[ISN] AntiOnline Founder Under Fire

From: mea culpa (jerichoat_private)
Date: Mon May 04 1998 - 23:05:13 PDT

  • Next message: mea culpa: "[ISN] ..Hacking on the Rise, Colleges Seek Ways to Handle Attacks"

    AntiOnline Founder Under Fire       
    by James Glave
    
    3:00pm  4.May.98.PDT
                                        
    The founder of a computer-security Web site who published details of
    recent hacker penetrations into government systems has been warned by a
    Defense Department contractor that he may be considered an accessory to
    the crimes. 
                                        
    John Vranesevich, founder of full-disclosure computer security Web site
    AntiOnline, posted two emails that he and other AntiOnline members
    received last week from a contractor with the Defense Information Systems
    Agency (DISA).  The emails, sent by a system administrator at the Denver
    Defense Megacenter -- a financial administration center run by DISA --
    suggested that Vranesevich "had knowledge of a crime and may be culpable." 
                                        
    In recent weeks, AntiOnline has reported several penetrations of DISA
    systems by crackers, and included screen shots of government programs and
    sign-on screens as proof of the intrusions. 
    
    Vranesevich received the first DISA email on 28 April. The note, signed by
    Peter Farrell, alleged that Vranesevich might "be liable for encouraging
    further criminal activities against US Defense Department systems." 
    
    However, Farrell stopped short of threatening specific legal action
    against Vranesevich. 
    
    "We are not here to threaten you but to request your assistance in our
    investigation of two attacks on one of our machines and to provide, if
    requested, information on other attacks, successful or otherwise,"  wrote
    Farrell. 
    
    "Your page also displays a copy of a government log-on screen and you
    provide an interview with the supposed perpetrators. Their actions have
    led us to shut at least one server down temporarily as one attacker in
    particular attempted to spoof mail from the White House,"  Farrell
    continued. 
    
    Vranesevich said the latter comment exposed the weakness of DISA's case. 
    
    "It's very simple to send mail to someone making them think it is from the
    White House," said Vranesevich, who added that the letters were
    "ridiculous." To prove the point, Vranesevich sent Wired News an email
    from "presidentat_private" 
    
    "He [Farrell] wanted me to tell him of every crime against US computers
    I've ever heard of happening, every attempt I've ever heard someone make
    -- whether or not it was carried out -- what methods I thought they used,
    how often I thought people did it,"  said Vranesevich. 
    
    "They want me to become the one-man, Janet
    Reno-$64-million-computer-crimes task force, is what it sounded like," he
    said. 
    
    In February, Attorney General Janet Reno said that she would be seeking
    US$64 million to build a National Infrastructure Protection Center, which
    would fight cybercrime and other threats to the US national
    infrastructure. 
    
    Vranesevich said that he did not have any classified information, and that
    he only publishes non-classified information about intrusions supplied to
    him by hackers and crackers. 
    
    Jennifer Granick, a San Francisco criminal defense lawyer who has defended
    hackers, said Vranesevich was probably on safe legal ground. 
    
    "You are not obligated to report crimes that you know about -- that is not
    illegal," said Granick. "The mere publication of information that may
    assist someone in breaking the law is not itself illegal," she added. 
    
    "[Vranesevich] is hoping that by providing this information it will help
    security operators to improve their security," said Granick. "He has a
    First Amendment issue there;  he doesn't have any interest in promoting
    criminal activity. 
    
    "[These letters] show one of the problems in the way that government has
    dealt with computer security,"  she said. "They are hoping to protect
    themselves by keeping the knowledge secret instead of improving their
    systems by taking advantage of all the knowledge out there. 
    
    "It's like trying not to let the slaves read: If no one has any
    information you can keep them down,"  she said. 
    
    Vranesevich said that the emails demonstrate "how hard a time the
    government really has with the security of their systems, and tracking
    people down after they've been breached." 
    
    The author of the emails, Peter Farrell, declined to elaborate. "The
    matter has been escalated within DISA to a level above me, and I am not
    authorized to comment," he said. 
    
    Meanwhile, officials at DISA headquarters said in a statement that Farrell
    was not speaking on behalf of the agency. 
    
    "The Defense Information Systems Agency is aware of the two letters sent
    by Mr. Peter Farrell, a defense contractor employed at Defense
    Megacenter-Denver," the statement said. 
    
    Farrell's opinions are his own, the statement concluded. 
    
    
    -o-
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Repent Security Incorporated [www.repsec.com]
    



    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 12:52:33 PDT