Slashdot Mirror
Interview: John Vranesevich Doesn't Really Answer
Question #1
by manitee
Having read many accounts of your interactions with the staff of attrition.org, it seems to me that your claims against them are generally unproven and rash. Their rebuttals are always filled with detailed fact and systematic, step by step analysis of the topic at hand. Please clarify why you feel that attrition.org is such a dangerous force, yet you have never been able to present HARD EVIDENCE to that point.
Question #2
by davidu
Many of us in the hacker community (not cracker) used the Packet Storm security site for information and research. You had it shut down for some alleged things in the /jp directory. Explain to us why you called [Harvard] to shut it down rather than dealing with the maintainer. What did you accomplish by threatening to sue other than futher harm your image and remove any creditbilily you had?
Question #3
by Kintanon
What is the basis for your attacks on security Experts such as Attrition.org?
To Clarify the question: Why do you proclaim them to be 'dangerous hackers' while they do essentially the same thing you claim to do, except that they do so better, faster, and more professionally?
Question #4
by mattc
Why did you deliberately block links from Slashdot, HNN, and any other site who criticized you during the closure of Packetstorm?
#5
by WH
How do you respond to allegations that the FBI is
investigating your knowledge of attacks before they happened
and the accusations by some hackers who performed said
attacks that you paid them or otherwise coerced them to do
it in order to have coverage for your website?
#6
also by WH
Why do you feel that sites containing satirical humor based [on] antionline are not protected by law and therefore open to your threats of legal action?
#7
by Hard_Code
Are the rumors that you will be spinning off a sister site called Anti-Anti-Anti-Online to dispell the malicious accusations and deprecations of your obviously magnanimous professionalism and intellect and to further bolster the image of Anti-Online and your integrity as a computer- security- expert- guru- enthusiast, true?
#8 - #11
by Jeff -
(Heavily edited - RM)
I have several questions which I will ask within the narrative below. The narrative is important to understand the context of the questions, and to support my arguments.
Several months ago I was raided by FBI for supposed involvement with the "hacker" group gh. The extent of my involvement was participating, as a caller only, in illegally funded phone conferences. JP, who also participated in this conferences, labeled me as a hacker, and a member of gh on his "news" site. Neither of these accusations are true. He has many more ties to this and other hacker groups than I have ever had....
#8 - How can you pretend to be taking a stand against "hackers" while you are involved in the same activities?
#9 - My third question is in regards to your coverage of the situation. You posted unconfirmed information from an unreliable source in regards to the status of my employment at a prominent software development company. As a result of this I was contact by several news agencies, and immediately stereotyped as a hacker even though I have never illegally penetrated any computer system, nor had I been charged with, or accused of any crimes by the FBI. In response to this I granted one news agency an interview, which I thought went well, but also backfired. As a result of the negative press my former employer could not even consider allowing me to stay. My question being, Do you expect people to consider you as a reliable news source even though you report data which you receive through unreliable channels?
#10 - Did you ever stop to think what the impact of your coverage might be? It seems to me that in your rush for the big story you have failed to check for the correctness in your articles, and as a result of this you are hurting innocent people, such as myself. I'm sure this has gone on in other cases, but mine is the only one I have enough knowledge to comment on. I don't attribute these unfortunate events to you, but you certainly did not follow good news practices in reporting them. You have only served to injure my credibility and your own.
11 - Lastly, have you ever considered what legal action may be taken against you for your involvement with these criminals? Do you even recognize the hypocrisy of your stance on hackers being one yourself by your own definition?
Question #12
by sonoffreak
Why did you decide to let Slashdot interview you? How did the response you got compare to what you expected?
John Vranesevich's Response:
Greetings All
Well, I've seen many people say that I can't take criticism. Believe me, if
that were true, I surely never would have opened myself up to a SlashDot
inquisition. I knew before I even agreed to the interview, that things would
be ugly. Needless to say, I was right on the money. However, I will say
this. I was very disappointed in the downright lack of maturity that many of
the posts showed. I like to believe that most people who frequent this type of
forum are of an intellectual nature. I found it very disheartening to hear
nearly every rumor ever voiced about myself or my company being regurgitated as
if they were all fact. An educated bunch of people should understand that not
everything that they hear is true at all, and that almost nothing that they
hear is totally accurate. But, some of that could be my fault. Many posts
pointed out the fact that I have never "given explanations of" or provided
"blow-by-blow responses" to any of the things that have been written about me.
