Slashdot Mirror
Packet Storm Security site closed down
krp writes "The well known and regarded security softare and information site Packet Storm Security has been closed down by Harvard, who hosted the site, becuase of claims from John Vranesevich, of www.AntiOnline.com, about libellous material. The site will not re-open and backups will be destoryed. Ken Williams explains here and here - this guy put a lot of work into that site. "
Here is the direct link to Antionline editorial on the subject:a cketstorm.html
http://www.antionline.com/archives/editorials/p
If anitonline's statements are correct, Ken Williams is no saint who was needlessly attacked. I am not saying antionline is a saint either, but it does look like there are two sides to this story.
Apparently for some time now, PacketStorm Security, a popular underground collection of security related tools and information, has been maintaining a vast archive of materials about AntiOnline. These materials included entire stories, copies of the weekly mailbag, e-mails, and other materials copyrighted by AntiOnline LLP.
On top of that, and what was far more serious, the site contained dozens and dozens of pages of libelous, harassing, and threatening items which included: e-mails, messages, documents, images, and even public surveys. These materials were libelous, and in some cases, were blatant threats against members of my immediate family, myself, and my company.
While I value the right to free speech as much, if not more, than the average American, I do not believe in individuals posting threatening and harassing documents about another individual, and their family members. It was for this reason, and no other, that I contacted Harvard University, which was hosting the PacketStorm Website, and requested that it be shut down. I did not threaten legal action, but simply directed University Administration to the website, for them to view, and to judge, on their own. Below is a copy of that letter:
Greetings:
May I first say that I did my best to see that this letter got sent to the appropriate individuals. I had some difficulty determining who those individuals may be, so if I have made an error, I would greatly appreciate it if you would forward this letter on to the appropriate individual(s).
My name is John Vranesevich, and I am the Founder and General Partner of AntiOnline LLP, a computer security company based outside of Pittsburgh, PA.
Earlier today, one of my colleagues forwarded me the following URL:
http://packetstorm.harvard.edu/jp/
Needless to say, I was shocked and outraged at what I saw. This page contains a large archive of libelous and, to put it bluntly, sick material. Everything from archives of copyrighted material from our website, to altered pictures of my family, to 'stories' about me which contain images ranging from people engaged in homosexual activities, to a nun that appears to be covered in seminal fluid.
I am astounded that an institution as prestigious Harvard would be party to the dissemination of this type of material. It is my hope that the University Administration was unaware of this site, and now that it has been brought to their attention, it is my hope that it will be dealt with promptly.
I have worked to help several educational institutions develop 'Acceptable Use Policies', and if Harvard is similar to them, the above URL would be a clear violation of that policy.
It is my hope that the above mentioned domain will be shut down immediately, and that the individual responsible will be seriously reprimanded.
I hope to hear from you soon about this matter, and what you may have done regarding it.
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline
Tonight, Ken Williams, the founder of Packet Storm Security, released a letter to the public. The letter read in part:
Funny how I spent the past few years donating my time, literally thousands of hours, to "the security community", never making even a penny off the time and work I invested, and have now lost it all because some asshole named John Vranesevich is able to make a quick phone call, fabricate absurd stories about criminal activity and bullshit I never did, and effectively ruin years of work, my education, my career, my life.
Ken, I know what it's like to dedicate many, many, thankless hours into a project, believe me. But, you did not loose your site because of me, you lost it because of you. I could not stand by and watch your site be used as a platform to harass and threaten my family, myself, and the business which I have worked hard to start. While you, and others who 'follow you' may criticize me for what I did, I think everyone that's reading this, who has family members that they love, and a career that they enjoy, will admit to themselves that if in my shoes, they would have done at least the same. I hold absolutely no grudge towards you as a person, and I hope that you have the best of success in all that you do.
Due to the types of threats that I have been receiving, and that sites like PacketStorm have been propagating, local law enforcement agencies were put on alert, and began doing extensive extra patrolling of the residence of my family members, my own residence, and the AntiOnline Offices. I realize that the actions that I have taken against PacketStorm may greatly increase the immediate threat against my family, myself, and my company; and that the harassment will now only get worse. However, I will not allow my family, myself, nor my company to become a victim. I am standing my ground, and will continue AntiOnline's mission of putting an end to malicious hackers.
People in this country have the right to say and do whatever they please, unless that is, what they say and do infringes on the rights of another - anonymous.
