Interview: Grill John Vranesevich of AntiOnline

Can you say "controversial figure," boys and girls? Within the hacker/cracker crowd, nobody stirs up as much noise as John "JP" Vranesevich, founder and owner of the computer security site AntiOnline.com. This is your chance to go straight to the source and ask John himself what's up with all the sound and fury that always seems to surrounds him. (Punch the "Read More" link to continue.)

Before you start posting questions for John, you may want to learn a little more about him. First check his Web site, AntiOnline. Then take a look at this story about him in The New York Times (free registration required). And, for a sample of the kind of animosity John has stirred up among some members of the "inner circle "hacker/cracker and computer security crowd, you might want to check this site, too.

We expect this interview to be full of fire. Fine. We have our flameshields set to "high." But realize that the questions we forward to to JP Tuesday afternoon are subject to our usual screening process; we're only going to send him the 10 - 15 questions deemed most interesting and/or relevant by Slashdot moderators and editors, so please try to be as level-headed as possible.

John's answers will appear Friday.

This disappoints me

Seeing slashdot contribute to the fame of such a character just really disgusts me. Everything I've read says that this guy is a self-promoting nobody who doesn't know his stuff, and everything I've seen him do involves him sueing someone because they came out and said as much. The only question I have is why he even thinks he deserves to be interviewed here. I've never heard of anything positive coming from him and I've heard of a lot of negative stuff
-Mike

attrition.org

Mr Vranesevich:

Having read many accounts of your interactions with the staff of attrition.org, it seems to me that your claims against them are generally unproven and rash. Their rebuttals are always filled with detailed fact and systematic, step by step analysis of the topic at hand. Please clarify why you feel that attrition.org is such a dangerous force, yet you have neer been able to present HARD EVIDENCE to that point.


--
I live in the ocean

Explanation of Packet Storm

Many of us in the hacker community (not cracker) used the Packet Storm security site for information and research. You had it shut down for some alleged things in the /jp directory. Explain to us why you called Stanford to shut it down rather than dealing with the maintainer. What did you accomplish by threatening to sue other than futher harm your image and remove any creditbilily you had?
-Davidu

Re:Slashdot no longer supported. Morons

No, I think it's in Slashdot's best interest as a journalistic medium to do this.

However, I think it's in Slashdot's _readers'_ best interest to utterly ignore this article if they think he's a fraud. Look into his past yourself (and don't necessarily take either him or his biggest detractors at face value) and determine if you think he needs more free publicity or not.

The best thing those of us who _are_ detractors can do is:
1. Don't ask questions under this article
2. Don't moderate any questions in this article up

An honest suggestion...

...from a loyal /.'er

Don't send this guy a dang thing. Everything I have seen from both his side and those of his detractors has painted him as a sham and a joke. I really don't give a sh*t what he thinks, I know his opinions are biased and baseless. Don't taint what have been quality interviews with this tripe.

What a shame....

It is a shame to see slashdot come to this, knowingly selecting highly inflamatory material with little to no redeeming value, for the sake of increasing banner revenues. I first noticed this with Katz, but now I'm seeing it with JP as well. Both are nothing but cheap hacks. It would be a waste of words to describe how and why, I believe the "editors" know full well what they're doing.

I've said it before, and i'll say it again; I believe slashdot may very well hurt themselves financially in the long run. Though these "articles" may create short term revenues, they detract from the site. I have little doubt that the real secret to slashdot is intelligent discussion. Katz and JP simply tear it apart--leading to flame and dogma. The people who participate vigorously in such discussions tend to be younger, immature, etc. People, such as myself, on the other hand, only have so much tolerance for this kind of behavior. When the more intelligent people (better contributors) leave, the heart and soul of slashdot will too. With out this certain intellectual vitality, slashdot will rapidly degenerate.

