Security ‘expert’ offers $10K reward for site hack, LulzSec obliges

Joseph Black, Senior Adviser at Black & Berg Cybersecurity Consulting, LLC, offered a challenge at his site’s homepage: hack it, and receive a $10,000 reward plus a position at the firm working alongside him. He felt so cocksure that he taunted the newly notorious online hacker group, LulzSec, via Twitter.

And then, the group hacked the homepage of Black & Berg Cybersecurity Consulting.

LulzSec managed to deface the Black & Berg site by adding an image of their chosen mascot – a wine-swilling, top hat-wearing, monocled snob – into a picture. The group also taunted Black by adding “THAT WAS EASY. KEEP YOUR MONEY WE DO IT FOR THE LULZ” to the original proposition.

The light-hearted back-and-forth between Black and LulzSec on Twitter (where this whole thing apparently started) took a bizarre turn after the group linked to his site and asked, “What happened here?”

“We’re not sure what happened, we’re looking into it,” wrote Black in response. “It seems whoever is responsible was very good at covering their tracks.”

Previously, Black had amended his “no comment” stance on the hacking to a request: “Please unf*ck our website.”

Now, you may be wondering exactly why the word expert is in quotes in the headline. It’s because evidence suggests Joseph Black is not really a security expert at all.

Attrition.org reported on how Black created a fake image for himself using social media back in February, providing a host of off-the-wall comments he made and the news that the site had twice attempted to engage in a civil discussion with the man outside the often circus-like environment of the Internet. Black allegedly ignored both.

Building on that report, the folks at Jaded Security did some digging of their own. What they turned up was startling.

“In his efforts to legitimize his site, [Black] has built a reputation around certifications and misinformation,” said the site, which labeled his company a “fake boutique security firm.”

Checking with Bellevue University, where Black asserted he was currently studying for his Masters in Security Management, they discovered he was actually no longer enrolled in any courses there. “Guess the worlds greatest hacker, didn’t realize information is public,” said the site.

Jaded Security’s attempt to validate certification numbers freely provided by Black turned up similar results: they were invalid.

MyCE’s own investigation found some interesting information about the Black & Berg site, though nothing too shocking.

LulzSec’s string of seemingly random cyber attacks, which recently added PBS and Nintendo to the list, continues. And so far, people are riveted by the e-drama: the group’s Twitter page now has over 115,000 followers.