Slashdot Mirror
Forbes Takes on AntiOnline
infojack writes to us with the the word that Forbes is running a story on AntiOnline.
It's a op-ed piece by Adam Penenberg, talking about the creds of John Vranesevich and some of the PacketStorm flap. What I found most interesting was the outright recognition of how the media operates with "experts", and reporters use of the same people over and over.
Posted by Mike@ABC:
I read HNN every day. Wouldn't miss it for the world.
He wasn't ejected from defcon. Hell, he wasn't even *at* defcon this year. However, Carolyn did end up getting booted out of defcon, and there are certainly pictures. Maybe even some involving the back of my head, considering I was sitting right up at the closest table when it happened.
" according to Koch, called the Bombay Atomic Research Center the
"B'Hadvah Atomic Research Center." When Koch corrected him, JP
admitted it must have been India."
Actually, it's called the Bhabha Atomic Research Centre. (after Homi Bhabha, nuclear physicist).
So phonetically JP was closer to the mark than Koch, though
of course he got the country wrong.
Where is the line where someone becomes a public figure? From the sounds of it JP is trying to get all the press attention he can as long as it's good. Sounds to me like he's a public figure then. Shouldn't he be unable to sue, just like politicians and Hollywood figures who have to deal with tabloids, since that's the price you pay for being in the public spotlight?
Ryan
I can understand how difficult it is to find experts if you're not familiar with the field, especially in hacking. However, I think it is safer not to purport someone as an 'expert' if you're really not sure. The motivation of the press in this case is clearly to make an attractive story first, and to worry about the accuracy second (if possible).
While the press may not know who the experts are, I think some application of common sense and experience can derive the truth for the most part. The press cerrtainly could have done a better job investigating JPs credentials. His story simply doesn't compute. Futhermore, if you talk to virtually any sysadmin or ex-hacker(whitehat) familiar with the art that is worth his salt, they'll tell you JP is a joke.
I, for one, happen to have known JP since his early days on undernet (IRC) in #cha0s and #hack*. About two years ago I spoke with Javes Glave of wired magazine on IRC, I gave the run down (my opinion) on both Analyzer (the stupid israeli hacker) and JP. Whie I can't argue that he lied per se, he should have known better. He published JP as if it were the gospel, and published only snippets of my comments which served to give his story a little spice.
JP has nothing in the way of technical skills, any examination of will reveal this. At most one could argue that he is 'connected' to the hacker scene. In reality, JP is just a media conduit for the latest script kiddy who _wishes_ a little media play. The problem is that JP doesn't just relay; he distorts everything in a self-serving fashion.
Bub:
Hey kw, I am Bub.
Feel free to ask me anything related to computer security, privacy, information warfare, or hackers. I'll do my best to answer your questions.
Please keep in mind that I am learning new things about security all the time, so check back often. If you think your company may be interested in helping teach me, see our affiliates page. Or, if you'd like to add me to your website, visit this page.
kw:
Is John Vranesevich a security expert?
Bub:
John Vranesevich is the founder and General Partner of AntiOnline.
He left the University of Pittsburgh after his freshman year to devote his full energies to AntiOnline. He considers himself an "information security enthusiast" who likes to help educate others about the importance of security, privacy, and responsiblity as it relates to computers and the internet. John has been quoted thousands of times on a variety of topics including by such organizations as: The New York Times, The CBS Evening News, The British Broadcasting Corporation, The Washington Post, The Boston Herald, National Public Radio, Wired News, and the San Francisco Chronicle.
He can be reached by sending an e-mail to jp@antionline.com.
kw:
What is an information security enthusiast?
Bub:
Just like with any other system, router's aren't bullet-proof. Take a look at AntiCode's Router Archive for examples of exploits which have effected these devices.
kw:
Bub, what is security?
Bub:
Just like with any other system, router's aren't bullet-proof. Take a look at AntiCode's Router Archive for examples of exploits which have effected these devices.
kw:
Are hackers inherently evil?