PS: I said I wouldn't, but I changed my mind...I knew JP a couple years ago on undernet (IRC) in #cha0s, and other such channels. He was, and always will be a clueless idiot. He is a horrible writer. He doesn't know the first thing about computer security. What he is, is an opportunist, and a not very intelligent one at that. The reason he is "popular", if you could call it that, is that he was in the right place at the right time. Namely, he acted as a conduit for the media when "Analyzer" (the moronic israeli hacker) did his thing. Since that time, he's been trying desperately to sensationalize everything and purporting himself to be an expert. In short, he's a hack.

Unprovoked Attacks on Other Security Experts

What is the basis for your attacks on security Experts such as Attrition.org?

To Clarify the question:
Why do you proclaim them to be 'dangerous hackers' while they do essentially the same thing you claim to do, except that they do so better, faster, and more professionally.

Kintanon

?

Why did you deliberately block links from Slashdot, HNN, and any other site who criticized you during the closure of Packetstorm?

Re:? --- Good Question

I remember visiting AntiOnline a few days after the packetstorm incident by following a link from slashdot, and being bounced with a message that read something like 'The page you are being refered by is a known hacker website...'
Can you please explain how you classified Slashdot, a site which reports news, does interviews, and encourages discussion as a Hacker website?

Kintanon

question

Why did you decide to let Slashdot interview you? How did the response you got compare to what you expected?

Me? Quiet? HA!

Ok, normally I'll sit back and watch the interviews, maybe ask a question if I have an interest in what is being discussed. Also, let me take the time to say that I am a longtime reader of Slashdot, and it is easily my favorite website on the internet.

But John Vranesevich?

He is arguably the most despised figure in the h(cr)acker community, with Carolyn Meinel neck and neck. Both of them follow the same ideals and public image. What's that? Being a FAKE. Vranesevich has shown many many times that he has absolutely no clue about real computer security, and has been proven beyond a reasonable doubt in my mind that he goes to disgusting lengths to get a story, i.e.: "Hey, here's some cash. Hack that site, and let me cover it." (Attrition's site [attrition.org] has remarkable backing for this theory.)

What's more, Vranesevich absolutely cannot stand being criticized. Any site which puts up content that criticizes, parodies, or shows Vranesevich to be a fraud, he throws a fit, cries, and threatens legal action. Attrition, Innerpulse [innerpulse.com], PacketStorm all have received threats. (At one point, Slashdot ran a less-than-flattering story about him, and I E-Mailed CmdrTaco letting him know that he quite possibly might get possible legal action from JP. (Nothing happened, but everyone knew it could have.)

You may be wondering how I know all of this. Well, a long long time ago, JP was an operator in a very large IRC channel [hackphreak.org] on undernet [undernet.org]. I happened to be an op too. The difference is, I still am. He knows I know him, as does everyone in the channel. We knew him when he was a small time loser. He's still a loser, but now just big-time.

Which is why I'm puzzled, amazed, and quite frankly disappointed that Slashdot chose him for an interview. He's not at all insightful, and can't offer any kind of intelligence to this forum.

-- Give him Head? Be a Beacon?

2 questions

How do you respond to allegations that the FBI is investigating your knowledge of attacks before they happened and the accusations by some hackers who performed said attacks that you paid them or otherwise coerced them to do it in order to have coverage for your website?

Why do you feel that sites containing satirical humor based antionline are not protected by law and therefore open to your threats of legal action?

Make your own decision: - URLs FYI

I've kept one lazy Eye on the subject at hand. While I could spout my beliefs, I would instead like to give a listing of places to visit so you could make up your own mind. A good portion of what is out there is negative. JP has made a few too many enemies. And those enemies are quite vocal. OK, I will spout a little bit. I think most of what he has done is juvenile and a bit underhanded. However, I've never really heard his side of the story. JP tends to hurl inflammatory remarks towards his accusers instead of actually debating the subject. Anyhoo:

http://www.attrition.org/negation/

http://kuruption.cha0s.org/jp/jp.html

http://www.forbes.com/columnists/penenberg/1999/ 0927.htm

http://www.antioffline.com

http://www.antionline.com

http://www.happyhacker.org

Try running a query on HNN's news archives:

http://www.hackernews.com/cgi-bin/htsearch?confi g=&restrict=&exclude=&method=and&words=ant ionline

