Slashdot Mirror

← Back to Stories (view on slashdot.org)

Harvard's response to the Packet Storm incident

Posted by CowboyNeal on from the step-in-the-right-direction dept.

Harvard University News Office wrote in with their response to the whole Packet Storm ordeal. Hit the link below to read more, but it looks as if Harvard is returning the backups, but no longer hosting the site.

As a service to the Internet community, Harvard agreed to host a Packet Storm Security Website for security-related materials only. Without Harvard's knowledge, unrelated content was put on the Harvard server, including sexually-related material and personal attacks on an individual not affiliated with the University. A Harvard administrative site focused on security issues is not the forum for this type of material. We are returning the content on the site and hope that Packet Storm will make its security tools available through its own Website.

Joe Wrinn
Director, Harvard News Office
1350 Massachusetts Ave., Rm. 1060
Cambridge, MA 02138
Phone: 617-495-1585
Fax: 617-495-0754
joe_wrinn@harvard.edu

3 of 207 comments (clear)

  1. The full Jp packetstorm FUD letter by Anonymous Coward · · Score: 5



    PacketStorm Is Shut Down
    An AntiOnline Editorial
    Thursday , July 01 1999

    Apparently for some time now, PacketStorm Security, a popular underground collection of security related tools and information, has been maintaining a vast archive of
    materials about AntiOnline. These materials included entire stories, copies of the weekly mailbag, e-mails, and other materials copyrighted by AntiOnline LLP.

    On top of that, and what was far more serious, the site contained dozens and dozens of items which included: e-mails, messages, documents, images, and even public
    surveys. These materials were libelous, and in some cases, were blatant threats against members of my immediate family, myself, and my company.

    While I value the right to free speech as much, if not more, than the average American, I do not believe in individuals posting threatening and harassing documents
    about another individual, and their family members. It was for this reason, and no other, that I contacted Harvard University, which was hosting the PacketStorm
    Website, and requested that it be shut down. I did not threaten legal action, but simply directed University Administration to the website, for them to view, and to judge,
    on their own. Below is a copy of that letter:

    Greetings:

    May I first say that I did my best to see that this letter got sent to the appropriate individuals. I had some difficulty determining who those individuals may be, so if I
    have made an error, I would greatly appreciate it if you would forward this letter on to the appropriate individual(s).

    My name is John Vranesevich, and I am the Founder and General Partner of AntiOnline LLP, a computer security company based outside of Pittsburgh, PA.

    Earlier today, one of my colleagues forwarded me the following URL:

    http://packetstorm.harvard.edu/jp/

    Needless to say, I was shocked and outraged at what I saw. This page contains a large archive of libelous and, to put it bluntly, sick material. Everything from archives
    of copyrighted material from our website, to altered pictures of my family, to 'stories' about me which contain images ranging from people engaged in homosexual
    activities, to a nun that appears to be covered in seminal fluid.

    I am astounded that an institution as prestigious Harvard would be party to the dissemination of this type of material. It is my hope that the University Administration
    was unaware of this site, and now that it has been brought to their attention, it is my hope that it will be dealt with promptly.

    I have worked to help several educational institutions develop 'Acceptable Use Policies', and if Harvard is similar to them, the above URL would be a clear violation
    of that policy.

    It is my hope that the above mentioned domain will be shut down immediately, and that the individual responsible will be seriously reprimanded.

    I hope to hear from you soon about this matter, and what you may have done regarding it.

    Yours In CyberSpace,
    John Vranesevich
    Founder, AntiOnline


    Tonight, Ken Williams, the founder of Packet Storm Security, released a letter to the public. The letter read in part:

    Funny how I spent the past few years donating my time, literally thousands of hours, to "the security community", never making even a penny off the time and work I
    invested, and have now lost it all because some asshole named John Vranesevich is able to make a quick phone call, fabricate absurd stories about criminal activity
    and bullshit I never did, and effectively ruin years of work, my education, my career, my life.