Bub:
Social Engineering isn't as romantic as it sounds. It basically involves the hacker lying to a user, in order for them to obtain information, in many cases, your password. AntiOnline's Figh-Back! section has more information about social engineering, and even gives a sample conversation between a hacker and a victim user.
kw:
Are your answers more accurate and enlightening than those provided by a magic eight ball?
Bub:
Yes!
--
Respectfully,
Ken Williams
-- ken williams
It's about time that someone with a company big enough to back him, finally sticks it to Antionline. My only hope is that JP pulls some crap with AOL sometime, so that I can prod our landsharks to do their hungry circle dance of death around him.
Course, now that he's finally been publicly discredited, like all good net kooks, he'll get even shriller and more annoying.
While it is desperately important that JP be branded for the disreputable scoundrel he tends to be in the mainstream media, what should really worry us about this article is an admission of something I've suspected for years: journalistic sources start out horribly biased then proliferate through a lovely grapevine of other newspapers. That is: 'CNN has just learned of a Washington Post Article covering a story in TIME Magazine that quotes a line from the New York Times in an article by a journalist whose source was interviewed while rooting around in a dumpster.' Immediately the word 'expert' loses all credibility so the lingering question becomes, 'Who do I trust?' Ideally the community would self-police and release publicly accessible docs to the press so that the lone-gunman mercenary tactics of AntiOnline would lose credibility quicker, but the internet community is such a cacophony of opposing voices that most journalists are quick to give up on their old research methods and give ol' JP a call. Do this more than once and you've created a monster.
So what's the answer? Switch to a new 'expert,' and watch them go down in flames? This goes beyond JP's megalomaniacal campaign since 'experts' get quoted all the time in the news. Experts who dictate the laws government will pass on violence in movies/games/TV and the like.
I think that you're missing the point. The person is not the project; even if I am a big meanie, that doesn't necessarily make me an incompetent programmer. The article that you seem to approve of is following that line of illogic rather than citing the specific charges against AntiOnline that have been referred to.
/. crowd. Who can forget the past characterizations of Linus Torvalds as a pimply-faced college kid? And you, as a responsible professional, would never use an OS programmed by a horde of pimply-faced college kids, would you?
/., it will go on and bite you in the ass. How long do you think it'll be before Forbes tackles something important? They're not going to stick to relatively safe subjects forever, you know.
Personally, I can't testify whether the charges are valid or not - I'm not a security expert, more of a security dabbler. I do know that they were nowhere to be found in the Forbes article.
Consider that this kind of attack has been made before, to great outrage from the
When you let journalists get away with this kind of shoddy reporting, you're just encouraging laziness and intellectual dishonesty. When it goes along, even without the applause it's been getting on
--
--
There is no premature anti-fascism. -Ernest Hemingway
For those of you unaware of the dispute that has been constantly going on between attrition and antionline, it serves as a prime example how how JayPee attempts to deal with those that go against him. Threat of lawsuit after lawsuit, attempts to destroy any credibility, and constant slander are all commonplace with him. His website is no longer used as a "security portal", as he likes to call it, but as a tool to promote himself and nothing else. JayPee took advantage of the fact that the media is almost completely ignorant when it comes to cracking and website defacements. He realized that they would latch on to anyone that claimed to be an "expert" in this field. Want to know what antionline is really about? Go to http://www.attrition.org/negation and READ. They do one hell of a job creating logical, rational arguements and proving their point. Anyways, over & out.
Usually the people who are looking to sources just want the spotlight and will say anyhting ot get it.
The best sources are usually too involved with their field to be noticed/bothered. They have to be tracked down through phone calls and friends of friends, etc. And with that, the person tracked down may not even want to talk. It can be easier to just settle with the first available.
Journalism, like society is getting lazy, and looking for the quick and easy. If there is someone standing at the front door when you leave to go looking then that person probably gets quoted. The ever increasing demands for more and faster of whatever helps drive this.
penguinicide... when jumping out a window just won't do.
