Re: 'Hacker' security biz built on FBI snitches

[InfoSec News <isn () c4i org>]

Forwarded from: Aj Effin Reznor <aj () reznor com>

William/All.  While these articles may be timely, they're highly
inaccurate.  Mr. Greene all but admits to publishing little more than
rumour and crap with no fact checking or basis in reality.

I would hope that bile of this nature does not pollute what is perhaps
one of the few non-corporate security mailing lists left today.


"InfoSec News was known to say....."

> On Monday I reported a speech by Gweeds at H2K2, in which the grand
> hypocrisy of hackers weaseling their way from the scene to the
> mainstream by forming security outfits was denounced very nicely. A
> torrent of e-mail denouncing him soon followed, some of which I've
> posted here.

Posted unattributed.  Perhaps in the future showing the author of a
given mail may make it worth a little more; carry more weight or
legitmacy. It can be assumed that since things like "facts" can easily
errode all of this series of articles, Mr. Greene may find it in his
best interest to not actually mention where anything came from.


> Even I was attacked merely for reporting what he'd said. Suffice it
> to

Lest we go from reporting with integrity to tabloid journalism,
reporting what someone said should be maybe replaced with fact
checking.  Reporting rumours is hardly newsworthy.


> He also named names in the speech, in particular ISS, L0pht/@Stake
> and Sir Dystic, three prime examples of energetic blackhat pimping
> for venture capital and cushy jobs, Gweeds believes. In particular,
> he

I don't see Sir Dystic having made a fortune off of Back Orifice, what
may be his most well-known application to date.  I see him behaving
rather responsibly to the newfound attention it garnered him.  Were he
writing for a techy-based news site, he'd probably also check for the
reality behind statements issued to him, unlike *some* people that
come to mind.


> expressed a suspicion that L0pht/@Stake was somehow connected to
> NIPC (the National Infrastructure Protection Center), which may have
> helped the h4x0r glam rockers gain credibility and rise in profile
> among influential members of the federal bureaucracy. This
> connection also helped get Mudge a high-profile hacker-hysteria FUD
> session before Congress, he suspects.

Sure, he *suspects* it.  Clever to just tag that on to the end.  He
may also *suspect* that aliens live under the White House and that Al
Gore created the Internet.  Suspicion of ideas does three things:  
Jack.  Shit. Produce salivation in marginal journalists.


> On Monday, when I posted the first item in this series, I didn't
> know personally if the speech was punctiliously accurate, but it
> absolutely rang true to me. All too true.

It rang true?  Then you believe the content regardless of accuracy? It
only rang loudly, because someone who admits sociopathic tendcies
decided to stand in front of acrowded room and make alarming
accusations.

Pop sensationalism is the fix, and Mr. Greene behaved like a junkie.

 
> Surely no one imagined that I wouldn't dig deeper into this
> deliciously nasty confluence of FUD, favors and venture capital
> flowing between the blackhat community and the Feds, with the cons
> serving as a handy, mediating conduit.

No, I'd fully imagine (and expect) that you wouldn't do a damn thing
unless required to.

 
> And indeed, Gweeds appears to have hit on a number of dirty little
> secrets, though with a few minor inaccuracies, none of which is
> sufficient to undermine his basic thesis. There does indeed appear
> to be a circle jerk between commercialized blackhat sellouts and the
> Feds; and the cons do appear, perhaps inadvertently, to provide the

If Mr. Greene has not noticed yet, many companies, esp. those focusing
on security, in particular computer/network/internet security, are
commonly contacted by the Feds for a variety of reasons.  Can we
expect l0pht to sellout into something as high-profile as @stake and
NOT talk to Feds?


> venue and privacy needed for such liaisons. And finally, there does
> seem to be a significant amount of snitching for favors and 'trust'
> building going on between the two 'communities', a la the despised
> JP model.

Care to share?  I haven't seen anything yet beyond suggestion and
speculation.


> Flamboyant anti-establishment gestures and costumes do not a
> blackhat make. Your friendly neighborhood hacker turned young
> security businessman may well be looking to 'develop' your exploit,
> hack out a patch and pimp for proppies on BugTraq, and then rat you
> out to the Feds for gain and favor. This is how it works:

I'm not even sure what is attempted to be said here.


> Soon after I posted my report Monday, @Stake's Chris Wysopal (aka
> Weld Pond) vehemently denied any connection with NIPC to me in an
> e-mail exchange. He further insisted that I 'correct' the
> inaccuracies in Gweeds' statements. I explained that it wasn't
> proper for me to edit someone else's words, or even to express
> doubt, unless I believed or at least suspected that the statements
> were inaccurate. In this case I didn't.

Of course not!  Stated earlier it "rang true" to you, and was
everything you were looking for.  When blindly following the cult
leader, disciples rarely stop to check references along the way.


