The Fundamentals of Manipulating Perception Through Press Releases

Gregory D. Evans and LIGATT Security

Thu May 20 18:43:59 EDT 2010

attrition.org


0. Overview

Most information security companies offer products or services, have a client base and tend to appear in articles or reviews based on merit. Invariably, if you offer something with real value it will begin to advertise itself. Other than an initial public offering (IPO) or significant event like a 'split', most companies rarely talk about their own stock. Some companies offer penetration testing (i.e., "legitimate hacking") as a service, but wouldn't think of teaching random people "how to hack" as the notion brings to mind a company arming the bad guys. Company executives spend time building the firm rather than promoting their stock price.

Enter LIGATT Security, a "cyber security" company that breaks the mold entirely. Led by convicted petty criminal Gregory D. Evans, LIGATT is engaging in an aggressive media campaign designed to influence their almost non-existant stock price. By using press releases, Twitter and non-discerning media sources, the only thing LIGATT seems to do on a daily basis is media whoring, not providing security services.

1. Press Release Post-mortem

"With all the media attention the company receives, LIGATT Security International will be a house hold name in the next 12 months." -- Gregory Evans

Thanks to $75 and the PRNewswire, anyone can create their own "media attention" and blast it out to the world. Pay for enough of these articles, that are mostly a few weak paragraphs followed by boiler-plate disclaimers, and a company can fill it's "Press Room". This may give the perception of "media attention" to someone not familiar with PRNewswire and unable to recognize that every press release appears to be written by the same person, in the same style and uses the same format.

To build on the wave of "media attention", LIGATT bought space on billboards in key cities where their shareholders live to give the perception that they are a bigger and more prominant company. Not wanting to miss a chance at spin, Evans headlines it with "teaming up with Clear Channel Outdoor Holdings" when it is nothing more than LIGATT signing a contract to purchase billboard advertising. From the press release:

ATLANTA, GA-May 4, 2010 - LIGATT Security International, (OTC: LGTT) a cyber security company, is proud to announce their contract signing agreement with Clear Channel Outdoor Holdings (NYSE: CCO) to start new media advertising.

Clear Channel is an American media conglomerate company that specializes in radio broadcasting, concert promotion and hosting, and fixed advertising in the United States through its subsidiaries. Clear Channel is the largest owner of full-power AM, FM, and shortwave radio stations and twelve radio channels on XM Satellite Radio, and is also the largest pure-play radio station owner and operator.

"Starting this new marketing campaign will give our products and services the visibility we need in order to move to a more national platform," says Evans. "This also helps build current and potential investors confidence in LIGATT Security. Our shareholders in the cities we are advertising in will be able to drive down the street and see that even though we may be a Pink Sheet company, we are a real company competing against the big boys," comments Evans.

After headlining with "teams up with", Evans goes on to describe Clear Channel, not their subsidairy Clear Channel Outdoor Broadcasting. This gives the impression that LIGATT has partnered with Clear Channel, when the advertising deal has nothing to do with either company any more than your relationship with the grocery store you frequent. One line of this press release does merit attention though:

"Over the past couple months we have worked really closely with our accounting department to make sure that at least 40% of our budget goes to our advertising and marketing department," says CEO of LIGATT Security International, Gregory Evans.

A company spending 40% of their budget on advertising and marketing should be a warning flag and fully explain the so-called "media attention" Evans touts. According to Entrepreneur Media, there is a recommended minimum and maximum budget for marketing that likely doesn't come out to 40% for LIGATT. According IDC reports as quoted by marketo, tech companies typically spend between 3.6 and 6.5% of their budget on marketing.

In another press release, LIGATT announces their "teaming up" with a search engine to offer a "Caribbean Cyber Security Seminar and Workshop". Search-Caribbean is "A Custom Search Engine for the Caribbean" and has no obvious ties to computer security. Apparently, they do have a tie to the locale so LIGATT has "teamed up" with them and morphed the whole thing into a grand event:

"After meeting with key decision makers in the government and the private sector, there was one commonality that was identified," says Rodney Ollivierre, Government Consultant. "All areas of our economy would love to move into more ecommerce, but the fear of hacking cripples those efforts. By using their unique expertise and wide variety of services, I believe that LIGATT Security International is the perfect vessel to help move us into this new age E-Commerce."

