Monday, May 4 1998




Peter,

I've read both of the e-mails that you sent to AntiOnline concerning the hacking of your servers, and if perception is reality
then you did indeed threaten their organization for publishing info and a screen shot of some kind.



Whom ever is responsible for the security of these sites and servers should be fired and should never work in a position of responsibility again in his/her life. What ever information is on these servers should be protected from everybody (even your own people). If you can't do the job then maybe you should hire or consult with the people who can!!!
You should be thankful that you found out as much information as you have and you should thank AntiOnline.



How many other people have hacked your sites that you don't know about? If some cyber punks have put our nation at risk from hacking these sites what about our foreign enemies? Do you know what they might know?
You should spend more time being proactive and less time being reactive. These guys at AntiOnline are not hiding anything from you! They are not the enemy; you're lashing out at the wrong people. Get your act together and solve OUR problems!
Don't bother responding to this e-mail, I know you've got better things to do. I just wanted to let you know everybody is watching and we know what you have threatened and we know what is right! I'm sure you got a flood of e-mail saying basically the same thing from many other people who do and will support AntiOnline should you try to carry out these threats.
I wish you the best of success in resolving these issues that could possibly affect all of us in the U.S.



Sincerely,

Ed Philllips



Mr. Phillips sent this letter to Peter Farrel, and cc'd it to me as well. From what I can see, Mr. Farrel has been
getting a lot of email lately. It's nice to know that we have people backing us when we start stepping on "thin ice" as it may be. For
those of you that read the letters from Mr. Farrel that we posted, check out this story from James Glave of Wired News.








John,

Just a support message...

Will keep this short knowing that yur getting inundated
right now. My background as an Information Systems Security
Officer for NSA has exposed me to idiotic contractors like
your DISA friend...my condolences to you. Don't let the
guy get yur feathers ruffled.

Keep crunchin' out the info my friend...as a security
professional in the corporate world now, I use your site as
a *daily* resource. Keep it up...



Jerry



See, I was right, it's not just little 14 year old hackers that visit us :P (we get an average
of about 16,000 hits from .mil and .gov sites per day, just for the record ;-P. Thanks for the kind words, and thanks
for visiting us so often. We try to put up fresh content each and every day (last week was an exception due to
certain threatening letters that we received, hehe).








Hello John.

Saw the bit about you in the press. Keep up the good work. Don't let the
codgers of the world stunt your mission. I am a 18-year IT vet. Security used
to be an afterthought, not any more.

Technologically,

Greg Levine

Systems Engineer

Sun Microsystems Computer Company

Pittsburgh Technology & Research Park



You're right, computer security is now starting to take the spotlight! It's about time!







I just love AntiOnline!

I came across your site while reading an article regarding "people searches" and instantly added it to my favorite web sites.
AntiOnline has an amazing wealth of important information on a wide variety of topics. Everyone could learn someting useful
from your web site. Even today I downloaded the internet search guide, which was very informative and easy to follow.
The mailing list is an excellent way to recieve the most current info without having to constanly check the web site.
I would also like to tell you how much I admire your work and dedication. I am glad there is a place where hackers can
freely voice their opinions.

Bye the way,

great job on responding to Peter Farrell DISA, it made my day!



-barkerm2@dms.metrokc.gov



Here we go! A government man (woman?) with a level head on his shoulders! Thanks for
the kind words, I'm glad you enjoy the site, and now everyone is wondering why they're not getting regulars emails
from our list too! Hah. Here's the story. Right now, we are VERY limited on resources. So, emails are only going
out to certain domains (for example, .mil and .gov, along with a few others, and the press people so that we can get
the word out to a larger audience when necessary). When we get the resources, we'll be sending out regular emails
to everyone. We simply were not expecting the number of people (around 40,000 of you) to sign up for this list
as did. We still have more and more people signing up every day. We're working to get the resources to reach
out and touch you all (sorry for the lame commercial spoof there).








Heres one to post in yer mailbag :P



Just got done reading the last weeks mailbag, just got back online, damned ISP
kicked me off... I'd like to make a point to coder about his comment "i have
been reading youre website for a long time. I hear you talk of educating the
public. Who are you educating? hackers? think of it this way, if sites like
youres did not release all those exploits how many sites do you think would be
hacked right now?" Think of it this way, coder, if sites like JP's didn't
release all those exploits how many servers do you think would be more
insecure than at present? If these exploits were only revealed via IRC or the
few underground boards that exist, how many SysAdmins would be aware of the
problem to fix it? I'm guessing a very small number, leaving tons of servers
more vulnerable than ever. Try and look at it from the other point. And JP,
your site 0wnz em all, bro :P

ShRewmY



Someone gets the idea! Glad you see where we are coming from!







Regarding the DISA emails, I would watch your back. Yes,
they have no moral or ethical backing, but let's remember
who we're talking about. People were raided for far less
during operation sundevil back in the 80's.It sounds like
this DISA agent is trying to pump you for information,
while at the same time trying to look like he knows it all.
Nice that he conviently forgot about freedom of speech
somewhere in his email.. good luck..



-admin@deviance.org



No, I won't get raided. I don't think I will. I hope that I won't. Please, please, please, don't
raid me. Haha. Actually, I'm on pretty solid legal ground here. Besides, raiding me would do no good. I'm not so stupid
as to keep important files on my local computer that's sitting in my living room =) I'm not doing anything illegal either.
But thanks for looking after my back!








