Forwarded from: security curmudgeon <jerichoat_private> cc: Brian McWilliams <email@example.com>, Dan Verton <Dan_Vertonat_private> Several points are not clear after this hoax unfolded. I invite both Verton and McWilliams to reply to any part of this. There are several times where I quote McWilliam's regarding this event. These quotes are taken from: http://www.pc-radio.com/why.html which was posted to explain why he perpetuated this hoax. I encourage everyone to read this at some point. > Forwarded from: Dan Verton <Dan_Vertonat_private> > > Here's the story of how I got screwed. I was duped, I was had -- > call it what you will. Despite calls to the FBI and security firms > and other journalists around the world, I didn't turn up the hidden > ownership of the domain in question. I let myself get burned. > http://www.computerworld.com/printthis/2003/0,4814,78238,00.html > > By DAN VERTON > FEBRUARY 06, 2003 > In an elaborate scheme to dupe security companies and journalists, > McWilliams acknowledged last night that he purchased the domain name > last March and registered it under the name of "Abu-Mujahid of > Karachi." He also left a legitimate mirror site in place on a server According to McWilliams, he snatched up the lapsed domain for other reasons. It certainly was a big departure from my original reason for registering the domain: to gain some insight into how the Internet was being used for terrorist recruitment, and to report my findings. Your response above is cleverly worded to make it sound like McWilliam's intentions were solely to dupe journalists and security companies. > McWilliams' hoax, which he described as an effort to surreptitiously > obtain information that he might be able to turn into a good news > story, came to my attention after I reported being contacted by Abu > Mujahid. In a series of e-mails spanning several weeks, McWilliams, Once again, your wording is very poor. When asked, McWilliams said that YOU contacted him (as Abu-Mujahid), which contradicts your statement above. > a.k.a. "Mujahid," claimed responsibility for the Slammer Internet > worm late last month. Although my story noted that claims of > responsibility for Slammer couldn't be verified, I, along with > journalists in India, several computer security firms and even law > enforcement experts, didn't see through McWilliams' hoax. Which is nothing short of pathetic. Not only was the claim far fetched to begin with, the proof supplied went well beyond bogus. On top of absurd 'math' and glaring contradictions in the claim, iDefense went so far as to tell Computerworld "HUM's claim of injecting a fingerprint into the code 'does not hold water'". Despite a security company telling you their claim had no foundation, and despite you have no other validation of anything, you still went with the story without properly disclaiming yourself. > "I worked hard to make the illusion look real," he said in an e-mail > to me last night, after the hoax had been exposed. McWilliams also > expressed regret for having allowed the hoax to go so far. "But the > Internet gives those who want to spread misinformation a big > advantage. It's so easy to conceal ... the ownership of a domain." Yes, it is. Despite that, you apparently did not take note of a few facts before believing the hoax. The fact that harkatulmujahideen.org appears to be located in the US, the domain contact info provides no information or validation of who owns it, and that a simple google search would have revealed an American company took ownvership of the domain during the Pearl incident should not have escaped you. All of these facts didn't register in your mind as warnings that it may be a hoax, because you didn't bother to do what a journalist is supposed to.. a little research. Let's also not forget that you are the "Computerworld Security Expert" according to your press releases. How is it that a "security expert" can not figure out e-mail headers and traceroute? Had you done the research and discovered all of the above, I have a feeling that would not have stopped you from running those same stories. As several people have stated, you WANTED to believe. > "I've been secretly receiving lots of interesting e-mails apparently > intended for HUM," said McWilliams. "I was hoping I might get a > story out of some of the stuff that came in to the site. Most of the > messages have been from people in the Middle East who wanted to join > jihad. I've forwarded some to the FBI." This was a clever thing to include in your story. Consider that incredible lead for information dead from here on out. I'm sure the FBI are loving that since they were benefiting by a US Citizen receiving that mail and forwarding relevant mail on to the proper authorities. Later in this article you speak of McWilliams "[damaging] the effectiveness of the defensive action." Yet here you are damaging an important lead that was likely producing good intel on potential terrorists and their actions. I'm glad you see fit to trade this for a little news fodder, the whole while pointing fingers at McWilliams for using the domain for possible story leads. > As part of this scam, McWilliams contacted a journalist in India and > then defaced his