Try specific queries with AO and certain News Orgs:

http://www.altavista.com/cgi-bin/query?pg=q&sc=o n&q=%2Bantionline+%2Burl%3Amsnbc.com&kl=XX &stype=stext

http://www.altavista.com/cgi-bin/query?sc=on&q=% 2Bantionline+%2Burl%3Awired.com&kl=XX&pg=q

Search Altavista for the keyword Antionline, but exclude any from that domain:

http://www.altavista.com/cgi-bin/query?sc=on&q=% 2Bantionline+-url%3Aantionline.com&kl=XX&p g=q

I'm sure there is more, but I cannot think of any off hand.

Anti-Anti-Anti-Online

Are the rumors that you will be spinning off a sister site called Anti-Anti-Anti-Online to dispell the malicious accusations and deprecations of your obviously magnanimous professionalism and intellect and to further bolster the image of Anti-Online and your integrity as a computer-security-expect-guru-enthusiast, true?

Re:Explanation of Packet Storm

Many of us in the network security community (that is, those of us who actually make a living at it) find things like Packet Storm and attrition.org rather helpful at times as well.

On the other hand, I've never found anything of value at AntiOnline. Nothing. Nada.

While I don't really care for some of the attitudes and actions of the black hat community (the l0pht being one huge exception), I find AntiOnline's much, much worse. AntiOnline's goals seem to be more to harass people who may or may not be involved in questionable activities, rather than educate people about security and privacy issues, which is what I believe is the true purpose of a security professional.

And no, I never was a 'c00l hax0r d00d' either. :)

I personaly don't think that Mr. Vranesevich is qualified to act as a security professional, let alone as an 'expert'.

I have no questions that I would care to hear his answer on. In fact, when his article comes up, I would hope that no one reads it or comments on it. That would be the ultimate protest on Slashdot...

jf

Serious questions that aren't insulting

Most posts so far are either complaints about the interview or questions so insulting it would make /. look bad to ask them. This post is a list of the most serious questions asked so far, followed by a few of my own (I know nothing about security):

by NME

There are a lot of security information sites on the net, of varying quality. Why should I read AntiOnline? I suppose I'm wondering what you feel that you're adding/offering that makes you unique.

by mochaone

Why are you hated so damn much and do you care?

by Rabbins

How do you define your current role? -and- How do you see your role in the future?

by platypus

What were your most important works in the security related area, ie. posting to relevant(!) mailing lists (let's say bugtraq, ntbugtraq, RISK), articles in magazines, papers or lectures?

by Kintanon

What is the basis for your attacks on security experts such as Attrition.org?

by imac.usr

What's your opinion on the security of wireless standards like 802.11? Are devices like the AirPort secure enough, and if so, for how long?

Additional question of my own:

/.s attitude towards you has been universally negative, and your attitude towards slashdot has also been extemely negative (I seem to recall some claims about being a den of hackers, and blocking viewers from /.). So why are you willing to be interviewed, and why do you think /. is willing to do the interview?

Why are you so law-suit happy with your detractors and rivals? A lot of people have critized you for this, from fellow security sites to Forbes magazine. How does it help you (if it does)? If it doesn't help you then why do you do it?

Here, let me help

Hey slashdot editors! I know you are busy, and maybe that's why you thought interviewing JP would be a great idea. I've already posted a comment on why I think this is a very bad idea. So I thought I would try and be productive. Here is a list of people who are of the right caliber to merit an interview (that is to say, try interviewing great folk like this FIRST before wasting your time and ours on JP):

(from the 1999 Free Software Award Nominee [gnu.org] page)

