5 September 1999

Date: Wed, 30 Jun 1999 19:35:15 -0400 (EDT)
From: Ken Williams <jkwilli2@unity.ncsu.edu>
To: John Young <jya@jya.com>
Subject: Packet Storm taken down by JP 



i just got off the phone with one of the Harvard Network
managers.  John Vranesevich contacted Harvard this morning
and threatened to sue them because of the content in the
jp/ directory.  I was told that the situation quickly escalated
to the Harvard Office of General Counsel.  

The result:  the server and the web site and it's contents
are permanently offline, I have no access to even retrieve
anything off of the server, the site known as "Packet Storm"
is history now.  All of the content and the backups made are
either destroyed, being destroyed now, or will be before I can 
do anything to prevent it.

Harvard is facing a lawsuit from JP, I am facing a lawsuit from
JP, and possibly some sort of legal action from Harvard.
This has turned really ugly, really quickly, and it is very 
plausible that Harvard may try to pull a "we caught a hacker /
Randal Schwartz / Intel" kind of bullshit so they can free 
themselves of any liability, and use me as the fall guy for
this whole thing.  All agreements with Harvard in the beginning
were verbal (with Jeff Gray, the senior sysadmin), so I've
got nothing on paper to back up the truth.  It is very plausible,
even probable, now that I will be facing charges involving
"hacking" or computer crimes of some sort, because I "never
had a Harvard ID, and thus was not authorized to use their
facilities", and I "compromised their security."  I guess it
doesn't matter that I was contacted by the Senior Sysadmin at
Harvard and invited to move my site there.  It doesn't matter
that he placed the box on a subnet of his choosing and called
me and gave me the root password and told me I had free rein on 
the box.  It doesn't matter that Harvard network security was 
never actually compromised.

If that's not enough to annoy me, all of my class work for 
the class I'm taking at NCSU this summer is on that server
at Harvard and gone now too.  With 4 weeks left in the 
semester here at NCSU, I have just lost seven weeks of work and 
data that cannot be replaced in 4 weeks.  

What bothers me the most is that all of the countless hours I
put into that web site and the archives, thousands of hours,
are gone now, for good.

The site was getting over 400,000 hits/day and doing about
10 GB/day in transfers, so I don't see it coming back online
even if I do get any of the site content back.

Obviously, I have taken full responsibility for the site
content and all activities and events associated with that 
server, and consequently am now facing legal actions from both
JP and Harvard, and state/federal computer crime charges as well.  
I don't really mind being buried in a grave I dug for myself, 
but I'm damn pissed to look up and see that John Vranesevich 
is the jackass shoveling in the dirt.

What am I going to do now?  I don't know.  The web site I
devoted most of my waking hours to is gone.  My chances of
passing my csc499 class do not look good, according to my 

If JP wasn't such a sorry waste of human life, I'd take a trip 
to Beaver, PA ....

Until formal charges are filed, I've still got my job and 
account here at NCSU.  If NCSU catches wind of any of this, 
and I'm sure they will, my account will be permanently revoked, 
and my job and the past three years of grad school will be 
gone.  Until then, I can be contacted at the email address
in the sig below.

maybe I'll see ya round sometime.

take it easy,

Ken Williams

p.s. John - the info that caused all of this shit, is all mirrored
at www.attrition.org/negation/ , just so you'll know wtf is going on.

Version: PGPfreeware 5.0i for non-commercial use
Charset: noconv


Date: Tue, 10 Aug 1999 09:53:32 +0200 (CEST)
From: Anonymous <nobody@replay.com>
Subject: Former hacker site changes course, gets hacked
To: cypherpunks@toad.com

August 9, 1999

Former hacker site changes course, gets hacked

Filed at 7:55 p.m. EDT

By Paul Festa, CNET News.com

A site that began chronicling the exploits of hackers has emerged as a venture-funded business with devotees in Congress and the military. But in the process, it has become a prime target.

AntiOnline late last week suffered one of its first successful attacks, which automatically redirected visitors to the hacker's site. Prior to that, AntiOnline claims it succumbed only once to its online attackers, when a denial of service attack brought the site offline for a few hours. In a denial of service attack, the attacker jams the system with a large volume of bogus queries or requests.

But this pair of successful attacks is no indication of the volume of hacking activity AntiOnline has been fending off recently, according to founder and general partner John Vranesevich.

