Everything You Wanted to Know about
Social Engineering -- But Were Afraid to Ask...
Another Case History of Mass Social Engineering
This campaign, among many things, tried to get me to sever
ties with John Vranesevich.
First, full disclosure time. OK, kind of full disclosure time.
Sheesh, I'm not telling you everything! At that time, we had
a business relationship that consisted of my trading writing
a weekly "Quick
Tip" column in exchange for his managing the Happy Hacker
mailing list. I also had signed a nondisclosure agreement with
him as part of a proposal. So I anticipated the possibility of
doing some money-making business with Vranesevich.
Also, let me make it clear that I actually have been tempted
to go over to Martin's side. If he ever is arrested for the Hacking
for Girliez crime spree, whatever journalist gets Martin's story
has a good chance of becoming a millionaire. And, yes, since
1997 I have been writing a book "Hacker Wars," in which
Martin plays a major role. I stand to make a great deal of money
if Martin ever becomes a sufficiently major celebrity. I will
make more money if Martin will give me inside information on
his rise to hacker stardom.
I confess that for a long time I was able to successfully
cultivate Martin, back before the Girliez' spree. That's why
I say nice things about him under two of his aliases, jericho
and Damien Sorder, in my book The
Happy Hacker: A Guide to Mostly Harmless Computer Hacking.
However, Martin eventually asked a price for his cooperation
that I was unwilling to pay.
Oh, yes, another disclosure is -- Vranesevich's story is getting
to be quite interesting. It may work out that a book in which
he is the star and Martin a more peripheral character could outsell
any book in which Martin stars. What price might Vranesevich
be asking me to pay for his inside story? If you don't want to
be social engineered by me, you should be asking yourself that
question.
Now, on to this next story about massive, coordinated social
engineering. The catalytic event of this episode began in late
June, 1999, when Ken Williams moved his Packetstorm ftp and web
site from http://packetstorm.genocide2600.org
to a Harvard server.
I was not surprised that he was no longer welcome at Genocide2600.
I had seen the section where Williams carried anti-Catholic pornography
and a photo with the address of Vranesevich's kid sister along
with incitements to harm her. It also didn't surprise me when,
within minutes of Vranesevich advising Harvard that they were
now hosting Packetstorm on one of their servers, they removed
the site. This was June 30, 1999.
What did surprise me was that the following day Elias Levy
used his Bugtraq mailing
list as a forum for Brian Martin (calling himself "cult
hero") and the L0pht's Space Rogue to try to trick his some
40,000 subscribers. Until then, Levy had managed the list in
a reasonably professional manner. This was why almost all the
computer security professionals in the world subscribed to it
- and why many of his readers reflexively assume that if it comes
from Bugtraq, it probably is true.
More on social engineering --->
Back to the index of "Everything You
Wanted to Know About Social Engineering -- But Were Afraid to
Ask --->