This is true. If I spent my life defending myself from every individual who
had a nasty thing to say about me, my life would end up pretty meaningless in
the end. I think that's true for most people. I decided a long time ago that
I wouldn't allow myself or my website to become dedicated to those who would
seek to bring me down. I have a lot of goals in my life, and I'm not about to
let nonsense get in their way. But, never the less, I saw this SlashDot
invitation as the perfect opportunity to talk about some of those very issues.
It's not that I feel that people who posted negative comments will read what I
have to say, and then decide that they were totally wrong about me. Those who
despise me for whatever reason will continue to do so no matter what I ever say
or do. Even SlashDot faced the wrath of dozens of people who are "no longer
going to visit this site" for one reason or another after reading the interview
bio on Monday. So much for loyalty in this day and age I suppose.
Yours In CyberSpace,
John Vranesevich
Founder, AntiOnline
Now, On To The Questions
I received a list of "questions" from Robin earlier this week, and to put it
bluntly, they were just stupid. I'm not going to waste my time writing up
ridiculous answers to ridiculous questions that no one really cares about. For
example, here is one of the questions posed to me
"Are the rumors that you will be spinning off a sister site
called Anti-Anti-Anti-Online to dispel the malicious
accusations and deprecations of your obviously magnanimous
professionalism and intellect and to further bolster the
image of Anti-Online and your integrity as a
computer-security-expect-guru-enthusiast, true?"
Now how stupid is that? What would my answer be, something like "Um, no". Not
a very stimulating Q&A if you ask me.
So, instead of wasting my time and yours, I decided that I'd simply cut to the
chase, and answer what appear to be some of the major allegations, accusations,
and other such tidbits that some people seem obsessed over.
AntiOnline & PacketStorm
First off, let me say that I didn't shut down PacketStorm, and neither did
Harvard. Ken Williams is the sole person responsible for that site being shut
down. He chose to take a popular forum which was designed to disseminate
information related to computer security, and abuse his own creation in order
to harass someone. Sure, post satire about myself or my website. I truly
don't care, and in many cases, I have even promoted such websites on
AntiOnline. One such satire site that I've linked to several times is
"AntiOffline.com". Personally, I consider satire as one of the greatest type
compliments one can get. However, what Ken did far surpassed simple satire.
By posting a photo of my younger sister (who was a minor at the time), along
with her full name and address, he successfully started a mass campaign of
harassment against her and my family. This I wouldn't tolerate. I don't care
how popular of a site it was, or how valuable of a resource it was. It was
abused by Ken Williams for his own perverse sense of amusement, at the cost of
my family.
As for all of this "threaten to sue" hype which soon followed. I never did any
such thing. I'm not sure which University Official ever told Ken Williams
that, if any, but he was certainly mistaken. I sent a simple one page e-mail
to the provost's office asking them to review the contents of the site against
their acceptable use policy. Despite Ken's claims that there wasn't any
"offending" material on the site, the university reviewed it, and chose to shut
it down. A major and prestigious university like Harvard wouldn't simply shut
down a site because some pissant like myself sent them an e-mail, unless there
was a very good reason to do so. Use your common sense people.
However, what Ken Williams did was a very successful campaign of pity
afterwards. I will admit that. "A poor college student who's website was shut
down by an evil corporation called AntiOnline. Who's college career has been
ruined, and all of his hard work lost". Truth of the matter is that Ken is in
his 30s, and isn't some naive little college freshmen. He got his site
shut-down by harassing a 17 year old girl, which shortly after being shutdown,
Ken sold for a reported $125,000 to Kroll.
Poor Ken.
AntiOnline & Attrition
This is even more stupid than Ken Williams. Despite all of the crap, and there
really isn't a better word for it, which has pored out of Brian Martin and his
Attrition.org site, I think I can sum up events in one small paragraph
AntiOnline was asked by the FBI to help investigate a group called "HFG" which
broke into the New York Times' Website. AntiOnline does some digging, and
turns over its findings. Shortly there after, Brian Martin, founder of
Attrition.org, and someone that no one at AntiOnline had ever had any contact
with before, was raided by the FBI. Ever since then, for some strange reason,
Brian Martin has attempted to do anything and everything he can to discredit
myself and AntiOnline. Wonder why? Is it because I'm an evil menace to
society that threatens the very existence of the internet and all that is
good? I wouldsubmit to you that Brian Martin's motivations are far more geared
towards protecting his own ass, than they are geared towards protecting
society's ass. Once again, use your common sense.
What exactly does AntiOnline Do?
That's something I see asked a lot on "underground" type webpages. To be
frank, we're not a public company, and it really isn't anybody's business
except those that we work with. I can, however, tell you this. The fact that
nearly every malicious hacker (or cracker if you prefer the term) dislikes
AntiOnline is actually good for us, and is the exact position I want to be in.