> "I am not going to write a 'point of view' piece that is parallel to
> an article that leads the reader to believe that patent falsehoods
> are true. Letters to the editor are much different than qualifying
> statements where they stand or issuing an errata," he replied.  
> "[Several] statements by Gweeds are false. They were spoken by a man
> with an agenda. You have become his FUD platform."
>
> Me, a FUD platform -- right. There's a definite pot/kettle equation
> in play here, as we'll see.

No, not really.  Weld has always been something of a straight shooter.
I don't see Mr. Greene shooting straight here at all.


> And that is strictly correct, though not entirely true. NIPC is not
> where L0pht's Fed relationship was developed. But according to
> documents I've received, L0pht did have a relationship with FBI
> Special Agent Dan Romando, or 'dann0' as they called him, a Boston
> agent with a cybercrime-enforcement background. Our dann0 was an old
> friend of Mudge's from high school; and our dann0 had also been an
> intern in Senator Thompson's office before joining the FBI.

Shocking news, Mr. Greene.  It's typical for Federal agents to
approach workers in the security industry.  Why?  Typically, they know
more.  They have a better feel for the pulse of what's really
happening.  We aren't shielded by layers of firewalls or on protected
networks.  Many of us are hanging out in the wind, taking hits,
watching what happens.

It should be of little news *to anyone with a clue* that Feds and
private sector rub elbows.  Call it knowledge transfer, if you'd like,
but many of us in the private sector are happy to share conceptual
knowledge with a goverment that really needs help.  If our gov gets
spanked, the whole nation gets spanked.


> If you want to know how L0pht got an invitation to testify "at the
> request of Senator Thompson," you'll find Agent Romando's hand all
> over that one. Ditto for Mudge's famous meeting with then-President
> Bill Clinton.

Any documentation to share this one, or is the shot in the dark?


> And why did dann0 Romando bother to help the L0pht cyber-ninjas gain
> national fame? Was it out of friendly loyalty?

It's been known to happen.


> I wish it were. I have evidence indicating that L0pht members served
> as confidential FBI informants and actively solicited dirt on fellow
> blackhats. I have evidence indicating that they've offered to pay
> cash for such information. And they name dann0 Romando specifically
> as their FBI handler. That's right, those anti-establishment
> pop-underground h4x0r heroes have at least attempted, probably with
> success, to rat out their friends and enemies in service of good
> relations with the FBI.

Put up or shut up.

 
> When a guy like Mudge addresses a gaggle of naive,
> technically-illiterate Congressmen, claiming to be able to break
> into any network on Earth, only a fool will imagine that the
> consequence will be anything other than more Draconian laws. That's
> how Congress

No, the claim was that they could take down the entire Internet.  
Even a gaggle of naive, technically-illiterate journalists could
recognize the difference between compromising any machine or network
and taking the Internet itself into non-existance.

I see that history, not facts and conjecture, but document history,
cannot even be reflected properly by the funhouse mirror that is Mr.
Greene.

> And Wysopal calls me a FUD platform....

Hint:  You are.

 
> 'Sploits for me, jail for you

The Sploits rock!  Ever seen them play live?

 
> Since you really don't have any skillz worth mentioning, no
> background in computer science, no military cryptography training,
> you'll have to learn to talk the talk. Outrageous clothes and
> piercings (preferably from a nail gun), blue hair and bad skin
> freely exhibited at cons are a big plus here. Journalists love this
> kind of shit and will usually assign you a high, imaginary threat
> level. Teenagers will too.

Funny, sounds like you are describing Gweeds, your own pipeline to
unfounded claims.

 
> Develop relationships with members of the real blackhat underground.  
> Hit them up for kewl new 'sploits they're using. Maybe pay cash for
> them; maybe barter for them with other kewl 'sploits or illegal gear
> you're cobbling up in your basement, like pager monitoring devices,
> say.

Once upon a time pager monitoring devices were legal.  Point is moot.


> "Russ Cooper, who publishes the NTBugtraq newsletter exposing
> security risks in Microsoft products, called the group "eight
> brilliant geniuses."

What, pray tell, has Mr. Greene himself done?  Clearly ignorant to the
field of Information Technology Security, we can safely establish that
he wouldn't recognize genius if he liberally skewered it.  Also taking
for granted the words of a virtual unknown (whom Mr. Greene himself is
"pimping" as a fount of knowledge) seems to be propagating the very
cycle he is trying to establish as bad.  Bad reporter, bad!  No
exclusive for you!

 
> Go in front of Congress every chance you get: remind them of how
> scared they should be. Tell them that the Internet is about to be

If you aren't scared, you're either ignorant, or blind, or dumb, or...
a journo.  But I repeat myself.  (Apologies to Mark Twain.)


To those of you that read this far...HI!  Seriously, I don't enjoy
ranting like this, people.  But the sad truth is that, as with other
FUD, there are people out there believing it.  Some, I'm sure, on this
list.


-aj.



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.