The Bill Files v3.0

November 09, 2003

The Bill Files v3.0


This is the third incarnation of the Bill Files. We originally started this text as an internal memo-style email thread between Security practitioners of several large companies, and interested third parties, such as journalists and a legal counsel of one of the companies in question.

Over the past three years, the text was amended, revised, and rewritten twice, with the latest version finished on November 7th, 2003, in response to "Dr." Bill Hancock testifying before Congress.

The opinions expressed below are those of the authors and we have linked our statements to supporting websites, for none of which we give any guarantee whatsoever. Things change, new discoveries are made almost daily, older assumptions change or are dismissed as wrong. Please, by all means, give us a heads-up if there is anything wrong in the text. Either post a comment, or contact billfiles@netwarriors.org.

Thank you, and have a great day.

Academics

According to his website (http://www.mindspring.com/~us013385/professional.htm), Bill Hancock has a Masters and PhD in Computer Sciences from Greenwich University (not to be confused with the "University of Greenwich, which is a top-notch academic organization located in London, England). Greenwich University is located off-shore from the Australian mainland, on Norfolk Island. Norfolk Island's "government", a nine-person governing body, accredited Greenwich University in 1998, after the United States closed the University's headquarters in Hawaii for a number of offenses, including the issuance of fraudulent PhD diplomas without accreditation.

Shortly after GU's move to Norfolk Island, the Australian government enacted similar laws, making Greenwich University once again an unaccredited diploma-by-mail mill. Today, the following statement can be found on Greenwich University's website:

(http://www.greenwich.edu/) GREENWICH UNIVERSITY IS NOT ACCREDITED BY AN ACCREDITING AGENT RECOGNIZED BY THE UNITED STATES SECRETARY OF EDUCATION

Regardless whether Hancock obtained his PhD and Masters before or after 1998 (his website fails to mention dates, something noone with a legitimate PhD or Masters Degree would do, and cringes upon seing), the title and associated academic honors are useless and void in the United States, Europe, and most of Asia. To claim them as legitimate is not necessarily academic fraud, but certainly dishonest and conduct unbecoming any member of the academic or professional community.

Bill Hancock's Bachelors degree was awarded by the Thomas Edison College, an accredited long-distance educator. We searched TEC's Alpha Sigma Lambda roster to find Hancock's claimed "honor student from day one" records, but were unable to locate his name. Alpha Sigma Lambda, like most honor societies, receives financial contributions from its members upon entry, which makes it hard, if not impossible, to slide through the gaps of forgetfulness.

On a related note, we have been unable to obtain "Dr." Hancock's dissertation. Greenwich University refused to communicate with us, immediately after it became apparent that we were questioning one of its former student's integrity.

Military

In most of the (now yanked) speeches online on Exodus' and Cable and Wireless' website, Bill Hancock opens his talks by making one or more cracks about his past in the United States Navy. His claims to peers, clients, and just about everyone who would listen, included three tours to Viet Nam, POW, Purple Heart, and - of course - his classified past as an operator in USN SEAL Teams seven and nine. When asked direct questions, such as the name of his swim buddy, his CO, deployment dates and locations, as well as his experiences during BUD/S training, the word "classified" dominates the conversation. His numerous medals, honors, and bravery, however, seems to be unclassified.

We were skeptical at best, when first confronted with the claims. A former SEAL and family member of a friend, elevated our skeptical approach into sheer disbelief. According to him, and to other SEALs we spoke with, later, neither will a SEAL ever forget the names of his swim buddy and CO (neither one of which are classified, by the way), no will a true SEAL ever brag about medals and badges. True SEALs, so our friend's family member, consider the small trident to be the ultimate honor, and do not need or discuss other patches or ribbons.

Our disbelief became certainty only shortly thereafter. Our questioning seems to have triggered independent research by two of the nation's foremost phonySEAL debunkers online. AuthentiSeal, the largest collection of phonies online, lists Bill Hancock as a phony on its "Wall of Shame". AuthentiSeal rates Bill as a "four star" phony, which essentially means he's been warned, continues to claim his former SEAL status, and has been placed into high positions of trust, in part as a result of his claims.

Another website, the "Phonies" list also lists Bill as a phony Viet Nam POW. (http://www.pownetwork.org/phonies/phonies90.htm). New to his claims in this list is his claim to have served between 1971 and 1974, yet another claim which either VA or military records could not substantiate.

In fact, his own CV, published on his website, contradicts this claim. In it, he states employment with Texas Instrument from 1970 to 1974 as a FORTRAN programmer and Security professional.

Professional

Claims of Mr. Hancock's actual professional career range widely from "twenty years" over "25 years as a professional and security expert" to "over thirty years of industry leadership". No one seems to notice the discrepancies between Hancock's claims to SEAL operator until 1974 (29 years from today, less than that from the time some of these claims were made). Even if Bill Hancock had left Navy service already a made professional and expert on all things security, the collision between claimed military service and professional experience did not raise the red flags it should have.

Or did it? After initial reports of Bill Hancock's "padded" resume surfaced, both Exodus Communications (his employer in 2000), and later Cable and Wireless, which bought Exodus in 2002, pulled or rewrote part of "Dr." Hancock's biography. We are not sure whether those modifications were made as part of a general rewrite of Exodus' and C&W's websites, or to limit the potential danger of exposure in case of a deeper investigation.

