It Sucks to Be Me!
Mark Peterson, who
claims to be the first person in history caught for committing
computer crime, finally posted his "exploit" to Bugtraq.Click here for
the response he got.
here for Peterson's latest (Dec. 22) stories about why I (Carolyn
Meinel) have to publicly claim that I believe everything he says.
Why don't these types just bother people on IRC with their bragging?
From: "M Peterson"
To: "'Carolyn Meinel'"
Subject: Actual Malice?
Date: Thu, 18 Dec 2003 20:40:04 -0600
Carolyn, you do know that by
not confirming any of the information I have given you (Freedom
of Information Act), 3rd-party independent consultants that you
have shown actual intent and actual malice and flagrant disregard
for the truth in order to discredit me?
This guy doesn't have a clue of what he is talking about. He
says I could use the Freedom of Information Act to obtain records
of what he implies
is his arrest as a juvenile,
a getting "caught" that he says is the first computer
crime for which someone got "caught" in history.
he has to do to prove he was arrested is send me a copy of the
paperwork. This he has not done.
can't use the Freedom of Information Act (FOIA) because the US
Privacy Act forbids release of Federal government documents on
individuals unless the affected individual provides a signed,
notarized statement and provides copies of identifying material
such as a driver's license. Most importantly, the law protects
juvenile records from public disclosure.
really funny thing. Everyone Mr. Peterson told me to contact
for verification of one thing or another has told me they couldn't
verify his allegations.
Also, I warned
Peterson that if he kept it up, I'd post his correspondence on
"It sucks to be me." I gave him four weeks to simmer
down and apologize for his harassment of me, but all he has done
is get increasingly threatening and obnoxious.
An apology would be nice
I actually did get caught by the Source using (ME:STZ089) by
(SYSOP:STC007) these were the actual accounts and can be verified
and subpoenaed if needed. The FBI investigated on behalf of The
Source for the sum of $4000.00 of online time. The charge the
FBI used was a statute on the books from the days of Telegraph
Fraud the only thing they had. It was called Fraud-by-Wire
because data was being transmitted across Interstate Lines with
a Fixed-Dollar amount attached to it - there was no precedence
or statute for what I was doing. Although I was not the very
first hacker, I may have been the first one who actually wanted
to get caught because he did not like seeing new hackers
beginning to destroy systems and wanted a way out.
Peterson is the first person ever who has demanded that I call
him a criminal. Normally a person would get really upset, and
have reason to sue, if I were to publicly claim that he or she
had been arrested for computer crime without any evidence that
it was true. That's one reason I'm not claiming that Peterson
is an arrested, perhaps convicted criminal. I have no evidence
that this ever happened.
I am sorry you chose not to ignore my typos and continue to use
actual malice in not verifying any of the information I gave
you independently. You have instead chosen a path of a personal
vendetta on a public forum to discredit me (my real name is actually
I came to your consulting firm in good faith as a potential client
(privately). You called me a pathological liar, when all I was
doing was trying to tell you the truth.
I apologize for calling you ignorant for not understanding the
3rd-party vulnerabilities I was trying to tell you about
but then again, you called me a liar and didnt give me
a chance to be nice to you.
I waited through many emails for this Peterson character to correct
his whoppers, and all he has done is send more whoppers. He
said that in 1982 he broke into NIPRnet, the unclassified Pentagon network.
When I told him NIPRnet wasn't created until 1995, Peterson emailed
back saying, OK,
then he broke into MILnet
He got closer that time, but MILnet was not created until 1984.
These were not "typos."
This email can be used in the trial. For it is the truth.
I cannot help it if I may have been the very first computer hacker
caught by the FBI and chose to remain hidden all these years.
Who else is claiming the first pole position? Anyone?
man in the U.S. convicted of computer crime was Capt. Zap --
Ian Murphy. This is well documented. The Symantec antivirus/computer
security company web site has a history of computer crime that documents this. If Peterson is unfairly
left out of this history, he can present his documentation to
You have caused me a lot of unnecessary emotional distress by
your actions. All I wanted was someone to tell me yes, thats
a vulnerability (I did not mean it was an exploit). In theory
I thought to prove that a new browser window can be called from
a compromised .JS webservice provider. It has been confirmed
that yes it can be done, and yes it is
a vulnerability by 3 independent security firms, that I chose
to ask privately.
This is so
typically Peterson. First he gives me contacts in two computer
security firms who supposedly confirmed his vulnerability. They
both denied it. Now he says he has three secret firms that have
supposedly confirmed it. Am I am being cruel to Peterson in refusing
to endorse the existence of his vulnerability without him providing
a proof of concept code I could use to test it myself. Sheesh!
Do you realize that you publicly agreed that there is a Man-in-the-Middle
vulnerability for Online Banks on the Internet? Bingo! Now how
many people in normal-land realize that?
exploits against banks have been in the news for many years.
See, for example:
All I question
is whether Peterson has discovered a new man-in-the-middle attack.