Some people even "joke" that I intentionally try to "piss off large groups of
people at a time". Well, it's not just a joke, it's the truth. I think I'm
pretty good at doing it too. We average between 200-500 intrusion attempts
against one of our systems AN HOUR, and every time I piss another segment of
the cyber-population off, that number skyrockets. We probably have one of the
most targeted networks on the internet today, and we take full advantage of
that. Do you think that we let the type of data that we're able to collect and
log just go to waste? I don't ;-)
Is AntiOnline Being Investigated By The FBI?
To tell you the truth, I doubt it, but I don't know for sure. But, there's a
reason why I don't know for sure. The FBI doesn't talk to anyone about who
they are/have investigated. Anyone that has ever worked with the FBI in any
manner, can tell you that they, as a rule, keep quite in order to protect any
investigation. If they were to deny reports about us being investigated, that
would confirm in the minds of others that they are being investigated, when the
FBI comes up with a "no comment" answer. Make sense?
Here's where things get funny. The person that "blew the lid off of the story"
that AntiOnline was being investigated by the FBI is none other than, you
guessed it, Brian Martin of Attrition. He told a reporter that an FBI agent
"informed him" about the active investigation.
Common sense time. Would the FBI raid someone (like Brian Martin was), and
then shortly there after begin telling that person about all of the other
investigations that they are doing so that they could spread the word all over
the Internet and ruin their case?
Personally, I would highly doubt that the FBI would consult with us if they
suspected, or were investigating the possibility, that AntiOnline was some evil
criminal empire that paid people off to break into high profile websites so
that we could post an interview.
Get real people.
Does it bother you that everyone hates you. Why or why not?
This is something that I actually saw posted on the message board. To be
honest, at this point in my life, my goal is not to become loved in the hearts
of the masses. I'm not running for political office, so popularity doesn't
count. I have goals in my life that I want to achieve. Some of these goals
are short-term, some of them are long-term. Right now, at the age of 21 (as of
October), I'm exactly where I want to be. My professional career is on track,
financially I'm in good shape, my personal life is where I want it to be, and I
can say that every day brings me closer to the goals that I have set for
myself. Who could ask for more? Sure, I have to put up with a lot more flack
and B.S. than the average 21 year old. But I'll tell you this, every minute is
worth it.
To learn more about John Vranesevich as he was seen through the eyes of at least one reporter for a respected news outlet, read this Forbes article. - RM
--------------
Next week a panel of antitrust experts headed by our friend Don Weightman will answer your questions about what might happen to Microsoft next. We've had many requests for this, but held off for a week to let all the "regular" media have their say first. This promises to be a hugely informative interview session!
He seems a politician.. he doesn't really answer the questions asked of him, simply says the same old things over and over and over again.. Reminds me of gates at the press conference MS held after being declared a monopoly.. his answer to every questions was something along the lines of "We are simply trying to make innovative software".
I'm not sure what to think of him and his belief (and judgement) that all of our inquiries are immature and stupid. I would say that the same could be said of him (which leads to a lot of childish "i know you are but what am i" type arguments). In any event, I haven't seen any decent example of skill on his part.
And that's what gets to the security community: lack of skill while professing to know it all. Skill is the only real currency infosec people know. Well, that and money.
Still and all, if he's getting attacked a lot (and he is), then even a complete moron could learn more *in that environment* than any of us could *in this cubicle I'm in* and that's important: he's under fire, and is probably learning modes and methods from it...including stuff we've never seen.
Now if he would just stop being so darned *smug* about it, I'd feel better. Personally. But that's not his job, or yours, or anyone else's...it's mine. And I don't need to hire or recommend him.
It was a mistake to ask him for an interview to begin with. It's rather obvious that this guy lives on seeing his name in print, so giving him any attention at all is just feeding him exactly what he craves.
Slashdot ain't me call, but I've got to recommend that Rob & Co. pick and choose their interviewees a bit more carefully. There are a ton of people out there who'd be an insightful read, even beyond the Three Initial Mafia (you know, RMS, ESR, JWZ, etc... what the hell is Linus' middle name?). JP is more of a thug than a creator -- he represents an awful lot that is contrary to /.'s principles: lawsuits, legal threats, shameless self-promotion, misinformation, collaborating with government hoods, etc.
In short, we ought to be ignoring this guy.
----
Every year during my review, I just pray the words "slashdot.org" aren't mentioned.
I had formed the impression, from interviews in the press, from his conduct over the PacketStorm affair, that JP was not a great deal more than a script kiddie with attitude.