Currently a host of government officials, law enforcement agents, banking institutions, and business owners have already confirmed their participation. The two day seminar and workshop will include educational sessions on topics such as, No More Fear for E-Commerce, Identity Theft, Password Cracking and Recovery, and Computer Crime Investigation. The workshop session will include topics and demonstrations on How to Protect Wireless Networks, Computer Forensics, and Computer Security Audits Penetration Testing.

This important quote by Ollivierre, only identified as a "Government Consultant", is suspicious as that title is meaningless in the security world since tens (hundreds?) of thousands of people have provided consultation to governments. One has to wonder if this is the same Rodney Ollivierre mentioned in the article. Moving past that level of spin, the press release goes on to make what is likely a provable lie:

Gregory Evans is a world expert in the field of Cyber Security, and the featured facilitator for this event. Evans has guided the company to spectacular growth. The company has currently conducted more security penetration tests - designed to evaluate the effectiveness of a business information system's defense against intrusion by hackers - than any company in the USA.

If LIGATT will publish the number of penetration tests it has performed, we are confident that several other companies can confirm they have performed a substantial amount more. While using lingo such as "recognized leader" and "world expert" is very common and vague enough not to be (easily) proven as factually false, this claim of penetration test numbers moves into the realm of absurdity. According to the LIGATT site on December 14, 2007, they claimed "We are proud to announce that we have become the masters in computer security audits, with over 200+ security audits done within a 365 day period and a 100% success rate!" With this number, we can personally vouch for this not being the most penetration tests performed in 2007.

If all of the press release spin is giving a negative impression of LIGATT, then move on to the press release about Lunarline and Mantech that has absolutely nothing to do with LIGATT. Looking past that, Evans and company filed a press release just to announce their ability to fill out a basic form granting them the ability to receive government contracts. Of course, that is only if they actually win a bid or find their way into a sweetheart no-compete deal.

It should be noted that many of their press releases come with an additional disclaimer before the standard Safe Harbor Act message, assuring you that they do not use stock promoters or outside investor relations firms. I believe they add such a message because their press releases, stock activity and "media attention" show many of the same signs as seen by fraudulent pump-and-dump stock schemes.

***This press release was done in-house by a LIGATT Security International staff member. LIGATT Security International never has and never will use stock promoters, or outside Investor Relations firms.***

2. Silly Twitter Campaign

LIGATT Security International began tweeting on October 13, 2008 with an informal style linking articles, engaging in social conversation and even offering to help with computer problems. Over time, the tweets appeared to be done by multiple people and expanded to include motivational quotes, stock activity and events related to Evans or LIGATT. Aside from the abundance of CAPS, it appeared to be a fairly normal corporate Twitter feed. However, mixed in with the above were little nuggets of technical wisdom from the person claiming to be the "World's #1 Hacker", comments you don't see on most corporate feeds, as well as Evans losing his temper.

Early tweets even demonstrated some questionable advice, saying that "social engineering tricks .. the system into letting you in the system", when it is a human-based attack, not a technical one. Eventually these pro tips turned into a twitter campaign to teach people hacking 140 characters at a time. When called a 'douchebag', presumably Evans got riled up and lashed out with a "your mother" insult. Of course this type of tweet doesn't really bestow a professional image on Evans or LIGATT, but neither does the excessive use of CAPS, ultra-nano stock activity or dozens of other tweets the past couple of years.

LIGATT apparently didn't keep up with the world of defeating CAPTCHA implementations, telling one person that "adding captcha images [..] will definitely stop spammers" despite methods being around for a year to defeat many common implementations. When not doling out solid technical advice, LIGATT was airing workplace drama in the form of talking about the recently departed.

