From: technews <technews@ou.edu>
To: "'it-fyi@listserv.ou.edu'" <it-fyi@lists.ou.edu>
Subject: it-fyi: Tracker of Hackers Goes From Friend to Foe (NY Times on
Date: Fri, 8 Oct 1999 08:44:44 -0500
October 8, 1999
Tracker of Hackers Goes From Friend to Foe
By MATT RICHTEL
When malicious hackers broke into Pentagon computers in March of last year,
one of them contacted John Vranesevich to offer him an exclusive interview.
For Vranesevich, the 20-year-old founder of a hacker news Web site called
AntiOnline (http://www.antionline.com), the event marked the apex of his
relationship with the hacker underground.
It has been downhill ever since. Once the confidant of computer hackers,
Vranesevich is now their sworn enemy.
He is marketing his services to companies seeking ways to protect their
systems from hackers, and even the FBI is turning to him for assistance. At
the same time, an influential group of hackers is accusing Vranesevich of
turning on them and betraying their confidence. They also say he has
secretly promoted illegal hacking attempts himself.
Vranesevich says his Web site, which now focuses on general computer
security issues, is attacked hundreds of times a day by hackers. But he says
he understands why hackers are coming after him -- and to an extent, he sees
the attacks as a badge of honor.
"I'm a threat to them," he said. "I am trying to put a stop to the
maliciousness they've gotten away with for years."
The hackers' reversal stems from Vranesevich's decision last year to go from
heralding hacker exploits to hunting hackers. Some of the same techniques he
once used to follow and publicize the attacks of hackers -- and that wound
up getting him quoted as a "hacker expert" in dozens of newspaper articles
-- he now uses to explain their methods to government and corporate security
personnel.
Vranesevich says his about-face came because he decided computer hackers,
who say they are exposing security flaws for the sake of a greater good, are
really just petty vandals. But some hackers say he sensationalized their
exploits to begin with, then turned on the very hackers who helped him
understand their ways and create a thriving Web site.
"One day he was friends with all these people breaking into .mil [military]
sites, and the next his stated objective is to hunt these people down," said
Jeff Moss, organizer of the annual Defcon hacker convention and the Black
Hat Briefings, a corporate and government security conference. "I guess he's
gotten where he wants to be."
Vranesevich has come a long way in a short time. At the age of 20 he has
established a Web site that has made quite a name for itself in hacker and
security circles and has attracted an undisclosed amount of venture capital
financing from a Cleveland-based company called Darice Inc. The Web site
boasts advertising revenue from mainstream sources like Microsoft and
Verisign.
Vranesevich's interest in computers and networking dates back to his early
childhood in Beaver, Pa., north of Pittsburgh. He started AntiOnline while
he was in junior high to convey the things he was learning about computing
and network security, and it grew from there. Vranesevich said that in high
school, he helped expand the school district's computer network from 6 to
600 computers.
He enrolled at the University of Pittsburgh in the fall of 1997 and
continued to make a name for himself -- but not necessarily a positive one
in the eyes of the university's administration. In fact, they tried to boot
him out for hosting the AntiOnline site on the school's network, calling it
an inappropriate use of computer resources.
The university allowed the site to go back up following media reports of the
event. There was also an outcry from hackers -- both the malicious variety
and those just interested in messing with computers -- who sent e-mail to
the university saying it had shut down a valuable resource. A symbiotic
relationship between hackers and Vranesevich was born.
The AntiOnline site became a place where hackers could explain their
motivations, voice their opinions, even brag about their exploits.
Vranesevich also spent time in the Internet chat rooms frequented by hackers
and gained their trust. For Vranesevich, the relationship brought traffic to
the site and intensifying media coverage.
Vranesevich started changing his mind about hackers in September 1998. He
learned that a California hacker had promised to sell information about how
to navigate United States military networks to an alleged terrorist.
(Vranesevich said he learned this from the hacker's mother, who called him
the night her son was raided by the FBI.)
Vranesevich said he once thought that hackers were somehow patriotic in
their efforts to expose security holes, but he became convinced they were
malicious and selfish.
"I guess I became disillusioned," he said, referring to the deal made by the
California hacker. "He had done the most eloquent manifestos [of hacker
ideals], then here he is selling maps to someone claiming to be a
terrorist."
The new Vranesevich started to help government officials find people accused
of malicious hacking. He said he turned over information to the FBI that led
it to raid the home of a hacker named Brian Martin in connection with an
attack on The New York Times' Web site in September 1998. Martin
acknowledges that his home was raided by the FBI several months later, but
he was never arrested or charged, and he denies involvement in the attack.
But some hackers have a different theory about Vranesevich's motivations.
They suggest that he used hackers to make a name for himself, then abandoned
them -- or, they suggest, he felt pressure from government authorities to
turn his back on them.
Martin, who admits to some malicious hacking in his past but says he has
been an above-board security consultant for years, is a member of
Attrition.org (http://www.attrition.org.com), a hacker group that has
spearheaded an effort to discredit Vranesevich. The group has posted e-mail
messages on its Web site that it says demonstrate that Vranesevich has made
false statements about hackers. The group also says that Vranesevich paid a
hacker to break into the Web site of the United States Senate so that
AntiOnline could be the first to report it -- an accusation Vranesevich
denies.
"The problem is, if any single security professional reads his site and puts
credence in his accusations, then it affects not only our reputation, but
our ability to work," Martin said. He added that Vranesevich, because of his
alleged dealings with hackers, is guilty of the same misdeeds he has been
ascribing to Martin's group.
Martin and other members of Attrition.org contend that Vranesevich himself
has been the subject of an FBI investigation.
Special Agent Jim Margolin of the FBI said the agency does not comment on
whether it has investigated someone in the past. "But we continue to consult
with Mr. Vranesevich, and that should say something about our assessment of
his bona fides," he said.
Wherever the truth lies, Vranesevich now has little standing among hackers.
At the Defcon convention in Las Vegas in July, a "Wanted" poster circulated
bearing Vranesevich's picture and calling him a "narc."
Meanwhile, though, his site continues to grow, albeit with a new
constituency. Vranesevich runs it out of a rented three-room office space in
Beaver, and said it gets "hundreds of thousands" of visitors each month. He
has one full-time employee, paid and unpaid freelancers, and eight informers
who keep him up to date on hacker activity.
Among the site's users are research firms who are putting faith in
Vranesevich to help them understand computer security. For example, he is
working with Klein Associates, a consulting firm near Dayton Ohio, that
advises companies on decision-making techniques.
"He has a tremendous amount of knowledge in areas of security and hacking,"
said Terry Stanard, a research associate with Klein. "He's really impressive
once you get to know him and talk to him."
Vranesevich said he is still keeping a keen eye on hackers. He and his one
full-time employee lurk in hacker chat rooms under assumed names, looking to
profile hackers and their motivations and methods. He said the way to catch
hackers is to understand them as individuals and as a group, not necessarily
to comb through evidence left on their computers.
"I don't want to be an expert in the gun; I want to be an expert in the
people who pull the trigger," Vranesevich said.
To make matters more complicated, the hackers are aiming at him.