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline
Basically, he sucks. He just does this stuff to get attention, like some little kid having a spaz at the supermarket. Hell, all you have to do is read his site to realize that the guy's not quite right in the head (egomania, anyone?).
Anyway, the best way to handle a guy like this is to ignore him.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
I wonder if that could really be JP himself just trying to get another enemy in trouble for making death threats?
Posted by Ungrounded Lightning Rod:
He was not a Harvard student, but a student
at another university. According to his
postings, a Harvard sysadmin had offered to
host his security website - and he kept the
only copies of his class notes from the other
school's classes, his website, and the related
data on this Harvard machine - trusting them
to back it up for him and keep it available.
Oops.
Someone called, threatened to sue and whoever was on the phone probably freaked out and pulled the plug.
What JP doesn't realize is that eventually, this sort of behaviour will chase all his potential viewers away. Without traffic, his VC-funded site will go down the tubes and all will be well again.
The best thing to do is to just ignore him and his site and stop visiting.
Werd.
Looks like the router loop is fixed, but now his web server is dead. Last good hop is antionline-gw.cust.stargate.net.
I am not a lawyer, nor do I play one on TV, however:
That's a good point. Unless or until a libel suit is decided in court, it's only an allegation. In any event, Harvard is within their rights to take the site down (they may even be legally obligated to do so). But they do not have a right to destroy the data. Simply hosting the site and making the backups as a favor does not entitle them to destroy the data, they may only demand that he come pick it up within a reasonable time.
This is not unlike storing another persons physical posessions as a favor.
The official response from Harvard (found at www.hackernews.com):
=======================
* S T A T E M E N T *
As a service to the Internet community, Harvard agreed to
host a Packet Storm Security Website for security-related
materials only. Without Harvard's knowledge, unrelated
content was put on the Harvard server, including
sexually-related material and personal attacks on an
individual not affiliated with the University. A Harvard
administrative site focused on security issues is not the forum
for this type of material. We are returning the
content on the site and hope that Packet Storm will make
its security tools available through its own Website.
Joe Wrinn
Director
Office of News and Public Affairs
Joe Wrinn
Director, Harvard News Office
1350 Massachusetts Ave., Rm. 1060
Cambridge, MA 02138
The cypherpunks have been working on "non-erasable Internet space" for some time now. They call them "Eternity servers" and they already have some working prototypes running. If you would like to see a world where it is mathematically impossible to censor someone's web pages (without taking down the whole 'Net), then visit some of the following sites, and/or subscribe to the cypherpunks list and pitch in!
http://www.attrition.org/negation/
Moderators: I don't beg for upping of my posts scores, but I think its important for everyone to see JP for who he is.
Why can't I moderate something "Wrong" or at least "Grossly Misinformed"?
[ r a n t ]
This is so depressing, and more, it enrages me to think that this kind of stuff can happen.
Anyone who wants to do _anything_ as a public service can no longer simply "just do it" -- cover your backsides, boys and girls, because if you piss off anyone, I mean _anyone_ your "host" might decide to send you up as a sacrificial lamb.
Get everything in writing.
Keep backups of everything on a really big hard drive.
Encourage supporters to archive your site.
I think it's shameful that Harvard won't let him get the information he needs to graduate. I think it's shameful that his professor doesn't seem to give a damn. Personally, I think Harvard's reaction disgusts me more than AntiOnline's.
Don't think for a second, however, that I approve of AntiOnline's actions to any degree. I'm ashamed that they can do this stuff and still look themselves in the face at night. So much for the computing "community."
It's going to get worse. Apparently, the whole idea that the internet is a medium for the free exchange of ideas is getting less and less true, becasue any idea that you don't like can be litigated out of existence.
[ / r a n t ]
Eviscerati.Org: All Hail the Eviscerati
After working with him for that time period, I can easily say he's a total asshole, and likes to take everything said as it was directed at him. He got picked on a little too much in school, and now, if anyone "picks on him", his retaliation is to sue. Back when he was an op in #HackPhreak, his retaliation was to ban their entire domain/country. Some things never change.
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.
First off, It seems unlikely to me that Harvard, with a reputation of being an excellent law school, would destroy evidence if some sort of wrong-doing had been done. They really ought to know better.
But, if they did wipe the site completely, Ken has nothing to worry about in terms of lawsuits (without evidence, it's all he-said-she-said), disciplinary action from Harvard (he's not a student), or loss of his job (no reason, because there's no evidence).
