What's New!

Chat with

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 


Meet the 
Happy Hacksters 

Help for 



It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Everything You Wanted to Know about Social Engineering -- But Were Afraid to Ask...

Another Case History of Mass Social Engineering

This campaign, among many things, tried to get me to sever ties with John Vranesevich.

First, full disclosure time. OK, kind of full disclosure time. Sheesh, I'm not telling you everything! At that time, we had a business relationship that consisted of my trading writing a weekly "Quick Tip" column in exchange for his managing the Happy Hacker mailing list. I also had signed a nondisclosure agreement with him as part of a proposal. So I anticipated the possibility of doing some money-making business with Vranesevich.

Also, let me make it clear that I actually have been tempted to go over to Martin's side. If he ever is arrested for the Hacking for Girliez crime spree, whatever journalist gets Martin's story has a good chance of becoming a millionaire. And, yes, since 1997 I have been writing a book "Hacker Wars," in which Martin plays a major role. I stand to make a great deal of money if Martin ever becomes a sufficiently major celebrity. I will make more money if Martin will give me inside information on his rise to hacker stardom.

I confess that for a long time I was able to successfully cultivate Martin, back before the Girliez' spree. That's why I say nice things about him under two of his aliases, jericho and Damien Sorder, in my book The Happy Hacker: A Guide to Mostly Harmless Computer Hacking.

However, Martin eventually asked a price for his cooperation that I was unwilling to pay.

Oh, yes, another disclosure is -- Vranesevich's story is getting to be quite interesting. It may work out that a book in which he is the star and Martin a more peripheral character could outsell any book in which Martin stars. What price might Vranesevich be asking me to pay for his inside story? If you don't want to be social engineered by me, you should be asking yourself that question.

Now, on to this next story about massive, coordinated social engineering. The catalytic event of this episode began in late June, 1999, when Ken Williams moved his Packetstorm ftp and web site from http://packetstorm.genocide2600.org to a Harvard server.

I was not surprised that he was no longer welcome at Genocide2600. I had seen the section where Williams carried anti-Catholic pornography and a photo with the address of Vranesevich's kid sister along with incitements to harm her. It also didn't surprise me when, within minutes of Vranesevich advising Harvard that they were now hosting Packetstorm on one of their servers, they removed the site. This was June 30, 1999.

What did surprise me was that the following day Elias Levy used his Bugtraq mailing list as a forum for Brian Martin (calling himself "cult hero") and the L0pht's Space Rogue to try to trick his some 40,000 subscribers. Until then, Levy had managed the list in a reasonably professional manner. This was why almost all the computer security professionals in the world subscribed to it - and why many of his readers reflexively assume that if it comes from Bugtraq, it probably is true.

More on social engineering --->

Back to the index of "Everything You Wanted to Know About Social Engineering -- But Were Afraid to Ask --->

Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Visit this group

 © 2013 Happy Hacker All rights reserved.