Another Fake Boutique Security Firm

jadedsecurity.net

Update. Thanks to Attrition.org for pointing this out and @tehhandbanana for the lulz

This is the tale of a security boutique so lulzy we can’t even bring ourselves to lulz at them anymore. It’s been exactly two weeks since LulzSec sailed the LulzBoat over to blackbergsecurity.us, and since then Ryan Berg has feverishly been working to build a new site and re-invent the company image after having their asses publically plundered. They moved from Drupal to WordPress, and got a new domain name. We assume the move away from Drupal was an act of desperation since they had no fucking clue how LulzSec got in — switching CMS software was the only way to stay safe! The minute we saw this shiny new site, we had to see if our “favorite” Cybersecurity duo had learned any lessons. They had not.

The one thing we hate more than whitehats and “ethical hackers” (whatever the fuck /that/ is) is frauds. Joe, you are a fraudulent sack of shit. I hold your mother fully responsible for not aborting you, especially since she obviously smoked a lot of crank when she was pregnant with you. You are a genital wart on the nutsack of the infosec community, and quite franky we’re tired of you. We had fun lulzing at you for a while, but you’re just a bad joke told one too many times. You’re a cunt, Joe, and although we’re getting LulzSec’s sloppy seconds, we’re enjoying every second of fucking you.

This is the second time in two weeks that you’ve been pwnt, and it will continue to happen until you boys close up shop. We will never stop owning and exposing you for who you truly are. You’re raping your customers by offering a service you can’t even provide to yourselves, so we will capitalize on every opportunity we get to rape you. We mean it — close up shop for good. You boys best stick to farming corn — we hear that’s what you Nebraski folks do best.

Done in the name of #AntiSec Greetz to LulzSec, zf0, Topiary, and jericho

Thanks to @Highwick for pointing out friend here has opened up a new site…. http://www.blackandberg.com/

He is still a CyberSecurity Professional and still has his awesome paper listed.

At Black & Berg Cybersecurity we staff only the best in the world, our consultants Are Certified Private Cybersecurity Specialists and their qualifications include:

Bachelor of Applied Science, Information System Security

Associate of Applied Science, Computer Network Systems

Certified Information System Security Professional (CISSP) *

National Security Agency Certification INFOSEC Specialist NSA-4011

US Citizens with the ability to obtain Security Clearances

Certified Information Security Manager (CISM) *

Certified Ethical Hacker (C|EH) *

Security+ *

Network+ *

Project+

Linux+

A+ Remote Support Technician *

A+ IT Technician *

* Department of Defense (DoD) Directive 8570.01 Compliant

UPDATES: If anyone cares anymore…

Joe Claims he got his CISM

#Jadedexposure checks

June 11th 2011. Attrition.org had sent me another of his awesome sites.. http://www.securityofomaha.org/

UPDATE!!!!! BlackbergSecurity is NOT A DEFENSE CONTRACTOR according to E-VERIFY

I’d like to preface this again by saying I don’t condone the activities of Lulzsec. I do fall into the crowd of security professionals who Patrick Gray described as secretly loving him. Patrick has written a great piece on the awareness the group has brought to the weaknesses in information security. I suggest you go out and read it immediately and you’ll see why.

Attrition.org broke a story back in February on how Joe Black has used social media to create his “Security God” image. Needless to say, they debunked the entire image. Unfortunately, real security guys are the only ones who actually read Attrition, and Joe Black was able to continue in his path to self proclaimed security god.

In his efforts to legitimize his site, he has built a reputation around certifications and misinformation. He has a very interesting career, that we can trace back to his days at Wright Printing in 2005 according to his LinkedIn Profile which is also about the time he was supposedly enrolled at ITT in his Bachelors degree program in Omaha. Calls to ITT have not been returned as of this writing, but Joe did post his associates degree on his flickr page. While we are on the topic of education, his profile also states that he is expecting to complete his Masters in Security Management at Bellevue University in 2013. According to the registrar he has withdrawn from every single course he had enrolled in since January of 2009. Guess the worlds greatest hacker, didn’t realize information is public. Oh well

With his reputation on the line he had called out our neighborhood Lulz maker with the following message on his website.

“Cybersecurity For The 21st Century, Hacking Challenge: Change this website’s homepage picture and win $10K and a position working with Senior Cybersecurity Advisor, Joe Black.”

Guess what happens next?

Again, not that I condone any of this, but you know me any chance to prove that security certifications are useless can’t be ignored. Wow, look at all of those interesting certifications on his website. This guy must be a Security Megastar. Lets see what he has

All can be seen thanks to our brainiac on his Flickr

Project+ COM70010068307772 A+ 1/08
Remote Support COMP001006830772 1/09
Security+ COMP001006830772 1/08
Network+ COMP00100683C772 1/08
Linux+ COMP001006830772 2/08
CEH ECC926927 09/08CISSP 318010 12/08

What I don’t see is the ISACA CISM & CISA certifications.

Please Joe, if you have them send the numbers my way

So are we still confident how certifications do not equate to competency? This is just another example of false advertising, and I’m glad it has been brought to light. Black has even Facebook to advertise his services

I love his About statement “At Black & Berg Cybersecurity Consulting we leverage our close relationship with the Federal Government to give our small business clients a Cybersecurity posture that equals or exceeds that of the NSA and Department of Defense.”

Wait speaking of his federal contacts he does have a CAGE# on his linkedin Profile. Wow, legit eh.. EXPIRED

In closing I’m sure you paper security guys would be more than happy to hire him, real security guys well we don’t find our vendors at bus stops.