Former hacker site changes course, gets hacked

AntiOnline late last week suffered one of its first successful attacks, which automatically redirected visitors to the hacker's site. Prior to that, AntiOnline claims it succumbed only once to its online attackers, when a denial of service attack brought the site offline for a few hours. In a denial of service attack, the attacker jams the system with a large volume of bogus queries or requests.

But this pair of successful attacks is no indication of the volume of hacking activity AntiOnline has been fending off recently, according to founder and general partner John Vranesevich.

"This month so far we averaged around 475 hack attempts an hour," said Vranesevich. "That's up from about 30 an hour two months ago."

An increase in hacking attacks could be expected with any site whose profile is rising, and a site professing an expertise in computer security is a particularly attractive target for malicious hackers. But the dramatic rise in attacks against AntiOnline stems largely from the perception that the site, which rose from the ferment of the underground hacking scene, has allied itself with the corporate and governmental interests that seek to stamp out malicious hacking.

"Our goal as defined is to fight malicious hackers," Vranesevich said. "We look at who's hacking what, we look at their motivation and their methodology. Most security companies are studying the mechanics of the gun. What we're trying to do is study the people who pull the trigger."

That has not left Vranesevich very popular with his subjects.

Now it's personal
Indeed, Vranesevich has become one of the most controversial and widely reviled figures in the hacking world. He said he has received threats to his family and himself both online and off.

Earlier this summer, Harvard University found itself at the center of an AntiOnline controversy after Vranesevich successfully prevailed on the school to evict from its servers a Web security site called Packet Storm Security, which Vranesevich alleged featured defamatory attacks against him and family members, including his image superimposed on pornographic images and a page with his 17-year-old sister's photo, name, and address.

Harvard issued a press release stating that the site, which it says it hosted "as a service to the Internet community," included "sexually related material and personal attacks on an individual not affiliated with the university." Harvard officials did not elaborate on the site's contents. Packet Storm Webmaster Ken Williams denies both Vranesevich's and Harvard's characterizations of his site's content, though he acknowledged that a picture of Vranesevich's younger sister did appear next to a yearbook picture of Vranesevich.

Harvard's decision to pull Packet Storm created an uproar among hackers. In much of the debate in newsgroups and on news and discussion site Slashdot.org, Vranesevich was portrayed as siding with the establishment against the grassroots hacker community.

In general, Vranesevich does not deny the trend. In fact, Vranesevich said much of his time these days is devoted to working out deals to collaborate with firms on proposals for the U.S. military's research and development arm.

"Some of the changes we've made have made the underground unhappy," Vranesevich said. "For example, we're forming new alliances with corporations on some contracts for DARPA," the Defense Advanced Research Projects Agency.

DARPA handles research and development for the Defense Department and does research and development deals with small firms like AntiOnline through its Small Business Innovation Research program.

Dangerous knowledge?
If proposing projects for the military--another favorite target among hackers--isn't enough to raise hackers' ire, Vranesevich is also causing controversy with his Knowledge Base for use by military and law enforcement personnel. A free subscription to the Knowledge Base lets subscribers access information including profiles on individual hackers and their activities.

Subscribers, who have to apply for a Knowledge Base subscription on government letterhead, include members of the Army, Navy, Federal Incident Response Capability, Air Force, and Congress, according to Vranesevich.

"When we posted the Knowledge Base application form online, the hacking attempts started to rise," Vranesevich said. "There is this notion that we've sold out to other side, that we're selling information about people and they should have the right as individuals to address that information. People have called us a clandestine society forming a blacklist that the government could go after in an info-war."

And Vranesevich is not winning any popularity contests. One site, Attrition.org, maintains a site wholly devoted to criticizing Vranesevich and his enterprise.

"Vranesevich has alienated himself from just about everybody," said his Packet Storm adversary Williams. "He has definitely been shunned by the hacking community. He's looked upon as a narc, a turncoat, because of his change in direction."

To the consternation of some critics, AntiOnline has become a fairly legitimate business for Vranesevich and his investors. Since securing venture funding six months ago, AntiOnline has lined up an impressive array of advertisers to keep its staff of two full-time employees and dozen freelance writers paid and keep its T-1 line and network up and running. These advertisers include VeriSign, ISS, GoTo.com, and Microsoft.

DARPA contracts represent another source of potential income, and Vranesevich has trained his sights on the lucrative services market for future ventures.

Meanwhile, even Vranesevich's harshest critics are discovering that the hacking experience can be not only contentious, but lucrative.

"There are plans to bring back Packet Storm," Williams said. "There's corporate funding by a large corporation."

Williams said a contract prevented him from disclosing more.