Fake Security Firms Will Be Exposed

Thursday, June 09, 2011

Boris Sverdlik

7c5c876d1933023ac375eead04302e1a

UPDATE: BlackbergSecurity is NOT A DEFENSE CONTRACTOR according to E-VERIFY.

I’d like to preface this again by saying I don’t condone the activities of Lulzsec. I do fall into the crowd of security professionals who Patrick Gray described as secretly loving him. Patrick has written a great piece on the awareness the group has brought to the weaknesses in information security.

I suggest you go out and read it immediately and you’ll see why.

Attrition.org broke a story back in February on how Joe Black has used social media to create his “Security God” image. Needless to say, they debunked the entire image.

Unfortunately, real security guys are the only ones who actually read Attrition, and Joe Black was able to continue in his path to self proclaimed security god.

image

In his efforts to legitimize his site, he has built a reputation around certifications and misinformation. He has a very interesting career, that we can trace back to his days at Wright Printing in 2005 according to his LinkedIn Profile which is also about the time he was supposedly enrolled at ITT in his Bachelors degree program in Omaha.

Calls to ITT have not been returned as of this writing, but Joe did post his associates degree on his flickr page. While we are on the topic of education, his profile also states that he is expecting to complete his Masters in Security Management  at Bellevue University in 2013.

According to the registrar he has withdrawn from every single course he had enrolled in since January of 2009. Guess the worlds greatest hacker, didn’t realize information is public. Oh well.

With his reputation on the line he had called out our neighborhood Lulz maker with the following message on his website:

“Cybersecurity For The 21st Century, Hacking Challenge: Change this website’s homepage picture and win $10K and a position working with Senior Cybersecurity Advisor, Joe Black.”

Guess what happens next?

image

Again, not that I condone any of this, but you know me any chance to prove that security certifications are useless can’t be ignored. Wow, look at all of those interesting certifications on his website.

This guy must be a Security Megastar. Lets see what he has:

image

All can be seen thanks to our brainiac on his Flickr:

  • Project+ COM70010068307772 A+ 1/08
  • Remote Support COMP001006830772 1/09
  • Security+ COMP001006830772 1/08
  • Network+ COMP00100683C772 1/08
  • Linux+ COMP001006830772 2/08
  • CEH ECC926927 09/08CISSP 318010 12/08

What I don’t see is the ISACA CISM & CISA certifications.

Please Joe, if you have them send the numbers my way...

So are we still confident how certifications do not equate to competency? This is just another example of false advertising, and I’m glad it has been brought to light. Black has even used Facebook to advertise his services.

I love his About statement “At Black & Berg Cybersecurity Consulting we leverage our close relationship with the Federal Government to give our small business clients a Cybersecurity posture that equals or exceeds that of the NSA and Department of Defense.”

Wait speaking of his federal contacts he does have a CAGE# on his LinkedIn Profile. Wow, legit eh... EXPIRED.

In closing I’m sure you paper security guys would be more than happy to hire him, real security guys well we don’t find our vendors at bus stops.

image

Cross-posted from Jaded Security

Possibly Related Articles:
22028
Certification Social Engineering Consulting hackers Lulzsec BlackbergSecurity
Post Rating I Like this!
728dce02fbc900cb75609c4660de7bf6
Elyssa Durant The CyberSecurity business is a rapidly growing field.

Recruitment has been fast and furious since the United States became aware that we have a serious problem on our hands.

In that process, many firms are taking on interns to test the aptitude for those who are well suited for intelligence and counterintelligence work.

As Joe Black knows. This is a field where you need to prove your skills, and the only way to truly test them is in the field. From there, you either sink or swim.

In addition, that recruitment process has been untraditional; calling on experts from all walks of life.

As we all know, extraordinary times call for extraordinary measures. We live in extraordinary times and operate under extraordinary measures.

Black & Berg CyberSecurity Consulting, LLC is a new firm and failure is not an option.

I think Joe Black is handling the situation with real class responding to directed questions and placing his credentials out there for the world to see.

Joe Black has surrounded himself with a good team, and that is half the battle. This team will stand by him, until we hear otherwise. Our methods, background and training are diverse and atypical. Our dedication and commitment beyond reproach.

Nobody makes it in this business overnight, but Joe Black has, experienced excellent advisers to support him.

