From: Modify (modify[at]attrition.org) To: "John Berryhill Ph.D. J.D." (firstname.lastname@example.org) Cc: Cancer Omega (comega[at]attrition.org), security curmudgeon (jericho[at]attrition.org) Date: Mon, 18 Sep 2000 22:02:42 -0600 (MDT) Subject: Re: Polite Request : : So your saying that this mirror hurts your reputation? How will you prove : : that it didn't hurt your reputation the minute the hacked site was already : : up as opposed to after the fact. How will you prove that your reputation : : was hurt at all. How will you prove that you didn't have a bad reputation : : before the hack? And unless you can prove that the statements on the : : hacked web page aren't true then you have no case. : : You will be free to make those arguments in an appropriate forum. If you had : any sense of decency, you would have implemented the robot exclusion standard : to keep hacked pages containing personal information out of the search : engines. But it is obvious that you don't. Programming Robots to do so is impossible... which shows your lack of knowledge of what robots can and cannot do. There is definitly something behind this little escapade. : : Actually, the page wasn't copyrighted so we had a right to republish the : : page. : : Who said anything about copyright? Republication of defamatory material is : as actionable as the original publication. If the hacked page contained : illegal pornography, you would not have a right to republish the material. : Material that invades privacy and is defamatory isn't any different in that : regard. You still wouldn't know if a hacked web page contained pornography or any other personal information. : : I doubt you provided any technical assistance to any federal : : authority because I doubt you fully understand the topic of computer : : forensics.. hence, our mirror. : : You believe what you like. My doctorate is in electrical engineering. I : obtained IP addresses corresponding to his dialup from two online merchants : that he charged sales against my credit card and obtained an SMTP log from : one of his email providers. From there it was easy. Doesn't mean he didn't "server hop". Your Ph.D. doesn't mean a thing to me. He could have used a hacked account in which you would have to trace the number down via the actual ISP or phone company. The SMTP account can be forged also but then again, you knew that right? How much experience have you had in computer security...? Heck, how much computer experience have you had? Professional or not. : The link from a search engine to that page provides no context. My privacy : was invaded and personal information was posted on a government server. That : was fixed quickly. But since you are so fascinated by machines and don't : give a damn about people, you merit special treatment. You apparently DO : agree with maintaining the harm done to individuals by hackers, and behaving : like an arrogant juvenile. Your pager information is made available via your website so thats shot to hell eh? The only reason im coming off the way I am is because of your initial email to us which was that of a bully. I dont agree with harm that becomes of individuals due to hackers... We keep a historical archive of hacked web pages and changing them drastically would harm the data so that more pursuit of the matter would be tarnished... I definitly think you lack knowledge on forensics just based on the paragraph above. Also, lashing out at me doesn't help you in any way, shape, or form.. I wont play into your childish games. : Federal law enforcement has already identified this individual. Obviously : you don't give a damn about abusing people, since you maintain your site in a : manner that the mirrored pages are accessible in a non-contextual manner from : search engines. Since you have already deleted the credit card number, there : is no reason why you cannot delete my name, address, and pager number from : the page. Your refusal to do so speaks volumes about your concern for : people. I already explained above.. that your name, pager number, and place of business is already contained in your web page (also in your emails). Think about it. If they have identified the individual then why has he not been brought to justice? This is what leads me to believe that you are taking your frustrations out on us... I've probably nailed it right on the head. : As for contacting the "wrong" people, you can sort it out after your service : providers respond to the first batch of subpoenae. Sort what out? Its already present on the web site that we display. If you took 2 seconds to look.. you'd find it. There is definitly something else behind your accusations and motives. Seeing that it took you 9 months to contact us on the matter.