Gregory D. Evans Lies About Being Certified Ethical Hacker (CEH)

For over a year, Evans has made repeated claims that he is a "Certified Ethical Hacker", a security certification offered by the EC-Council. Evans uses this in PR releases, videos and bio paragraphs when engaging the media. For example, Evans' "Why is the No. 1 Computer Hacker" video displays the C|EH logo just 11 seconds in:

(click to enlarge)

Examples of Evans' claim to be a CEH in biography and implication in an article he wrote:

(click to enlarge)

Examples of Evans' claim to be a CEH in various press releases:

(click to enlarge)

Evans goes so far to include the CEH logo as an "affiliation" in his Initial Disclosure Obligations to the SEC.

Evans' says "CEO of LIGATT Security International and creator Gregory Evans is now a Certified Ethical Hacker with ample experience in computer security and has created solutions to problems such as identity and computer theft."

To verify that Gregory D. Evans does not hold a Certified Ethical Hacker (CEH) certification, Scott Applegate and Bill Varhol from the EC-Council Scheme Committee checked their records:

From: security curmudgeon (jericho[at]
To: Bill Varhol (bill[at]
Date: Mon, 21 Jun 2010 12:57:46 -0500 (CDT)
Subject: Re: Erratata Attrition

Hi Bill,

: As requested in the email below, just wanted to touch base and let you
: know I'm available.

A 'Scott Applegate' posted a comment to an article on a couple days ago, stating that he and other members
of the EC Council Scheme Committee were aware of Gregory Evans plagiarism.
He further says that Evans does not hold the CEH certification. Here is
the URL and post:

  I have worked with Chris Gates in my official duties in the United
  States Army. I can verify that carnal0wnage is indeed Chris Gates. I can
  also verify that the work above is his work and not that of Chris Evans.

  Additionally, as a member of the EC Council Scheme Committee, I can
  verify that EC Council, and its President Mr. Jay Bavisi are aware that
  Mr. Evans has plagiarized a substantial amount of their material
  and have not brought suit only due to the projected cost of doing so
  versus the complete lack of return. That having been said, EC Council is
  preparing a press release to address this issue.

  Second, it should be noted that Mr. Evans displays the C|EH logo of a
  certified ethical hacker in one of his videos. I can confirm through EC
  Council that Mr. Evans does not in fact hold this, or any other
  certification through EC Council.

  Posted by Scott Applegate | June 19, 2010, 3:34 AM

Before posting this information to Errata, we would like to verify the
authenticity of this post and content. I did not see a resource that
allows someone to validate a CEH holder on the EC Council web site. Could
you, or someone else from the EC Council Scheme Committee, verify this
information in a manner that can be validated by Errata or third parties?
Either mailing from an EC Council system, PGP signing a message with a key
posted on that site, etc.

Thank you!

From: Bill Varhol (bill[at]
To: security curmudgeon (jericho[at]
Date: Mon, 21 Jun 2010 14:18:00 -0400
Subject: Re: Erratata Attrition


Thanks for the email and information.

The Scheme Committee members are not provided with an @EC-Council email address. 
We are only a group of selected volunteers and do not officially work for EC-Council.

The best I can do is personally vouch for everything posted by Scott. He is in fact 
a member of the committee and all of the points he has addressed are accurate. 
EC-Council is also still determining how to proceed but, as Scott has mentioned, may 
not pursue a legal route due to the costs involved.

The only way to verify an EC-Council certificate holder is to send an email to (but you need written consent of the holder).

I will pass this information along and see if someone at EC-Council would be willing 
to discuss the matter and/or provide further validation.


main page ATTRITION feedback