One of Evan's proudest services is the 'SPOOFEM.com' site that lets you spoof caller ID for various reasons. That leads one to wonder why he would ask "Does anyone prank call/text/email anymore?". In a somewhat cryptic message that begs the question of LIGATT's own technical management, they call for "all CTO, CIO and IT Managers to be fired".

In a curious change of names, "Cyber Defense Systems Changes Name to SPOOFEM.COM and Gears up to Focus on International Homeland Defense". Personally, the first sounds more appropriate for "homeland defense", international or otherwise. Perhaps a first move in this campaign is LIGATT "[introducing] its first firewall: Cyber Crime Fighter IPS". Firewall, IPS .. same difference.

On may 5, 2010, LIGATT announced a new daily Twitter campaign to teach people how to become a hacker in 15 minutes:

ATLANTA, GA-May 5, 2010 . LIGATT Security International, (OTC: LGTT) a cyber security company, announced the launch of their first social media campaign that will inform their followers on how to become a computer hacker in 15 minutes. The concept of this campaign is to educate LSI's followers how to think like a computer hacker.

Beginning May 12, 2010 LIGATT Security will began to tweet daily tips on how a person can hack into an individual's wireless network. How to Become a Hacker in 15 minutes is a series of security applications prepared by the world's no. 1 Hacker, Gregory Evans. This short training course displays how a hacker can find anyone by their email address, and how to hack into a personal computer to steal an individuals' personal information.

The twitter messages will include step-by-step instructions on how to become a computer hacker so that LSI's twitter followers will be able to protect their wireless networks from being hacked.

It's one thing to teach someone some steps used in hacking, but another thing entirely to teach someone the hacker mindset. Limiting yourself to 140 character tweets to try to teach someone a psychology just doesn't happen. In addition, the press release is curious with wording, going from "how to hack into a personal computer" to "LSI's followers will be able to protect their wireless networks". What about their wired network? Their Internet connection? Based on the press release, consider the first two lessons and consider if they are meeting their stated goal:


(Click to enlarge)

After three "days", all we get is a high level overview that can be found in any pedestrian hacking book that largely copies the same material from other pedestrian books that largely copied liberally from sources on the Internet or the first generation of security books. In short, this Twitter campaign is a marketing gimmick at best, a disservice to LSI customers at worst.

Not one to miss a media whoring opportunity, Evans conned Chris Sweigart of WXIA 11Alive News in Atlanta to run a whopping three paragraph puff piece on the "news". This began the cycle of additional media whoring via tweets as well as the LSI press release. Seriously, this is news?

3. Employees, Directors, Offices and Illusions

Companies trying to break into a market must compete with established names and competitors with large resources. It is common for a new startup to take steps to appear as if they are a larger, more established company. This gives potential customers a certain level of confidence that the company is secure, able to provide advertised services and won't vanish the next day. While such activity is generally accepted, at a certain point these steps cross over from managing perception to outright lying.

3a. Employees

Depending where you look or who you ask, LIGATT has between 6 and 60 employees. Their website claims 60 while their LinkedIn Company profile "key statistics" says 25 while listing "(7 total)" current employees and only showing 6. Scouring the various resources, a sizable list of names can be found. However, almost half of them hold or held a position related to marketing or public relations.

