[ISN] Open letter to hacking community (from Penenberg/Forbes)

From: mea culpa (jerichoat_private)
Date: Mon Feb 08 1999 - 15:59:30 PST

  • Next message: mea culpa: "[ISN] AF Cadet Charged with Hacking"

    From: Adam Penenberg <apenenbergat_private>
    Feb. 8, 1999
    Open letter to the hacking community:
    Last week, Steve Silberman of Wired News called to tell me he and I and
    some other journalists had been duped by a psuedo-hacker named Christian
    Valor, AKA se7en. In April 1998, IĘd posted a piece on the Forbes Digital
    Tool web site about ValorĘs kiddie porn vigilantism and the fact that law
    enforcement knew what he was doing, but turned a blind eye. Cool story.
    Too bad it turned out not to be true. 
    I was certainly in good company. Steve also had written about ValorĘs
    exploits, as had Newsday, the Independent in London, etc. Both Steve and I
    received letters from se7en's ex-girlfriend simultaneously last week, but
    Steve got on to the story first. I was out of town. Sad to say, he and I
    were the only ones to respond to her letter. I told Steve I wouldn't post
    anything until his story hit. (See "Kid-Porn Vigilante Hacked Media
    I can't comment on how the Steve or the Independent or Newsday conducted
    their research, but I would like to share with all of you how I did mine,
    and what went wrong. IĘm sure there are lessons to be learned. 
    As you may or may not know, I am no stranger to taking on journalists I
    think have concocted stories out of thin air. I broke the Stephen Glass
    story, the associate editor of The New Republic who made up a story on
    hackers and was later discovered to have made up some three dozen stories
    for a number of well-known publications (See "Lies, damn lies and
    fiction": http://www.forbes.com/tool/html/98/may/0511/otw3.htm). I also
    took on Beth Piskora of The New York Post, who I believe made up a sexy
    tech story on Organized Crime setting up phony companies for Y2K
    remediation, who then, she claims, inserted software to divert money from
    bank accounts (read: clients) to mob-controlled accounts. (See "Phantom
    mobsters": http://www.forbes.com/tool/html/98/aug/0828/feat.htm). This
    canard was picked up by Vanity Fair in a recent feature on Y2K. Vanity
    Fair has yet to admit it published a lie.
    I hate it when you nail a journalist and instead of coming clean, he or
    she hides. This is what both Glass and Piskora have done. That's why IĘm
    writing this note. 
    For my story (Kiddie porn vigilante: 
    http://www.forbes.com/tool/html/98/apr/0417/feat.htm) I knew I couldnĘt
    get on IRC and traffic in kiddie porn on a Forbes computer. You remember
    what happened to that journalist for NPR who did, and is now had to plead
    guilty to a felony all because he was ostensibly researching a story? So I
    relied on law enforcement, EHAP, and NAMBLA. I called literally 10 law
    enforcement officials who said they studied under Valor in one of his
    security courses. On the record, they would all vouch for se7enĘs hacking
    skills. Off the record, they all said they knew what he was doing but they
    didn't care. Everyone hates kiddie porn traffickers. 
    I also talked to EHAP, and they told me they were distressed by se7enĘs
    actions, because it gave hackers a bad name. Se7en should turn them over
    to the cops or the ISPs, they said, not break the law in going after them. 
    They didnĘt say he was a fraud.
    I also contacted NAMBLA through its web site. I asked if anyone knew a
    hacker named se7en, who was purportedly going after kiddie porn
    traffickers on IRC. I received a cryptic response, something along the
    lines of, "Yes, some of our members have been complaining about this guy. 
    We just want to be left alone." End of conversation. He refused to turn
    over any other details. 
    So I felt confident that with all this cross-checking that Valor was who
    he said he was. Obviously, I made a mistake. I think the most important
    lesson I learned is that law enforcement doesnĘt have a clue what really
    goes on in hacking circles; they are not good sources for this. I also now
    wonĘt write a hacking story unless I can meet the hacker face-to-face and
    actually see evidence that I can then verify with other hackersĮor
    computer security experts I trust. This is how I approached my story for
    Forbes magazine on the NY Times hack that ran last fall (available online
    at: (http://www.forbes.com/forbes/98/1116/6211132a.htm).
    If you want to send me taunting email, telling me what a fool I was, feel
    free. IĘm at apenenbergat_private But you canĘt possibly be harder on me
    than IĘve been on myself this past week. You live, you learn. 
    Adam Penenberg
    Senior Editor, Forbes Magazine
    Subscribe: mail majordomoat_private with "subscribe isn".
    Today's ISN Sponsor: Internet Security Institute [www.isi-sec.com]

    This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:18:24 PDT