But even today, November 2003, Cable and Wireless continues to communicate parts of Bill Hancock's claimed expertise and experience. In a press release covering Hancock's Testimony in Congress (http://www.cwusa.com/media_events/media_center/releases/2003/11_05_2003.html) (more about this, later), Bill's resume reads like in the old days.

A well-known network and security expert and author of more than thirty books on computer networking and security

Cursory research using Amazon, the Library of Congress' list of publications, and the European List of Published Books by ISBN, shows much less than thirty published works by (Bill OR William) AND Hancock.

During his 25-year career, he has been involved in the design and implementation of some of the most sophisticated e-commerce systems and critical infrastructure networks in the world, and has hundreds of hacker trackdowns to his credit.

Please not this paragraph for later review. Take especially note of: a) 25-year career, b) hundreds of hacker trackdowns.

It is important to note, that - according to this press release, and we have no reason to doubt this - "Dr." Bill Hancock also chairs in a federal position, namely the FCC's "Network Reliability and Interoperability Council (NRIC) Homeland Defense focus group on cyber security".

At this point, we are investigating, whether or not this is an appointed position, and if so, who appointed "Dr." Bill to it.

Other websites claim different numbers and positions. Counterpane Security (http://www.counterpane.com/board-hancock.html now removed), on whose technical advisory board Hancock serves, lists twenty-six books, 350 "successful hacker prosecutions" (see above, it's not "trackdowns" and not "hundreds" but 350 and prosecutions. Given the overall high intelligence and expertise of our readers, we do not believe we have to explain the difference between tracking down and prosecuting offenders,

Counterpane also lists Hancock as having written over 3,000 articles (a claim we could not substantiate via the Library of Congress) and being the Editor in Chief for "Computers and Security".

In articles and mentions as recent as a few months ago, Bill's role with Computers and Security varies greatly. His title ranges from "Contributor" to "Columnist" and Editor in Chief.

Congress

A few days ago, on Nov. 6, 2003, "Dr." Hancock testified before the congressional House Committee on Energy and Commerce. During his speech, Hancock claimed, amongst other things:

"I have been a technical expert, "insider" and leader in the development and deployment of networking and security technologies for over 30 years."

Aside from the "over thirty years", which is - at least - thirty-one years and would place "Dr." Bill as an "insider and leader" squarely into the time he claimed to have been a POW in Viet Nam, he also claims to have been directly involved in the efforts to analyze and defeat the Morris worm, the very worm or virus which is widely regarded as the father of all virii and worms:

"In 1988, at the genesis of commercial use of the Internet, I was working at NASA's Langley facility as a consultant when the now-famous Morris worm hit the Internet."

We might be mistaken, here, but the only NASA employee we could track down from around this time, could not remember anyone by the name of Bill or William to have been involved in the Morris Worm tracking and resolution".

CISSP

Hancock holds a CISSP certification. The CISSP, officially touted as some kind of authoritative certification for Security Experts, has been described often as nothing short of a Certified Waste of Time (http://www.securityfocus.com/columnists/67). This certification, which seems to permanently attach itself to the names of whomever passed it (resulting in "Hi, my name is John Q. Doe Comma CISSP" introductions, I kid you not) is guided by a "Code of Ethics" (https://www.isc2.org/cgi/content.cgi?category=12) which states amongst other things:

"Safety of the commonwealth, duty to our principals, and to each other requires that we adhere, and be seen to adhere, to the highest ethical standards of behavior. Therefore, strict adherence to this code is a condition of certification. [...] Act honorably, honestly, justly, responsibly, and legally."

If "honesty" is a basic tenant of the CISSP certification, one has to wonder, why "Dr." Bill Hancock still carries the permanent name attachment. Is it, because the ISC2 did not learn of the inconsistencies in his CV, or is it for any other reason? We do not know. What we do know, however, is that at least six different groups or individuals contacted ISC2 over the past three years, pointing the ISC2 towards potential conflicts between "Dr." Hancock's conduct and the ISC2 Code of Ethics.

Concluding

Bill Hancock is not the first padded self-proclaimed "expert" to testify before Congress. He won't be the last, either. His obtaining employment by exaggerating or claiming prior expertise and military service is something that needs to be taken up between him and his employers, the professional working groups he is associated with, and the Navy SEAL community, which does not take too lightly to imposters and those who abuse the Trident.

In this short write-up, we haven't covered much about the colorful life of Mr. Hancock. We did not mention his claiming to have invented the Firewall, Intrusion Detection System, or DECnet, partly because it is harder to back up stories relayed to us by former and current employees working for or with him.

But, if it all had to boil down to one question, it would be whether we'd ever trust someone with "thirty years" of industry experience, who uses Microsoft Word to design his website.

Changelog

This is the third incarnation of The Bill Files. Unfortunately, we never started a ChangeLog, and due to the static nature of previous versions, never had a chance to solicit commentary, amend the content, and update his claims. Now we do. Expect changes, updates, and technical modifications as we go along. And, please, don't be shy - there's a comment facility below for exactly this reason. Remain anonymous, add your name, or don't. The webserver, this website is served from, does not log IPs which access it.