Can someone post some links about the "Happy Hacker"? Who is she and how did she get bodily ejected? What's the scoop?
I've just had a major mental orgasm. I have had this rational, not irrational mind you, *rational*, hatred of Vranesevich for so long that I've been waiting for a mainstream outlet to expose him. This isn't a flame, it's just that when people behave as badly, arrogantly, rudely, and ignorantly as JP and that troll Carolyn, and yet get *venerated* by the media and even some IT people for it, it makes you question your sense of reality, morality, and the whole of Western Civilization. This is a major relief, that finally this point of view is shared by people outside of 2600 and Slashdot...
For instance, Packetstorm was always a better, more informative place than the JP Fan Club that is AntiOnline, yet Packetstorm got booted for smearing JP and Carolyn no more harshly than AntiOnline smears Packetstorm, Kevin Mitnick, Slashdot (remember when they were denying refers from Slashdot, because "The site you have just come from is a haven for hackers"), and everyone worth respecting in the geek/hacker/tech community. Now, I'm no hacker, I wouldn't know the difference between a Perl script and a pearl onion, but I'm savvy enough to know that JP is a condescending b-tch and that I'll take Slashdot over his a-- any day.
Not to mention what he's said about Kevin Mitnick. I don't care if Kevin were Stalin, you don't put people behind bars without trial or even a fair prelim hearing for years and years, this is America and if AntiOnline were at all respectable they'd be pointing that out instead of trying to capitalize on Kevin's unconstitutional misfortune. JP should be ashamed of himself. Instead of siding with the Constitution, AntiOnline and its cyber-jackbooted-thugs have obviously sided with Big Brother and the FBI Domestic Police State Unit.
AntiOnline's JP and Carolyn are the same sort of semi-illiterates who'd outlaw reverse engineering to protect the profits of the status-quo--just look at all the "tech news" on their website, it's obviously geared towards not-so-computer-literate corporate suits, for the purposes of JP's own aggrandizement. I know little about the fundamental internal processes involved in computing, and my Linux-Mandrake 6.0 CD is still sitting here (til I get a 2nd drive) uninstalled because I'd rather have my four.five gigs of pr0n. Yet even I feel the articles at AntiOnline are below my own level of literacy. Despite its claims, then, AntiOnline is not at all about computer security--Packetstorm is, Slashdot sometimes is, even 2600 is more so than AntiOnline. So if it's not about computer security, the only conclusion I can come up with is that it's about JP sucking up to corporate suits, period. Just my 2 cents.
--Taylor, whose login was eaten by the Slashmonster
This is all stuff I assume you know already. I'm just being indignant because I can.
Sure, "black hat" crackers aren't going to want to be found, but the "white hats" generally WANT the press (though if you make a mistake, they make you regret it.)
It's hard to gain their trust, but it should be. A lot of the time with hacker sources, the easier it is to talk to them, the less credible they are. Case in point: John P.
If you ever doubt the ability of a hacker, just look for his or her work. "Show me the code" shouldn't just be the cry of an open-source consumer. If you can't read code (like me), get a good working relationship with a non-flaky programmer (like I have.)
Anyone in the l0pht, in particular mudge, I would consider credible. You send them an e-mail, they reply. www.hackernews.com is surprisingly on the level, as is Simple Nomad of www.nmrc.org.
In addition, many large IT firms or IT departments of large corporations employ hackers. If all else fails, take up a hobby of reading some oddball Usenet group. Surprisingly enough, many hackers are also authors of goony prose.
J.
damned vulpine http://sb.drtwister.com/
The sad thing is that no one knows everything about every topic, and sometimes we just take the short-cut of believing what we're told, if it's far from our expertise.
That used to work just about fine. I read Scientific American (and still do) and find parts of it fascinating, especially when they're talking about stuff I don't understand. ;-) But when they run garbage about stuff that I do know about, it really makes me wonder what other garbage is in there on topics that I don't know about.
