Whether to engage Evans (and potentially give him more publicity) is certainly a worthwhile discussion. Some say to ignore him completely, while others (and I find myself in this camp) tend to want to expose him, even if that gives him some of the publicity he's craving, with the idea that eventually he'll fall. Either way, that's an ongoing discussion and not the subject of this post. Also, I should make it clear that Greg Evans has never done anything to me or even communicated with me. My problem with him is who he portrays himself to be, and how that impacts the way people see our community.
Anyways, I decided that the least I could do was to write a letter to one of the conference organizers and let them know who they were dealing with. My guess was that they bought his story (ex-con hacker now turned ethical hacker) and didn't know about his more recent activities. So I sent this:
I noted with particular interest on your homepage (http://www.mistieurope.com) that you have Mr. Gregory Evans listed as one of the keynote speakers for your 2nd Annual ICT Security Africa Summit in September (http://www.mistieurope.com/default.asp?Page=65&ProductID=13227).
Mr. Evans proudly claims his status as an ex-hacker (and ex-felon), but there is a much deeper (and more recent) history that you should consider before allowing Mr. Evans to speak. I would like to point you to a web page (http://attrition.org/errata/charlatan/gregory_evans/) that details multiple issues with Mr. Evans conduct over the past few years, including multiple counts of plagiarism, multiple legal and financial issues, multiple lies about the certifications he holds, and much more. Added to that, Mr. Evans has repeatedly threatened those who criticize him, and frequently claims any criticisms of him are attacks against his race.
Additionally, I would like to point you to the video from CBS News Atlanta, who exposed much of Mr. Evans fraud this past February. This video can be viewed here: (http://www.youtube.com/watch?v=O3Ms8UZnOoA).
I believe that after learning more about Mr. Evans background, you will come to the conclusion that it is not worth the reputation of your conference to extend him an invitation. Mr. Evans is a stain on the computer security industry and that stain goes with everything he touches. Please do not allow your conference to be blighted by Mr. Evans association.
Please note that I have nothing to gain from writing this email except the assurance that I did the right thing in letting you know about Mr. Evans' past.Yesterday morning I found out that several other people in the community had also written letters to the conference organizers, and that Greg Evans was no longer speaking at the event. I captured the writing on the wall, so to speak, from the conference website:
Given Greg Evans penchant for lawsuits, I half expect at least the threat of one. And yes, seeing "theprez98" on court documents would indeed be an interesting sight. Hopefully his lawyer talks some sense into him and saves him the time and money.
You might think that I am helping to ruin Greg Evans' reputation by aiding in getting his gigs canceled. Far from it. Greg Evans ruined his own reputation when he decided to lie, cheat and steal. I'm just (one of many people) letting people know. Truth be told, this is a win for the security community. Greg Evans goes down in flames again.