What exactly do we know about Lulzsec other than their desire to wreak havoc on the world wide web and their ability to to launch CyberWarfare on those who "dare" to challenge them?

I always get a chuckle when people make [want] to make the assumption that I attended Columbia Community College as opposed to my "real" alma matter, Columbia University in the City of New York.

If people are desperate to see Ivy League Credentials and a few advanced Masters degrees... just send them my way.
1307788757
728dce02fbc900cb75609c4660de7bf6
Elyssa Durant megacommunities@blackbergsecurity.us
to elyssa.durant@gmail.com
date Wed, Jun 15, 2011 at 7:22 PM
subject Fwd: About your website defacement/compromise.
Important mainly because of the people in the conversation.

hide details 7:22 PM (1 hour ago)

via e-mail from Joseph Black:

Thought you should see this email that I received.



~Joe


---------- Original Message ----------
From: Victor Vennt
To: Megacommunities@blackbergsecurity.us
Date: June 8, 2011 at 8:44 PM
Subject: About your website defacement/compromise.

To whom it may concern:

I believe that "LulzSec" - The notorious hacking group responsible for recent Sony & FBI hacks may have given themselves away & identified themselves with their recent defacement and compromise of your site.

Last year cryptome.com was similarly compromised by a splinter group of "Anonymous" whom went by the name of "DIDITFORTHELULZ", one of that groups 'tag lines" was "We do it for the lulz", the members of that group were eventually exposed, see:

http://cryptome.org/0002/cryptome-hack4.htm

It is believed in certain circles of "Anonymous", that the ringleader of LulzSec is one Corey "Xyrix" Barnhill, further research may yet provide confirmation of this.

One friend of his, and "notable" member of this group has previously been charged with computer tampering, computer trespass, and criminal possession of computer material for an attack on AOL, see: http://www.infoworld.com/d/security-central/ny-teen-hacks-aol-infects-systems-818.

I hope this information is of some interest to you,

A concerned citizen.
1308186669
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Elyssa, just when did you become a sock puppet for a clown like this Joe Black?
1308245987
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia BTW, please refrain from re-cross posting any of my content on your numerous blogspot pages. Though you credit me, I want nothing of my reputation at all connected to you or Joe Black. Consider this the first official request.
1308246063
7c5c876d1933023ac375eead04302e1a
Boris Sverdlik Hahaha... FTW @Krypt3ia
1308246248
7c5c876d1933023ac375eead04302e1a
1308581830
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Excellent.
1308583969
D331fa927075f915c48eb4ebc3cdfee0
SithLord2K I would seem his website is now broken.... I wanted to check it out after reading this article and this is what I saw...

Hmm, blackbergsecurity.us isn't loading right now.
The computers that run blackbergsecurity.us are having some trouble. Usually this is just a temporary problem, so you might want to try again in a few minutes.
Want more detail? See which nameservers are failing.


Nameserver trace for blackbergsecurity.us:
Looking for who is responsible for root zone and followed c.root-servers.net.
Looking for who is responsible for us and followed c.cctld.us.
Looking for who is responsible for blackbergsecurity.us and followed ns2.dreamhost.com.

Nameservers for blackbergsecurity.us:
ns2.dreamhost.com returned (NORECORDS)
ns3.dreamhost.com returned (NORECORDS)
ns1.dreamhost.com returned (NORECORDS)
1311623865
Default-avatar
Robert wagner I happen to have went to ITT with Joe Black, I am a systems admin/storage guy not a security guy.
Joe is a sharp dresser and come across as a highly intelligent personable guy, but clearly thats only surface. One of the instructor at ITT is Robert Baldy, who has a actual security job with the NSA. Joe no doubt leveraged his instructor Robert Baldy for contacts into the real security world. Although I highly doubt Mr. Baldy new Joe was not playing with a full deck. He really has no technical skillset to speak of other than the catch phrases he reads in books. We attended some of the same classes and I knew him for about a year, he seemed really normal and motivated. Then all this started. So last month he was arrested you will need to read the story to believe it.
http://www.ketv.com/news/29637252/detail.html
Or google Joseph Black high speed chase omaha.

Here is the kicker. Joe has accomplished exactly what he set out. He is the talk of the town, he is a topic of conversation on every respectable security site as well as those who are not respectable. All publicity is good publicity to him I assure you.
1323998419
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.