This was an opportunity to rectify that perception.
Instead, he attacks as some form of defence. Sorry, but when I see someone getting *this* defensive, there's usually something to defend. Weakness and inadequacy.
A shame, really. Instead of defusing all those negative opinions, he's reinforced them.
Oh, well.
--
Peter
"Why did you..." tends to piss people off, especially if it's not something they did. The question assumes the other person is "guilty" of the alleged offence, without being open to the possibility that they aren't.
Frankly, if I ever got a questionnaire like that, I'd probably feel disapointed by the quality and matuity of the questions, too.
I -would- like to know his version of events, for some of the more hotly-debated incidents which he was allegedly involved with, but the chances are that unless he ever writes an autobiography, the full accounts of events will never really be known.
All in all, I think it's unfair to say that John never really answered, because there were never really any questions.
As for what AntiOnline does, I think that that is probably more easily deduced than obtained from questions. It clearly has a security focus, with a confidential client-specialist relationship with it's customers. From that, it seems fairly clear that the exact nature of the operations are considered sensitive, by either AntiOnline or those who it works with. That's a lot of information, and you can deduce a lot more still.
It's a small world and it smells funny; I'd buy another if it wasn't for the money; Take back what I paid (SoM)
Yes it was submitted, and YES it was a STUPID question. It was meant to be. It was moderated funny. I had no idea it would actually be /sent/, and was surprised when it showed up. Apparently /somebody/ wanted to send it...and now I'm the one with egg on my face because off the many stupid/funny/satirical questions this one was chosen. Oh well...I guess I should've checked the little "Don't give +1 bonus" box...I almost returned and reposted "Moderate this down" because I knew it was stupid...
It's 10 PM. Do you know if you're un-American?
Well, I've seen many people say that I can't take criticism. Believe me, if that were true, I surely never would have opened myself up to a SlashDot inquisition.
You didn't. As far as I can tell, the most insightful questions posed were ignored. And the fact that you wrote up this dissertation defending yourself clearly shows you CAN'T take criticism.
I knew before I even agreed to the interview, that things would be ugly. Needless to say, I was right on the money. However, I will say this. I was very disappointed in the downright lack of maturity that many of the posts showed.
If you knew "things would be ugly", why were you disappointed in the posts? You obviously knew they were coming, so clearly you expected them. (Oh, please use a colon or a comma occasionally, will you?)
I like to believe that most people who frequent this type of forum are of an intellectual nature.
They are. Take a look at some RELEVANT discussions.
I found it very disheartening to hear nearly every rumor ever voiced about myself or my company being regurgitated as if they were all fact. An educated bunch of people should understand that not everything that they hear is true at all, and that almost nothing that they hear is totally accurate.
Not one single post that I read (Blieve me, I read most of them) said that it was factual. As a matter of fact, much of the posts actually gave you an opportunity to dismiss these "facts" as untrue, AND to explain your position. But you didn't do that, did you?
But, some of that could be my fault. Many posts pointed out the fact that I have never "given explanations of" or provided "blow-by-blow responses" to any of the things that have been written about me. This is true. If I spent my life defending myself from every individual who had a nasty thing to say about me, my life would end up pretty meaningless in the end.
This doesn't lend much to your credibility. What you're saying is that both the petty shit, and the REAL allegations are both meaningless, and you shouldn't have to prove or disprove them at all?
But, never the less, I saw this SlashDot invitation as the perfect opportunity to talk about some of those very issues.
But you DIDN'T, Did you?
It's not that I feel that people who posted negative comments will read what I have to say, and then decide that they were totally wrong about me. Those who despise me for whatever reason will continue to do so no matter what I ever say or do. Even SlashDot faced the wrath of dozens of people who are "no longer going to visit this site" for one reason or another after reading the interview bio on Monday.
See, it's not that people despise you "whatever [you] say or do", they hate you BECAUSE of everything you say and do. None of the other people interviewed on Slashdot have had this problem. I wonder why.
So much for loyalty in this day and age I suppose.
Loyalty? What about all of the people you stabbed in the back to get a story? Loyalty is earned, and yet, you're shocked to find out nobody is loyal to you? Pffft.
Then, he continued by stating that the list of questions forwarded by roblimo were "stupid." I disagree. Many of them posed interesting subjects that many more would have liked an answer to. This opened up the perfect opportunity to clear up any (IF any) misconceptions about you, your website, and your position on those particular topics.
But you didn't do that.....DID you?
-- Give him Head? Be a Beacon?
-- Give him Head? Be a Beacon? :P)
(If you can't figure out how to E-Mail me, Don't.