1. Tom Adelstein
2. Eric Allman
3. Lennart Augustsson
4. Stig Bakken
5. Donald Becker
6. Brian Behlendorf
7. Tim Berners-Lee
8. Jim Blandy
9. Craig Burley
10. Thomas Bushnell
11. Shane Caraveo
12. James Clark
13. Alan Cox
14. Miguel de Icaza
15. DJ Delorie
16. Theo De Raadt
17. Matthias Ettrich
18. Paul Eggert
19. Ralf S. Engelschall
20. Fred Fish
21. Olivier Fourdan
22. Fractint Team
23. John Gilmore
24. Andi Gutmans
25. Chuck Hagenbuch
26. Carsten Haitzler
27. Charles Hannum
28. Shawn Hargreaves
29. Geoff Harrison
30. Mike Heins
31. Joey Hess
32. Earl Hood
33. Jordan K. Hubbard
34. Dan Ingalls
35. Lars Magne Ingebrigtsen
36. Kyle Jones
37. Bill Joy
38. Alexandre Julliard
39. Mike Karels
40. Jeremy Katz
41. Spencer Kimball
42. Donald Knuth
43. Werner Koch
44. Alfredo Kenji Kojima
45. Jeffrey A. Law
46. Patrick Lenz
47. Marc Lehmann
48. Rasmus Lerdorf
49. Mark Linton
50. Paul Mackerras
51. Peter Mattias
52. Doug McEachern
53. Caolan McNamara
54. Kirk McKusick
55. Bram Moolenaar
56. Tobias Oetiker
57. Tim O'Reilly
58. John Ousterhout
59. Dave Rand
60. Brian Paul
61. Nicholas Petreley
62. Bernhard Rosenkraenzer
63. Alessandro Rubini
64. Dr Douglas Schmidt
65. Keith Sklower
66. W. Richard Stevens
67. Darryl Strauss, Zeev Suraski
68. Danny ter Haar
69. Andrew Tridgell
70. Jorrit Tyberghein
71. Bert Tyler
72. Guido van Rossum
73. Miquels van Smoorenburg
74. Wietse Venema
75. Paul Vixie
76. Patrick Volkerding
77. Tim Wegner
78. Jim Winstead
79. Jamie Zawinski
80. Phil Zimmerman.

Granted, some of these have been covered already, but maybe a handful at the most. I must confess to maybe knowing who 10% of these people are. I would sure like to know something about the rest of them. Just imagine all the cool stuff each of these people has to offer--why in the world are we looking to interview inflamatory, damaging people like JP?

Just trying to help :-) I figure 80 some odd suggestions should keep you busy for a while.

JP's general hypocrisy.

I have several questions which I will ask within the narrative below. The narrative is important to understand the context of the questions, and to support my arguments.

Several months ago I was raided by FBI for supposed involvement with the "hacker" group gh. The extent of my involvement was participating, as a caller only, in illegally funded phone conferences. JP, who also participated in this conferences, labeled me as a hacker, and a member of gh on his "news" site. Neither of these accusations are true. He has many more ties to this and other hacker groups than I have ever had. My first question is this; If you label me a hacker, than do you label yourself one? Are you in your little database of supposed computer criminals? Secondly, How can you pretend to be taking a stand against "hackers" while you are involved in the same activities?

My third question is in regards to your coverage of the situation. You posted unconfirmed information from an unreliable source in regards to the status of my employment at a prominent software development company. As a result of this I was contact by several news agencies, and immediately stereotyped as a hacker even though I have never illegally penetrated any computer system, nor had I been charged with, or accused of any crimes by the FBI. In response to this I granted one news agency an interview, which I thought went well, but also backfired. As a result of the negative press my former employer could not even consider allowing me to stay. My question being, Do you expect people to consider you as a reliable news source even though you report data which you receive through unreliable channels? And lastly, Did you ever stop to think what the impact of your coverage might be? It seems to me that in your rush for the big story you have failed to check for the correctness in your articles, and as a result of this you are hurting innocent people, such as myself. I'm sure this has gone on in other cases, but mine is the only one I have enough knowledge to comment on. I don't attribute these unfortunate events to you, but you certainly did not follow good news practices in reporting them. You have only served to injure my credibility and your own.

Lastly, have you ever considered what legal action may be taken against you for your involvement with these criminals? Do you even recognize the hypocrisy of your stance on hackers being one yourself by your own definition?

Sincerely,

Jeff