Harvard caught in hacker crossfire

Hacker backlash after university shuts down security Web site over 'inappropriate' personal attacks against AntiOnline.com.

Harvard University is caught in the middle of an online war between hacking-scene follower AntiOnline.com and the hacking community at large.

On Wednesday, the Cambridge, Mass., university removed an independent security Web site, known as Packet Storm, which it had been mirroring on its servers for only 10 days.

The reason: A directory of material hidden in the Web site, and thus on Harvard's servers, that had "sexually related material and personal attacks on an individual not affiliated with the University," said Joe Wrinn, director of news and public affairs for Harvard, in a statement released by Harvard on Thursday.

"We agreed to have a site that had security-related materials only," said Wrinn. "Both parties involved were using us in a way that was completely inappropriate."

Ken Williams, a North Carolina State University employee and the Webmaster of Packet Storm, angrily refuted the allegations.

"This statement is incorrect, and even libelous itself by implying that I had 'sexually related material' on the server," he wrote in an e-mail. "I never did!"

According to Williams, the directory -- labeled "/jp" because it was a collection of material satirizing AntiOnline founder and chief John P. Vranesevich -- had a parody of the AntiOnline site.

But others familiar with the site said that the parody also contained photos of nude women that were intended to be more sarcastic than sexual. Harvard obviously didn't get the joke. Harvard's Wrinn did not know specifically what sort of "sexual" content was contained on the site.

Harvard in the hot seat
"We are in the middle of this and it's inappropriate," said Harvard's Wrinn, sounding distinctly uncomfortable with the attention that the issue was attracting. Harvard intends to send the complete contents of the site back to Williams so that he can post it elsewhere.

No wonder: Packet Storm wasn't just a small-time site -- it had been the place to go for both hackers and security experts to get up-to-date security information.

"Packet Storm was a huge compilation of security tools," said Brian Martin, known as "Jericho," one of the Webmasters at hacker news and information site Attrition.org. "It was updated daily with tools. It was always there."

Among organizations that used and mirrored the site: The Department of Defense and the Federal Bureau of Investigation, claimed Webmaster Williams.

'I didn't have an anti-J.P. Temple of Hate'
Yet, Williams had also sided with many others in hacker circles who have been waging a war -- of mainly -- words against AntiOnline's Vranesevich and his latest ally, Caroline Meinel, security researcher and webmaster of The Happy Hacker.

"I didn't have an anti-J.P. Temple of Hate or anything," said Williams. "But there are companies, organizations, and individuals out there that [we believe] are black-eyes of the industry."

So, Williams attached a non-public directory to the Web site that archived parodies and criticisms of AntiOnline's founder.

The directory represented a single facet of a complex war of image in the hacker not-so-underground. For the most part, AntiOnline and its main foe, Attrition.org, have squared off with conflicting allegations of slander, libel and plagiarism.

Hitting close to home
For AntiOnline's Vranesevich, the directory buried inside of the Packet Storm site hit a little too close to home.

"I can understand a parody -- I have no problem with that," said the 20-year-old Pennsylvania Webmaster, adding that he thought Williams crossed the line into poor taste by adding high school yearbook pictures of Vranesevich and his family to the online archive.

Williams acknowledged that the photos had been put up, but that since they had come from a source already online, the Packet Storm Webmaster thought the pictures were fair game.

Vranesevich's answer? The Webmaster notified Harvard of the hidden directory in a letter to the university's provost -- and Harvard quickly took the site down.

Did Harvard act too quickly?
B.K. DeLong, a Boston-based computer security consultant, thought Harvard acted too quickly.

"I am kind of disappointed that an institution like Harvard was so quick to pull the plug just to avoid a potential suit," he said.

Yet, Harvard wasn't the only one to act quickly. By late Wednesday night, the Keebler Elves -- the cybergang that claimed responsibility for hacking into the National Oceanic and Atmospheric Administration last week -- defaced another government Web site with the news.

"Now, because [of] JP ... Packetstorm is no more, and never will be again," the hacked site lamented.

Unnamed hackers also struck at AntiOnline more directly. AntiOnline's site came under a denial-of-service attack -- which floods a particular site with random data -- so severe that its Internet service provider pulled the site for almost 12 hours on Thursday, said Vranesevich.

Ugly threats
Other attacks were even less friendly. "I have received more death threats in the last 24 hours by phone, than I have in five years," he said.

Not quite an apology, Vranesevich added that he never intended the entire Packet Storm site to be taken down.

"I know what it's like to have the university stomp its foot down on you. When I was a student at the University of Pittsburgh, I had my Web site shut down," he said. "But I never threatened anyone."

In his mind, the contents of "/jp" did.