John,

in regards to the letters from DISA,

Nice work! Loved how you handled those dumbass threats from DISA. You are totally right; and the NWH is behind you all the way. I think Antionline is groovychicken and I hit it religiously! I am in the process of expanding my local hacker group, NWH (nu w0rld h@(k3rz), to a large scale hacking/hacker-supporter group. I am 17 years old and have been programming for years and hacking bbs's and local isp's for 6 years. I am a hacker, but more importantly I study and write hackerz philosophy. I am in the process of writing a text i call T@0 0f h@(k3rZ. i will send it to you when i am finished. if intersted, since i also study law, i will write a legal-binded properly worded document pointing out all of the DISA's illegal and immoral acts the commited by writing those threatening letters.



Avatar,

NWH



Werd Yo! We be da groovy chicken. Haha, I've never been called groovy chicken before, and I like
the phrase, so I just HAD to publish this letter =)








JP,

Just want to say that antionline has been doing a tremendous
job in providing up-to-date news on what's going on and on security
issues. Kudos to all the people involved! Keep it up!



unix@the-pentagon.com



The last couple of weeks we posted letters that, for the majority, were critical of us. This week
I'm making up for it :P








John:

I have read the letter from the DISA contactor. I in turn
would like to inform you that I have personally warned the
Department of Defense about their lax security. I have
done so via a series of white papers I authored, and
presented at the Pentagon (Sec. Cohen received copies of same.)



In short, the government is negligent in computer security
and the issue itself is one mired in deep political
in-fighting. Instead of allowing DISA to try and cow you
under, I propose you counter-attack. I will help you with
the intellectual side for quite frankly, the government
computer security issue (along with Microsoft), put me
financially under.



-I'm leaving his name off of this

NSA trained and recognized computer vendor security analyst (VSA)

Microsoft Corporation's contracted representative to the National Computer Security Center/NSA.



Man, you people thought disgruntled postal employees were bad news!







JP

First let me say that although we may not agree on some points,
I find your website informative and interesting. I strongly
disagree, however, with the letter from the sysadmin who says
"If the system is left open it deserves to be hacked PERIOD". That
is ludicrous. Even if a sysadmin is lazy or inept, that can never
justify someone intruding where they don't belong or tampering with
information they have no business tampering with. Unfortunately this
notion of "It's OK to make system intrusions if a way in is found" is
too prevalent in the cyberworld. Following the same line of
reasoning, it's OK for me to smash the windows of your house and
burglarize it because you didn't put bars on your windows to keep me
out. I believe that every person and corporate entity has the right
to be free from intrusions, regardless of their lack of security
measures. Unfortunately, we don't live in such an idealistic
world....



-Mark Stringer



An issue that will probably be debated until the end of time, or until congress
updates some laws, which ever comes first =)








First, I just want to let you know how amazing a site you have going. I
had to choose a sci/tech news story to present in my Science, Technology,
& Values class, and was reading about the DISN incident on abcnews.com.
They said that you made the DEM software available on your site in the
article, so I was interested to see it. I guess they confused making the
software available with posting screenshots. Anyway, I read all the
coverage you had and it really helped with my paper. I just thought I'd
let you know that I quoted part of the email that you got from that
military official in the paper I am doing on the article. (Don't worry, I
credited you.)

Thanks...



Well, I may have left college, but I'm still making my contribution to them
apparently. Be sure to write us and let us know what grade you got!








JP,

I will try to make this brief. Your site is excellent. I work very hard
to keep our systems safe, and your site, along with rhino9's, plays a
major role in my being able to do my job well. I would like to note,
most competent systems engineers use either stringent transport layer
filtering or application layer gateways, which do an effective job of
securing internal networks (so long as they are properly monitored and
configured) from the outside. However, even the best engineers, admins
and managers usually have piss-poor security on the inside network (and
I am probably not one to talk). This is not because they don't know any
better, it's usually because users and management complain of the
inconvenience of strong passwords, 30 day password roll-overs, etc. As a
result, it takes only a matter of minutes, at best, hours, with a brute
force cracker to gain access on most LAN's. The attitude with most
system admins and engineers is "we hope everyone on the inside is nice".
Yet over and over again, the vast majority of computer crimes are
committed on the wrong side of the firewall. I would really like to see
more publicity, discussion and information on this issue, even if they
are not as glamorous as elite 'nix and site cracks.



Thanks and keep it up,

Ned Gnichtel



This guy brings up a very good point (besides the one that AntiOnline is a helpful
resource to system admins =) Securing not only access to important servers from people that are outside of your
network, but also securing it from those WITHING. We'll be talking more about this issue in the future on AntiOnline.
Keep your eyes open for it. (ok, you get jp's unofficial Official Good Idea For New Site Content Award)








Hey jp:

want some cc#? with full name and address



-kenslinky



No.







John,

I'm aware of the troubles you have been facing lately, but this
should not surprise you: people still can't tell the difference
between a site like yours, or even CMU's CERT (where you'll often
find the same information available at your site), and a site
aiming at "hacker education", as one of your readers have put it.
No doubt people are in need of information, and your site is a
valuable source of information... Just give people some time.



On the other hand, I would like to remind you that you and your
site are highly visible on the Net: that's why people like the
MOD may exaggerate when telling something to you. Anyway, it's
not easy to be trusted by the hacker community: you are, and
this is what makes your site unique.
Best regards,

Cris

Sao Paulo, Brazil