http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2154128,00.html Badlands Hackers get their kicks on Rt66. By Kevin Poulsen October 23, 1998 When Mark Schmitz talks about the computer intrusions that have plagued Rt66, the small ISP he cofounded in the dusty heart of New Mexico, I can hear the steely determination in his voice, the stoic monotone of a lone gunslinger strapping on the iron and adjusting his Stetson before making his final stand. "It's like back in the Old West when a gang of desperadoes takes over a little town and announces that they're running things," he intones. "And there's no way I'm going to let some punks do that." When Rt66 was erected in 1993, it was a nice, quiet place to hang your email address. That all changed early this year, when the virtual town admitted a controversial new citizen: author and self-described hacker Carolyn Meinel, who proved a high-profile target to some members of the computer underground. "We've been hacked four times since March. First it was the 303 gang out of Denver, then GALF in the summer," Schmitz explains. By August, Rt66 was still working to secure its electronic billing system when the cybergang Hacking for Girliez thundered into town, hooting and hollering and firing their six-guns into the air. [He has no proof or logs to back the claims that the "303 gang" did anything. This mythical gang is mostly the product of Ms. Meinel's imagination.] When the dust settled, Rt66's main webpage had been rewritten, railing against Meinel and displaying a list of twenty credit card numbers of Rt66 customers. The system was down for two days, as Schmitz and his deputies analyzed the attack and patched security holes. "We lost three percent of our customer base after the August hack," says Schmitz. [Losing 3% of customers vs kicking off a single user that is lying about the ISP's talent. Not a sound business practice.] With the HFG hack, Schmitz developed some respect, not just for the desperados' skill, but also their code of honor. "I was really impressed. They could have sold the credit card numbers to someone wanting to use them, and they didn't. No one ever tried to make fraudulent charges. HFG just wanted to embarrass us, and they succeeded." [Yet Mr Schmitz was partially behind the claims that HFG did 1.8 million dollars worth of damage to the ISP.] But Schmitz has his own code, and though he knew he could end the long series of rampages with a few keystrokes, he wouldn't. He wouldn't kick out Carolyn Meinel. (continued...) http://www.zdnet.com/zdtv/cybercrime/chaostheory/story/0,3700,2154853,00.html Badlands: The Target To understand why the small ISP Rt. 66 came under fire, you have to understand Carolyn Meinel. Good luck. By Kevin Poulsen October 26, 1998 According to her bio, Meinel is the author of The Happy Hacker: A Guide to (Mostly) Harmless Computer Hacking, a small-run title that's sold over the Internet. She's dedicated to teaching people to hack responsibly, and her website boasts a hacker war game that allows curious neophytes to come out and play without breaking the law. She's been cited as an authority in the media, and authored an article in the October issue of Scientific American titled, "How Hackers Break In ... And How They Are Caught." [Who cited her as an authority? Uneducated journalists? Herself?] Which does nothing to explain how Meinel so infuriates the hacker community. Her theory is that those in the computer underground don't want their secrets exposed. "They want to feel special," she told me, "And I'm telling people how to hack." Since nobody has attacked other public sources of hacking information-- such as 2600, the Hackers Quarterly-- a single issue of which reaches more eyeballs than Meinel's book-- I went looking for a better theory. [How about, the others teach correctly, have no ulterior motives, and the authors are actually versed in security or hacking?] The underground, it turns out, claims Meinel is a fraud, whose real talents lie in aggressive self promotion, not computer security. A widely distributed, point-by-point critique to her Scientific American article colors her a "notorious Internet con artist," and "a veteran Internet security charlatan." But that answer is also unsatisfying. Other authors have attempted to convey intricate computer security details to the general public with varying degrees of accuracy-- the task inevitably requires some simplification. Moreover, there are very few writers who are also first-rate hackers. At least when talking to me, Meinel didn't put on airs. "I'm not the most ingenious hacker in the world," she offered humbly, "I'm just someone who fools around." [You call her a "first-rate hacker", then quote her as saying "not the most ingenious hacker". That kind of contradiction sums her up perfectly.] The real fire behind the digital jihad may be Meinal's quirky personality. Mark Schmitz puts it this way. "I think, like a lot of reporters, she talks to the hackers on a regular basis, and I think she sometimes eggs them on and encourages them... One time she'll talk to them as a friend, and another she'll talk to them as an enemy, and they're confused and they don't like her because she's flaky." [Or because she lies to them, not eggs them on.] Emmanuel Goldstein, editor of 2600, is ambivalent about Meinel, but he agrees with the sentiment. "I don't understand, is she a friend of hackers or not? If she's a friend of hackers, why is she telling Time Magazine that they should go to prison for hacking The New York Times? I'm a bit befuddled." "I think that's one of her goals to sell her book," opines Schmitz. "If she can get the hacker groups pissed off at her she can get some more controversy and publicity." By January of this year Carolyn Meinel had been booted off every ISP in town, as cyberpunks targeted anyone who dared host her website. Then she finally found Rt. 66, Mark Schmitz, and sanctuary.