with LIGATT's
announcement of opening an office in Washington DC and
newly-found ability to receive government contracts, Flannigan's appointment certainly seems timely.
Looking at Flannigan's credentials, the following thoughts and questions come to mind:
- "62 schools" and "3,000 hours of training" "since 1995" works out to an average of each school being 100 hours long and Flannigan only
teaching for around 200 hours a year (~ 5 weeks). This average could just as easily be high level conference style proceedings rather than in-depth technical training.
- The Anti Terrorism Accreditation Board Certification Chairman is Keith Flannigan,
making his award for "Counter Terrorism Trainer of the Year" suspect. Is the award meaningful when he is the Certification Chairman on the board that gives out the award, since 2002?
- According to securityantiterrorismtraining.org (currently suspended, viewed via
Google cache), Flannigan's education includes a BS from Kent State in 2008, Masters of Pyschology from the University of Frankfurt in 2008 and a Ph.D in Philosophy (Political Science) from
"Northfield" in 2008. Three degrees in the same year, including a Ph.D from a university that doesn't seem to exist, or was
possibly run by a diploma mill, is more than suspect. Further, Kent State does not offer a BS in "Police Science", rather they
offer Justice Studies (BA) and
various political science degrees in their Law, Public Safety and Government curriculum. The LIGATT
press release says he "minored in Criminal Justice" which doesn't match his previously stated education.
3c. Offices
Perception is everything according to some. LIGATT Security International strives to give the perception that they are a large company with significant office space. According to the web site "contact us" page, their address on Peachtree Parkway "Suite 240" looks like a strip shopping mall. Looking at Google results and
Google Maps, we see a wide variety of businesses listed for "Suite 240" including Mindspan Systems Inc., Minitech Machinery, Pure Air Filtration, Patient First Transport,
888LIMOATL.Com, Builders Depot Direct and Doctor Kenneth Barnwell - Wellness Universal. With LIGATT's supposed "65 computer security experts" on staff, they must be a virtual company instead
of a conventional office space presence.
In April, LIGATT announced
their opening of a Washington DC office, "one block from the White House", as if physical proximity to the President gave them additional credibility. Looking
at the address of their new office, 1701 Pennsylvania Ave, NW, Suite 300 Washington, DC 20006 is part of the Carr Workplaces that offers virtual offices
to companies.
According to Google, this address is used by a variety of companies including International Green Energy Council, Capital Communications Group, Inc.,
Phase Legal LLC, the Embassy of the Republic of Palau and countless others.
With this Washington DC address in context, LIGATT's
first press release announcing the upcoming office opening and new President is clearly marketing fluff. A virtual office does little to "help move LIGATT Security to another
level", other than trying to manipulate public perception.
4. Conclusion
Between the flood of carefully crafted press releases, a silly Twitter campaign, employees and offices, it is abundantly clear that
LIGATT focuses on public perception considerably more than they do on offering quality products and services. Many security startups
run on minimal staff, dedicate more resources to marketing or sales, operate out of virtual offices and issue press releases to
get their news out. However, LIGATT takes these activities to a new level, using them to hide the fact they are a significantly smaller company
with more limited resources than they advertise. Worse, it calls into question their ethics and pushes the line between
"managing perception" and "outright lying".