Furthermore, I suspect he would have a good case against Harvard for destruction of his site, including the loss of his schoolwork. (Can you say Harvard is a cracker?) If I were on a jury, I'd certainly have Harvard pay him enough so he wouldn't have to worry about his schooling being screwed up.
If, however, Harvard does have a copy, then there is a possibility of a lawsuit happening. In which case, Ken Williams has really nothing to worry about from Harvard claiming he cracked their systems -- even the world's worst lawyer could get a judge/jury to see that 400K hits could not go unnoticed. If Harvard knew about it, they must have approved of it.
That would leave only the alledgedly libelous material. Which, if it was as John Vranesevich claims, than KW deserves whatever he gets. If it is not, than JV should be rightly counter-sued.
My guess is that Harvard pulled the server and is preventing KW access until they can determine what's what. If there really was libellous material, they certainly don't want KW to go and erase it.
Wait and see is all we can do.
Stupid people will be persecuted to the fullest extent allowed by law.
IMO, the second is more likely. This doesn't mean that we are being misled - just that we have an incomplete view. Can anyone who has emailed Harvard management (or who is within Harvard management), or who is otherwise involved with this, provide more information on what is actually going on?
The fixed link is over here.
Let me get this straight. Because AntiOnline is threatening legal action, Harvard is destroying all copies of the relevant data? Completely apart from whether or not this legal action has any merit, couldn't Harvard get in a lot more trouble for destroying evidence in a suit than they are likely to face in the suit itself?
Weblogging Considered Harmful:
Looks like the /. effect strikes again. Either that, or someone has taken "care" of antionline. Waiting to read their "allegations" before I make a reply. But I agree that destroying ALL of the Packet Storm data is wrong on Harvard's part. Even if their "stellar" image were tarnished by any controversy, they would get over it. It *IS* Harvard afterall.
"Klaatu, verada, necktie!" -Ash
Let's face it boys and girls, these two are not very likeable characters. Neither one of these guys will win contests for likeablity. But like what happens when most things come through this forum, we shoot first, ask questions latter.
FACT: I doubt Harvard wouldnt have looked at the link on the site before the pulled the page. More then likely it was full of alot of the crap that was said about it or Harvard would have said to go screw yourself. Being from a private university, appearances must be kept up. In fact, here where I goto school three staff members were fired for posting a Playboy nude of Pamela Andersen. Harvard's covering their ass.
FACT: These two have had a long running feud between each other and this a pissing contest. However, somebody got caught were their pants down this time. I doubt anybody here would have want their work copied like antionline has been for the past how many months by packetstorm.
FACT: I doubt the FBI, Air Force, Computer Associates as well as numerous others would have put their trust into someone who they didnt throughly check out.
My point, grab both sides of the story before you start taking sides. Both of these sites have been credits to web but when they dengerate to this stuff like making threats or taking each others sites down, it just feeds the fire. This is a pissing contest plain and simple. Nothing less and nothing more. Pack up the stuff and move on.
Hangtime
Most universities (especially major ones) have clauses in your acceptance paperwork (or whatever) that anything you create, contribute to, etc, while a student/intern/graduate/professor is owned by the university. So I guess they could go and do whatever they want with the tapes.
-Chris
Souns like Ken might want to contact the ACLU about some legal help. IF this is considered a free speech issue they might want to help.
The fool could try however he would not succeed. What makes this world great is that you can do something about an injustice what ever it is anything at all. If someone tried to take down my site I would bring them to court and make them pay.
The death of one man is a tragedy; the death of a million is a statistic --Joseph Stalin
Accually I thought so too (read my comment)
But if you look at packetstorm.genocide2600.com
you find out that he did say this (apparently revised his statement a few times) but this is exactly what was quoted by JP minus the cuss words in which he notes where removed at the bottom of the page.
To: uis-webadmin@harvard.edu, provost@harvard.edu
Subject: Letter of Protest
Dear CAIS and the Harvard Computing Community,
I am writing to protest strongly Harvard's confiscation of Ken Williams' site PacketStorm.
Ken is one of the brightest talents in the security community, has worked tirelessly for years on security related issues and has freely shared his
work with the rest of the community.
To pull his site and prohibit him from accessing his own content is outrageous.