Name Position Status Reference
Gregory D. Evans CEO and Founder (Web)
Managing Director (LinkedIn Profile)
Current About Us - Leadership Page
Kendric Embree Director of Business Development (Web)
Assistant (LinkedIn Profile)
Current About Us - Leadership Page
Quinton Ash Head of Software Development Current About Us - Leadership Page
Roman Koyfman Software Development Current About Us - Leadership Page
Edward Mitchell Head of Cyber Investigations Current About Us - Leadership Page
Chicoby Bates IT Administrator Current About Us - Leadership Page
Dallas Solomon HR Director Current LinkedIn
Dami Kabiawu Chief Financial Officer Current LinkedIn
LaKesha Wilson President and Chief Operating Officer Past LinkedIn
Denfield Baptiste Computer Engineer Current LinkedIn
Shalynndra Thompson Human Resources Director/Office Manager Past LinkedIn
Dereck Heim Security Analyst Past LinkedIn
?? Consultant (Engineer, MIS, CCNA, CCDA, ITIL) Past LinkedIn
Jeremy Wolfe Marketing / Web Development Current About Us - Leadership Page
Lea Bargen Marketing Intern Current LinkedIn
Amanda Duggan Public Relations Assistant Current LinkedIn
Katrina Highsmith Director of Public Relations Current About Us - Leadership Page
Ashley Blakely Assistant Public Relations Current ? LinkedIn
Sheehan Toufiq IT/Marketing Intern Past LinkedIn
Laura McGarey Assistant Public Relations Director Past LinkedIn
?? Public Relations Intern (1) Past LinkedIn
?? Public Relations Intern (2) Past LinkedIn
Marc Thalheim ? Social Media Marketing Coordinator Past LinkedIn
C. B. Spokesperson Past LinkedIn
Cymone Coker PR Current LIGATT Press Releases



The sheer number of people engaged in press and marketing that have cycled the company calls into question LIGATT's primary goal. Generally, new companies looking to grow their business hire sales representatives to sell their product or services, not the company image. The heavy use of press releases and abundance of resources lends to the theory that LIGATT is focused on managing public perception to increase stock value.

With Evans proudly claiming having "over 65 computer security experts on staff", it is curious that only a couple technical workers can be found through LinkedIn and other sources.

3b. Board of Directors

According to their web page, LIGATT has a board of directors with two individuals on it: Stacy L. Merrell and Charles Randolph Anderson. While Merrell and Anderson don't seem to have any ties to security companies, they both appear to have better business sense than Evans. A press release in April announced that Keith Flannigan joined the board, but his name doesn't appear on the web page. The release goes on to extoll Flannigan's experience in counter-terrorism and list impressive-sounding credentials.

Giving second thought to the credentials raises more questions about Flannigan's experience and calls into question if his appointment was strictly to give LIGATT some level of credibility in government circles. Coupled with LIGATT's announcement of opening an office in Washington DC and newly-found ability to receive government contracts, Flannigan's appointment certainly seems timely.

Looking at Flannigan's credentials, the following thoughts and questions come to mind:

3c. Offices

Perception is everything according to some. LIGATT Security International strives to give the perception that they are a large company with significant office space. According to the web site "contact us" page, their address on Peachtree Parkway "Suite 240" looks like a strip shopping mall. Looking at Google results and Google Maps, we see a wide variety of businesses listed for "Suite 240" including Mindspan Systems Inc., Minitech Machinery, Pure Air Filtration, Patient First Transport, 888LIMOATL.Com, Builders Depot Direct and Doctor Kenneth Barnwell - Wellness Universal. With LIGATT's supposed "65 computer security experts" on staff, they must be a virtual company instead of a conventional office space presence.

In April, LIGATT announced their opening of a Washington DC office, "one block from the White House", as if physical proximity to the President gave them additional credibility. Looking at the address of their new office, 1701 Pennsylvania Ave, NW, Suite 300 Washington, DC 20006 is part of the Carr Workplaces that offers virtual offices to companies. According to Google, this address is used by a variety of companies including International Green Energy Council, Capital Communications Group, Inc., Phase Legal LLC, the Embassy of the Republic of Palau and countless others.

With this Washington DC address in context, LIGATT's first press release announcing the upcoming office opening and new President is clearly marketing fluff. A virtual office does little to "help move LIGATT Security to another level", other than trying to manipulate public perception.

4. Conclusion

Between the flood of carefully crafted press releases, a silly Twitter campaign, employees and offices, it is abundantly clear that LIGATT focuses on public perception considerably more than they do on offering quality products and services. Many security startups run on minimal staff, dedicate more resources to marketing or sales, operate out of virtual offices and issue press releases to get their news out. However, LIGATT takes these activities to a new level, using them to hide the fact they are a significantly smaller company with more limited resources than they advertise. Worse, it calls into question their ethics and pushes the line between "managing perception" and "outright lying".