For over a year, Evans has made repeated claims that he is a "Certified Ethical Hacker", a security certification offered by the EC-Council. Evans uses this in PR releases, videos and bio paragraphs when engaging the media. For example, Evans' "Why GregoryDEvans.com is the No. 1 Computer Hacker" video displays the C|EH logo just 11 seconds in:
Examples of Evans' claim to be a CEH in biography and implication in an article he wrote:
Examples of Evans' claim to be a CEH in various press releases:
Evans goes so far to include the CEH logo as an "affiliation" in his Initial Disclosure Obligations to the SEC.
Evans' cybercrimedefensecard.com says "CEO of LIGATT Security International and creator Gregory Evans is now a Certified Ethical Hacker with ample experience in computer security and has created solutions to problems such as identity and computer theft."
To verify that Gregory D. Evans does not hold a Certified Ethical Hacker (CEH) certification, Scott Applegate and Bill Varhol from the EC-Council Scheme Committee checked their records:
From: security curmudgeon (jericho[at]attrition.org) To: Bill Varhol (bill[at]varhol.net) Cc: email@example.com Date: Mon, 21 Jun 2010 12:57:46 -0500 (CDT) Subject: Re: Erratata Attrition Hi Bill, : As requested in the email below, just wanted to touch base and let you : know I'm available. A 'Scott Applegate' posted a comment to an article on praetorianprefect.com a couple days ago, stating that he and other members of the EC Council Scheme Committee were aware of Gregory Evans plagiarism. He further says that Evans does not hold the CEH certification. Here is the URL and post: http://praetorianprefect.com/archives/2010/06/4305/#comment-10774 I have worked with Chris Gates in my official duties in the United States Army. I can verify that carnal0wnage is indeed Chris Gates. I can also verify that the work above is his work and not that of Chris Evans. Additionally, as a member of the EC Council Scheme Committee, I can verify that EC Council, and its President Mr. Jay Bavisi are aware that Mr. Evans has plagiarized a substantial amount of their material and have not brought suit only due to the projected cost of doing so versus the complete lack of return. That having been said, EC Council is preparing a press release to address this issue. Second, it should be noted that Mr. Evans displays the C|EH logo of a certified ethical hacker in one of his videos. I can confirm through EC Council that Mr. Evans does not in fact hold this, or any other certification through EC Council. Posted by Scott Applegate | June 19, 2010, 3:34 AM Before posting this information to Errata, we would like to verify the authenticity of this post and content. I did not see a resource that allows someone to validate a CEH holder on the EC Council web site. Could you, or someone else from the EC Council Scheme Committee, verify this information in a manner that can be validated by Errata or third parties? Either mailing from an EC Council system, PGP signing a message with a key posted on that site, etc. Thank you!
From: Bill Varhol (bill[at]varhol.net) To: security curmudgeon (jericho[at]attrition.org) Cc: firstname.lastname@example.org Date: Mon, 21 Jun 2010 14:18:00 -0400 Subject: Re: Erratata Attrition Hi, Thanks for the email and information. The Scheme Committee members are not provided with an @EC-Council email address. We are only a group of selected volunteers and do not officially work for EC-Council. The best I can do is personally vouch for everything posted by Scott. He is in fact a member of the committee and all of the points he has addressed are accurate. EC-Council is also still determining how to proceed but, as Scott has mentioned, may not pursue a legal route due to the costs involved. The only way to verify an EC-Council certificate holder is to send an email to email@example.com (but you need written consent of the holder). I will pass this information along and see if someone at EC-Council would be willing to discuss the matter and/or provide further validation. Thanks, Bill