"This month so far we averaged around 475 hack attempts an hour," said Vranesevich. "That's up from about 30 an hour two months ago."

An increase in hacking attacks could be expected with any site whose profile is rising, and a site professing an expertise in computer security is a particularly attractive target for malicious hackers. But the dramatic rise in attacks against AntiOnline stems largely from the perception that the site, which rose from the ferment of the underground hacking scene, has allied itself with the corporate and governmental interests that seek to stamp out malicious hacking.

"Our goal as defined is to fight malicious hackers," Vranesevich said. "We look at who's hacking what, we look at their motivation and their methodology. Most security companies are studying the mechanics of the gun. What we're trying to do is study the people who pull the trigger."

That has not left Vranesevich very popular with his subjects.

Now it's personal

Indeed, Vranesevich has become one of the most controversial and widely reviled figures in the hacking world. He said he has received threats to his family and himself both online and off.

Earlier this summer, Harvard University found itself at the center of an AntiOnline controversy after Vranesevich successfully prevailed on the school to evict from its servers a Web security site called Packet Storm that Vranesevich alleged featured defamatory attacks against him and family members, including his image superimposed on pornographic images and a page with his 17-year-old sister's photo, name, and address.

Harvard issued a press release stating that the site, which it says it hosted "as a service to the Internet community," included "sexually related material and personal attacks on an individual not affiliated with the university." Harvard officials did not elaborate on the site's contents. Packet Storm Webmaster Ken Williams denies both Vranesevich's and Harvard's characterizations of his site's content, though he acknowledged that a picture of Vranesevich's younger sister did appear next to a yearbook picture of Vranesevich.

Harvard's decision to pull Packet Storm created an uproar among hackers. In much of the debate in newsgroups and on news and discussion site Slashdot.org, Vranesevich was portrayed as siding with the establishment against the grassroots hacker community.

In general, Vranesevich does not deny the trend. In fact, Vranesevich said much of his time these days is devoted to working out deals to collaborate with firms on proposals for the U.S. military's research and development arm.

"Some of the changes we've made have made the underground unhappy," Vranesevich said. "For example, we're forming new alliances with corporations on some contracts for DARPA," the Defense Advanced Research Projects Agency.

DARPA handles research and development for the Defense Department and does research and development deals with small firms like AntiOnline through its Small Business Innovation Research program.

Dangerous knowledge?

If proposing projects for the military--another favorite target among hackers--isn't enough to raise hackers' ire, Vranesevich is also causing controversy with his Knowledge Base for use by military and law enforcement personnel. A free subscription to the Knowledge Base lets subscribers access information including profiles on individual hackers and their activities.

Subscribers, who have to apply for a Knowledge Base subscription on government letterhead, include members of the Army, Navy, Federal Incident Response Capability, Air Force, and Congress, according to Vranesevich.

"When we posted the Knowledge Base application form online, the hacking attempts started to rise," Vranesevich said. "There is this notion that we've sold out to other side, that we're selling information about people and they should have the right as individuals to address that information. People have called us a clandestine society forming a blacklist that the government could go after in an info-war."

And Vranesevich is not winning any popularity contests. One site, Attrition.org, maintains a site wholly devoted to criticizing Vranesevich and his enterprise.

"Vranesevich has alienated himself from just about everybody," said his Packet Storm adversary Williams. "He has definitely been shunned by the hacking community. He's looked upon as a narc, a turncoat, because of his change in direction."

To the consternation of some critics, AntiOnline has become a fairly legitimate business for Vranesevich and his investors. Since securing venture funding six months ago, AntiOnline has lined up an impressive array of advertisers to keep its staff of two full-time employees and dozen freelance writers paid and keep its T-1 line and network up and running. These advertisers include VeriSign, ISS, GoTo.com, and Microsoft.

DARPA contracts represent another source of potential income, and Vranesevich has trained his sights on the lucrative services market for future ventures.

Meanwhile, even Vranesevich's harshest critics are discovering that the hacking experience can be not only contentious, but lucrative.

"There are plans to bring back Packet Storm," Williams said. "There's corporate funding by a large corporation where I have accepted a full-time job."

Williams said a contract prevented him from disclosing more.

Copyright © 1999 CNET Inc. All Rights Reserved. Used by permission.