Bad reporting doesn't just do a disservice to the readers; it also damage the credibility of the publication. Some Scientific American editor should have checked up on Meinel and then dragged her article to the shredder icon. It's disillusioning to see a beloved magazine that I grew up with, suddenly tainted in my eyes. I can't fscking believe Meniel's been in the same publication as Hofstadter... *sigh*
---
Have a Sloppy day!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
The stereotypes that I remember:
The subtext:
Honestly, I took it for more MS Astroturf(TM) at the time.
Sheesh, evil *and* a jerk. -- Jade
I used to have run-ins on IRC with "JP" when he ran with the Cha0s, Inc "hacker" group. That was when he was still in high-school, committing daily ping-flood attacks and generally being obnoxious. When he went to college and got his dormatory ethernet connection and put up his first "security" web site I just laughed. But I never expected anyone to take him seriously.
You should think of him and his web site as one big social engineering hack on the media. That's all it is.
The times I've visited AntiOnline (and that not often, but still), it has struck me as being much more of an information clearing house than a source for original content, which Forbes seems to be insinuating. Visiting today, it really still is. Which isn't a bad thing, either (look at /.)
Any reader of Brill's Content will note that most journalists aren't formally or practically educated in the fields which they cover. Whether this should be so is grounds for another post, of course, but I'd think that Vranesevich, as operator/publisher/editor of AntiOnline would qualify as a journalist. Not a great one, either, but still.
Any attack on AntiOnline should be made regarding AntiOnline's quality of reporting. Has AntiOnline (rather than Vranesevich) been incorrect? Has it disseminated false information? Have the scoops, such that they are, been important? And so on, and so forth. Instead, Forbes has taken the easy way out: slam AntiOnline by insisting that Vranesevich has insufficient "street cred" and that he's litigious.
No doubt Forbes would shy away from the same argument, applied to themselves: since Steve Forbes is a trust-funded, socially conservative wingnut, Forbes Magazine is obviously a rag.
Well, it is a rag, but that's not why.
--
--
There is no premature anti-fascism. -Ernest Hemingway
Really, you've got to take what people tell you and try to disseminate it into an article about a field you're usually not an expert in. It's not as easy as it looks, but when the editor says "hop" you'd better already know how high.
Contrary to popular /.'er belief, the media (even Jesse Berst) isn't out to distort facts or intentionally get things wrong. It's just a matter of not getting good enough quality information from sources.
If someone can talk to the media and make themselves understood (and seem to know of whence they speak), they're a good source until proven otherwise.
That said, I'm glad that egomaniac JP is getting his at long last -- that Packet Storm thing POed me something royal.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
Do a Google search on Adam Penenburg; find his email address and write to him to congratulate him on this article, before going on to read some of his other stuff, including an enlightenting mea culpa on being taken in by bogus hackers himself, echoing Mike@ABC's comments: writing accurate hacker stories is hard. Sadly, staying credulous makes your stories sound better ("hackers hold up banks with crypto") and no-one seems to notice the difference. Thanks for trying to stay honest.
--
Xenu loves you!
It's surprising how long it took for the print media to catch on to the fact that Antionline is full of it.
Once Vranisevich got himself quoted in the New York Times, all the rest of us media people saw him every time we ran a Nexis-Lexis (newspaper database) search on a tech issue. Since the New York Times is the PAPER OF RECORD, and never gets anything wrong, Vranisevich was now a Trusted Source.
But as anyone who reads their weekly Circuits section knows, the Times is no expert on tech issues. They get things wrong all the time--mostly little details that don't seem so important unless you are a rarefied expert in the field, but they do get them wrong.
And they, and the Washington Post, and a few others, really misjudged little Jon Vranisevich.
What is odd is that so few tech reporters seem to really follow the online scene closely. Antionline has been dismissed as a fraud by the hacker/security community at large at least since last year (lots of others thought he was full of it before that, I am sure, and yet the mainstream press kept quoting him.