As a professional network administrator, I used his site services at least once a day, and found his content to be professional accurate and trustworthy. His content helped me PROTECT MY NETWORK, and according to all reports, you've destroyed all of his content, his hard work, and a RESOURCE that I used. This is absurd. His content, regardless of libelousness, existed BEFORE it came to Harvard's domain, and libel suit threat aside, destroying data like that is a crime. If you wanted it removed, pull the plug on the machine, and RETURN the data to Ken.
It is my sincere hope that you will reconsider your actions.
Thank you for your considerate attention.
Sincerely,
Seth Cohn
network administrator of [removed for privacy]
Help achieve Liberty in your lifetime - join the Free State Project - http://www.freestateproject.org
Heres the mail John Vranesevich says he sent to Harward. If this mail is what made Harward close the site, then I'm all on Vranesevich's side. The important thing to remember, though, is we don't know!
(1) English is not my first language, so I'm sorry if this is the right word, what I mean is e.g. publishes fake porn images of me.
This encourages me to begin a project that was partially inspired by Neil Stephenson's "Snow Crash" and partially by "Cryptonomicon".
The idea is for a "CryptNet" Here is the idea...
Anyone who has a Net connected computer with some space and wants to be part of the network sets up a cryptnet server daemon and allocates some disk space to it. The space allocated is encrypted and the site admin has NO direct access to the data stored there. He has no control over or access to the contents. All these servers are linked together to form what ammounts to a big distributed file system that anyone can store data in. (Or maybe instead of opening it to the public completely, you can only store as much data as the space you donate to crypt net?) Several "Gateway" servers are set up to display what is IN the "filesystem". The "gateway" would act as a sort of proxy server to the gateway, so that the actual physical location of the data is unknown (or maybe we can avoid going through the directory server if the packet source can be anonymized some other way). Suddenly, physical location of the data is no longer an issue. The only problem I see is if a node goes down, suddenly that data in unavailable, but this can be avoided by only allowing responsible admins to join the network, not just anyone (similar to IRC?) or making sure each byte of data is stored in two or more locations. Anyway.. thats the general idea, and thats all it is. Anyone interested in helping start a project like this?
This encourages me to begin a project that was partially inspired by Neil Stephenson's "Snow Crash" and partially by "Cryptonomicon".
The idea is for a "CryptNet" Here is the idea...
Anyone who has a Net connected computer with some space and wants to be part of the network sets up a cryptnet server daemon and allocates some disk space to it. The space allocated is encrypted and the site admin has NO direct access to the data stored there. He has no control over or access to the contents. All these servers are linked together to form what ammounts to a big distributed file system that anyone can store data in. (Or maybe instead of opening it to the public completely, you can only store as much data as the space you donate to crypt net?) Several "Gateway" servers are set up to display what is IN the "filesystem". The "gateway" would act as a sort of proxy server to the gateway, so that the actual physical location of the data is unknown (or maybe we can avoid going through the directory server if the packet source can be anonymized some other way). Suddenly, physical location of the data is no longer an issue. The only problem I see is if a node goes down, suddenly that data in unavailable, but this can be avoided by only allowing responsible admins to join the network, not just anyone (similar to IRC?) or making sure each byte of data is stored in two or more locations. Anyway.. thats the general idea, and thats all it is. Anyone interested in helping start a project like this?
While I agree that Harvard is making a big mistake shutting the whole site down, and by destroying the site itself, the fact remains that we don't really know what the hey is going on. We've got Kevin's righteous indignation side of the story, and a reply from the now-vilified JP. No one here(at least no one admitting) has seen the offensive material, or knows what happened behind the scenes to get to this point. Yeah, it sucks that the site is down, but WE DON'T HAVE ALL THE INFORMATION. For instance, two days ago, around my office, people were talking about helping that "nice little Honduran boy who made it all the way from Central America to New York!" Come to find out the kid lived in Miami, and was only smart enough to make up a nicely believable story. Moral: Give the story time to develop, without jumping right on the banner headline: "POPULAR SITE SHUT DOWN BY JERK!"