own phony Web site, posting one of my earlier > e-mails as part of the defacement by a bogus hacker group. That > "hacking" was one reason that at least one security vendor, > Mi2g.com, initially considered the Web site to be genuine. First, McWilliams makes no mention of contacting a journalist in India when explaining his actions. I invite him to clarify this or for you to provide more information. Second, this is *exactly* what McWilliams proved with this hoax. A web site that has no real visible ties to anything outside the US other than random e-mail claims gets 'defaced', and mi2g is saying "this is the first significant attempt at anti- Islamic cyberwar." Even worse, mi2g continues on saying the following: In early 2003, however, the anti-Islamic backlash predicted by the mi2g Intelligence Unit is beginning to materialize. This is a significant development and we will continue to monitor the situation closely. If this doesn't define FUD, I don't know what does. According to Computerworld's Feb 05 article about the defacement, you have yourself validating the site as legitimate, and you have mi2g validating it was defaced and referencing you. Excuse me, may I remind you that you were a former "intelligence officer" and mi2g is an "information intelligence" company. Where the hell do you guys get off using these self granted titles? Neither of you had any real validation of anything, yet both ran with this as legitimate news. The fact that mi2g still has no retraction or explanation on their website should warn off anyone using their service that they are charlatans and pushing whatever crap hits their inbox as 'news'. Two charlatans validating each other is a very common practice in many industries, and one that the security industry has seen many times before (Jones/Murphy, Meinel/Vranesevich, et al). Next time I referencec this activity, I can include "Verton/mi2g" I guess. > been to uncover. He did not, however, acknowledge then that he had > registered the domain using a fictitious name. After the hoax was > revealed, the story was removed from Computerworld's Web site. By > then it had been picked up by other Web sites. Who deserve what they got. The inbreeding that goes on between supposedly reputable news sources is disgusting. The fact that they push unverified stories out the door themselves, and then turn around and swallow other outlet's stories without a question speaks wonders about the current state of industry reporting. > That authenticity unraveled late yesterday, after my story had been > posted, when members of an e-mail list that focuses on security > topics contacted Computerworld and informed me that McWilliams had > been bragging about the success of his hoax and how simple it would > have been to uncover. According to McWilliams: Contrary to some reports, I did not brag about this fact on a security mailing list. On the contrary, I find it troubling. So.. is your source questionable or you misstating facts to try to convince your readers that you were not at fault? > This isn't the first time McWilliams has relied on questionable > reporting procedures to obtain information for a story, according to > government intelligence and industry sources, who requested > anonymity. Of course they requested anonymity. This isn't the first time your sources have been called into question either, and i'm not just talking about the one above. > These sources confirmed that in September 2001, at the height of the > Nimda worm, McWilliams obtained the telephone number for conference > calls held by the National Security Council, the National Security > Agency and private companies, and listened in surreptitiously to the > conversations. He then used the information from the conference > calls in news reports he filed. Once again, I invite McWilliams to respond to these claims. While waiting for his reply, i'd love to know why he wasn't charged with various criminal law infractions if this was the case. Or were the conference calls not near as important as made to sound? > McWilliams confirmed today that he did listen in to the conference > call. But did not confirm he did so in an unethical manner? > Although the hoax this week taught me a valuable lesson about the > nature of information on the Internet, it's less clear that > McWilliams' scheme has done anything to advance the understanding of > cyberterrorism -- one of his stated reasons for conducting the hoax > in the first place. Sure it has. It has proven that you, Computerworld and companies like mi2g will do anything to perpetuate the idea/myth/desire for "cyberterrorism" despite the lack of documented cases proving it even exists. I'll close with the following quote from McWilliam's explanation: As my bungled experiment proved, even Verton -- whose book about teenage hackers claims he is "one of the leading technology journalists in the country" -- can apparently be fooled by fake e-mails, phony web sites, and wild claims, in a desire to get a big scoop on a hot topic. - ISN is currently hosted by Attrition.org To unsubscribe email majordomoat_private with 'unsubscribe isn' in the BODY of the mail.
This archive was generated by hypermail 2b30 : Mon Feb 10 2003 - 03:05:21 PST