Forbes has probably done us all a huge service here. Even if the NYT/WashPost/WSJ don't pay attention to Attrition/L0pht/Slashdot enough (yet), they do read Forbes.
\
Because unfortunately, most of the stories your paper runs from outside the local area are probably from one source (the AP collective). And because, like it or not, if the NYT or the WSJ or the Washington Post prints it, most reporters think something is true. And because if a newspaper prints it, the TeeVee drones dutifully put it on the air, minus 99 percent of the content and analysis. And because most of the media (probably including yours) is owned by gigantic evil mega-corporations obsessed with increasing shareholder value at the expense of their viewers'/readers' minds.
More importantly, though, your average local reporter knows a little about a lot, but a lot about only a little, of what she or he covers. That means we rely on experts, and I think too often, we anoint experts without really knowing too much about how much they actually know.
And I think using the Nexis-Lexis database to find experts is just about the WORST thing a reporter can do. Because that leads to the kinds of vicious spirals that turn idiots like Vranesevich into spokesmen for things they know little or nothing about. We should spend a little extra time and find our own experts by researching the field we report on, talking to the relevant players, and figuring out who they respect.
This is an interesting discussion, so don't be offended by my self righteous tone. I sometimes rely on these anointed experts too, but I wish I didn't.
[ps-this was already posted once, but somehow ended up in a completely different article]
\
Believe the people from attrition or don't belive them. But here's a text from fyodor, the creator of nmap. He reacts to the publishing of a Carolyn Meinel article in SCIENTIFIC AMERICAN. My god!!!
It's a shame that they didn't react, 2 months later one could read the article in the foreign "brother" newspapers of scientific american. I wrote an angry letter to them, but they insisted mrs. meinel had a good reputation in security circles.
I wonder why I have NEVER seen ANY information of her or her affiliates on bugtrag/ntbugtaq/comp.security.* . Argh, perhaps I'm just to idealistic to think there have to be some journalists who bother to get any information, but this makes me really angry.
Posted by Mike@ABC:
Before I start, a bit of a mea culpa: I used JP on my site, even did a profile on him back in March or April of '98. And back then, quite frankly, he wasn't a bad source. He had some good stuff, decent contacts, and was still interested in reporting on the hacker scene.
Then, early this year, he re-launched his site and adopted a new editorial policy. And I stopped calling him -- not because of his opinions, because he can do his site however he wants -- but in covering hacking, I need sources that will help me contact and understand the hacking community, not bash it. I want to leave the value judgements to the readers. Thus, I want to have actual hackers as sources, as well as real-world big-time security experts on the other side. Without slamming him one way or another, it's safe to say that JP is neither.
Covering hackers is hard. With a few exceptions, most hackers don't want to be found, and those willing to talk to media usually want a slew of protections. And of course, we in the media have to try to determine whether these folks are bonafide hackers, or just guys who hang out on IRC and play with downloads from last year's B.O. release. It's a tough call, and there are many of us who dropped the ball at one point or another.
As for this column, this was probably the safest way to cover the questions surrounding JP, PacketStorm, and the other controversies. Many journalists have looked into this at one time or another, but there just aren't enough people willing to go on the record to make it a straight news story. But a columnist, as someone writing an opinion piece, has a little more leeway. He must still write factually, but can put forth theories more readily that someone writing straight news stories. I'm glad someone was able to figure out how to report this.
And I wouldn't worry too much about the lawsuits. One could easily argue that by speaking to the media -- indeed, by seeking out news coverage -- JP has made himself into somewhat of a public figure when it comes to the hacking community. If someone slammed JP because of his personal life, then that would be grounds for a suit. But since he's putting himself out there as the expert, questioning that expertise in a public forum is more than appropriate. Of course, I'm not a lawyer...!
That's it. Hope the perspective helps. As usual, this is my opinion, not that of ABCNEWS.com, ABC, Infoseek, Disney, the Mouse, etc., et. al.