A gentleman from Harvard Net Ops was kind enough to reply to a email I had sent him earlier in the day, and he included a Harvard press release. They are in fact going to return the full contents of the site to Ken Williams, although the site is no longer welcome on the Harvard network. The decision was in fact based on the fact that there were "sexually-related material and personal attacks on an individual not affiliated with the University". Which does change the situation, IMHO. I do home that a new home can be found for PacketStorm, but Harvard's decision is much more understandable now.
itachi
=======================
* S T A T E M E N T *
As a service to the Internet community, Harvard agreed to host a Packet Storm Security Website for security-related materials only. Without Harvard's knowledge, unrelated content was put on the Harvard server, including sexually-related material and personal attacks on an individual not affiliated with the University. A Harvard administrative site focused on security issues is not the forum for this type of material. We are returning the content on the site and hope that Packet Storm will make its security tools available through its own Website.
Joe Wrinn
Director
Office of News and Public Affairs
Seems to me that harvard is giving Ken his site back.
If the events that Ken describe are accurate, his situation does indeed suck. However, there are lessons to be learned here.
1) ALWAYS BACKUP DATA. This seems to burn you whenever you don't.
2) Always have a written contract. Harvard is pulling the site because he isn't a student. Because his contract wasn't written, and he isn't a student, Harvard doesn't have any reason not to pull the site without a hearing. The site shouldn't have been there in the first place, at least, in the eyes of Harvard. I'm sure Antionline knew this. (Strange, I can't connect to their site now... Timeouts and all...)
3) ALWAYS BACKUP DATA - this goes for regular users too. If you have a site you love with information you love, backup that information, if nothing else.
I truly feel for Ken. He seems to have gotten a shaft that few of us can ever imagine receiving. I would reccomend that he get a good lawyer, fight the charges, and file a counter suit. If he has been acedemically, financially, and personally destroyed by this, and their claims have no merit, then he should be able to punish them legally.
However, I doubt he has any case against Harvard. It *IS* Harvard, and he isn't a student. They're just wiping their hands clean. What can you expect from the school that has helped shape the dismal state of the Americal Legal System?
His only hope is that Jeff Gray makes a backup of his data before officially destroying it, and sometime in the future, Ken receives a complete backup of his data, site and all, from an anonymous user. If Jeff is all Ken cracks him up to be, I wouldn't doubt that this has already been done.
Linux - Because Mommy taught me to Share.
It's now 11:24am and www.antionline is now off the web. They cannot be reached. Thank you.
As for the rest of my message, Ken was a very good to all of us. He was one reason I moved over to Linux. I find it great that HackerNewsNetwork and the cDc both had something to say Slashdot. Hackers are like a mob family. Treat them well and you can enjoy great riches, like Packet Storm, 2600's Off the Hook, and DefCon, but if you cross us, you will be fitted for electronic cement shoes.
As for some of the comments about mirrors, Ken didn't allow them, so no one had them. The security at Packet Storm was tight, and JP knew that. The only way he could get rid of Ken was to get Harvard to pull the plug.
I was even thinking about going there, just to work with Ken, or to talk to him. That may not happen now.
From the konsole of,
Louis Blue
P.S. The next "Hacker's Jargon File" needs to have a place in it for Packet Storm Security and Ken Williams, and how JP made it all go away.
"We have word that the PacketStorm site has not been deleted and that Harvard University will be supplying Ken Williams with a back up copy of the site. "
-- as yet unconfirmed, from www.hackernews.com
-- r . m o s q u i t o --
I noticed when checking Ken Williams letter posted on both sites AntiOnline and HNN that there were some discrepancies. See for yourself: http://www.antionline.com/archives/editorials/pack etstorm.html and http://www.hackernews.com/orig/williams.html Scary how the AntiOnline version is tweaked just enough to make Ken Williams seem vengeful and juvenile.
If you're not outraged, you're not paying attention.
Two questions, was this what was actually sent? It might be.
Next question, were there such pics as he described on the site? If there were then harvard was right to drop the server, but not the contents of the server, immediately. If there weren't, and those pics were part of JB's paranoid imagination, then harvard and JB should be slapped, hard.
Likely JB chose just the right words to get harvard to drop it immediately, without getting them to check if the accusations actually were true, to force them to act as if they were true. Had harvard not dropped it immediately, and the accusations were true, then JB might have probable cause for suing.
Harvard is not completely to blame, but they completely mishandled it. Had they just taken it down momentarily to VERIFY the accusations and consult, likely nothing would have happened. But rather JP and their own nature caused them to act heavy-handed, and they did.
If there is one thing that the internet despises, its heavy handed behaivor companies or organizations squashing the little guy.
Funny how some people who claim they believe in free speech tend to flip-flop when it comes to speech they don't like, huh?