    Ken, I know what it's like to dedicate many, many, thankless hours into a project, believe me. But, you did not loose your site because of me, you lost it because of you. I
    could not stand by and watch your site be used as a platform to harass and threaten my family, myself, and the business which I have worked hard to start. While you,
    and others who 'follow you' may criticize me for what I did, I think everyone that's reading this, who has family members that they love, and a career that they enjoy,
    will admit to themselves that if in my shoes, they would have done at least the same. I hold absolutely no grudge towards you as a person, and I hope that you have the
    best of success in all that you do.

    Due to the types of threats that I have been receiving, and that sites like PacketStorm have been propagating, local law enforcement agencies were put on alert, and
    began doing extensive extra patrolling of the residence of my family members, my own residence, and the AntiOnline Offices. I realize that the actions that I have taken
    against PacketStorm may greatly increase the immediate threat against my family, myself, and my company; and that the harassment will now only get worse. However,
    I will not allow my family, myself, nor my company to become a victim. I am standing my ground, and will continue AntiOnline's mission of putting an end to malicious
    hackers.

    People in this country have the right to say and do whatever they please, unless that is, what they say and do infringes on the rights of another - anonymous.

    Yours In CyberSpace,
    John Vranesevich
    Founder, AntiOnline

  2. An outsider's view by Anonymous Coward · · Score: 5

    Here's the story as I heard it from Harvard's unofficial side of things.

    They received an email about this /jp directory, so someone cruised over there, saw what was there and shut down HTTP access until things could get straightened out.

    Remember, Harvard was hosting the site as a favor to the creator and the community. It WAS an extremely popular site and was sucking up huge amounts of bandwidth, but it was deemed worthwhile.

    So, while the issue was being investigated, (and from what I understand, the assumption was that there'd be some discussion about removing the offending material and hopefully PacketStorm would be back up shortly) Ken started this flame attack on Harvard, and communities such as this one completely accepted what he said at face value.

    Suddenly Harvard, which was trying to do a Good Thing by hosting the site, was turned into the bad guy and being flamed across the net.

    So they figured "Screw this" and told Ken to take his files and find somewhere else to host the site.

    There was NEVER any intention of destroying the files, and with a bit of thought you should understand why. Even if Harvard was some malicious beast in this event, they'd still want the files to back up their allegations, right?

    ------

    I know you won't believe this, since I'm not one of you. But that's the 'unofficial' story.

    This event triggered my first visit to the slashdot forums, and frankly I was stunned by how many people took Ken's letter as total truth (ie, the big organization is stomping the poor little guy angle) but when the big organization responds, they're clearly lying.

    Weird

    Flame away.

  3. Verbal agreements and Phantom Machines by PapaZit · · Score: 4

    Most colleges and "academic environments" have official rules that cover things like this. Hackers and 3133t war3z d00dz have been around for long enough that almost every university with an internet connection has policies in place for appropriate content.

    Colleges also tend to have a high level of trust. If you work for the college in any sort of technical capacity, you can get away with a lot of things, because it's assumed that you have a good reason for breaking the rules.

    It's pretty common for people around here (CMU) to have vanity domains and private web servers on their work machines. It's also pretty common for people to create accounts on their machines for friends, or even put machines on the network for outside friends to play with. This is all strictly against policy, but so long as nobody complains, we don't worry about it too much.

    If we were to get a letter from someone who was threatening to sue us because of the actions of someone who isn't even affiliated with the university, we'd stomp on them hard and fast. Covering our collective ass is more important than looking the other way while someone breaks the rules.

    I don't know if this was the situation between Harvard and Packetstorm, but it does sound that way. Universities run on paper, and there's no way that they'd officially permit an outsider to run a machine on their network with only a verbal agreement.

    --
    Forward, retransmit, or republish anything I say here. Just don't misquote me.