It sounds to me like all he has is the idea of a computer criminal
changing the code on a third-party server feeding into the bank's
web site to pop up a window saying "gimme your back account
info." This would work for about five seconds because someone
would notice this funny popup and take the computer that was
broken into offline. Breaking into a computer associated with
a web site is hardly a new concept. Back in 2001, Fuzzi Bunni
defaced Securityfocus.com by breaking into the ad server for
its web site and running an insulting banner.
really has something new, the decent thing would be to provide
proof of concept code to a laboratory that can test it such as
the U.S. government CERT center,
so the computer security industry can come up with a way to defend
against it. If Peterson is for once telling the truth that he
has submitted his vulonerability to three computer security firms
that have verified it, yet they are keeping it secret, what are
we supposed to think? That he and they are gearing up to commit
crime against banks? If Peterson has only legal intentions for
his exploit, he will submit it to CERT and they will put out
an alert and online banks will take measures to defend against
Peterson's exploit. He has no business harassing me to pretend
that I have verified his exploit!
Thats all I was trying
to get you to see
I was right in front of it, setting banks
up with the technology and did not realize the basics of the
vulnerability of allowing 3rd-party services to run on a secure
server. Its all I was getting at.
About the court trial: My father and brother will testify under
oath that the FBI talked with me on behalf of The Source. The
Freedom of Information Act will exonerate me as well.
wrote on this site that I have verified that an FBI agent had
*talked* with Peterson.
This is not the same as getting "caught," as Peterson
Not the same as a "court trial."
The FBI are in the background
on all this. I gave you the information you needed to find out
that I am a real true human being with all the emotions, strengths,
weaknesses and frailities of a live human being and with what
I hoped was proof of a weakpoint in the basic structure of Online
Websites. I have written and signed depositions from 2 lawfirms
in New Zealand that I was never fired and voluntarily left to
go start a charity (the one I gave you).
has admitted that his boss tried to fire him. Then he left, and Peterson
sued his employer over his reasons for leaving. Sounds like he
got fired to me.
If a lawsuit is what will be needed for you to publicly apologize
for possibly damaging a young man who left his life and loved
one behind in NZ to tell the FBI and the Online Community about
an overlooked backdoor without having an injunction placed on
him in New Zealand then so beit.
I leave it up to you to consider whether this email constitutes
harrassment or a real attempt at trying to right a terrible wrong.
PS> Can you fathom any reason why the FBI would visit a juvenile
in the first place? Your placing your bets on the wrong horse
if you dont think they visited me for breaking into computer
all on a c-64 with a manual-dial-it-yourself $49.00
From: "M Peterson"
To: "'Carolyn Meinel'"
Subject: About your website
Date: Wed, 17 Dec 2003 15:57:15 -0600
You were sent emails correcting the libelous statements you have
placed on your webpage of http://www.happyhacker.org/sucks
not fired, I settled an employment greivance. Mr. Ottaway attempted
to find a way to fire me in an attempt at circumventing sensitive
NZ employment laws. I have sent emails to you in order to clarify
your understanding on my emails intent to disseminate this
information correctly to you with no typos or misunderstandings.
I settled an employment grievance lawsuit. I was not fired. Please
correct your website.
Sounds to me like Peterson just now said he got fired but managed
to do it in some complicated way that he feels makes it somehow
not quite the same as fired.
I was investigated by the FBI
in the early 80s for computer hacking. Your website is
falsely presuming this event did not occur. Please correct this
flagrant disregard for US laws on defamation of characters before
legal action is taken.
an agent knock at Peterson's door [this incident verified by
the FBI] does not seem to me to be a good fit to Peterson's claim
of being "caught by the FBI." It cerrtainly doesn't
impress me as fitting his claim of being nailed for "Fraud-by-wire."
I have a theory on how to backdoor
a website and your statements are misleading on the accuracy
of this theory. You originally stated that this could not be
That is totally
false. I have repeatedly requested proof of concept code from
Peterson so I and others can test his alleged exploit. Peterson
has repeatedly refused to provide it. He's been demanding that
I publicly endorse his secret exploit as being something that
works. Well, duh, I don't let people intimidate me into lying
on their behalf. It definitely sucks to be me when I get accosted
by someone like Peterson.
I will need a public apology
for your flagrant disregard for the truth to be placed in its
position or I will sue you for libel. You have 24 hours to comply
before legal proceedings begin.
not get me convicted of libel if I am telling the truth. He also
can't get a judge to convict me for giving my opinion. If he
can find a lawyer foolish enough to bring a lawsuit against me
for libel, the judge will discipline the lawyer for taking an
obvioulsy phony case and force Peterson to pay all my court costs.
I also have a good chance of winning a judgement against Peterson
The last person
who threatened to sue me for libel was none other than Kevin
Mitnick. Of course he never did. Click here to read the
about Peterson's secret scheme to steal account information from
gazillions of banks --->>
"It Sucks to be Me" --->>
Tired of reading about people that want to be computer criminals
or are just plain malicious? To read about hackers who
use their skills to make the world a better place, click
here for "Have a Great Life."