What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

"If you tell the truth, you don't need a long memory." -- Jesse Ventura

It Sucks to Be Me! Mark Peterson, who claims to be the first person in history caught for committing computer crime, finally posted his "exploit" to Bugtraq.Click here for the response he got.

Click here for Peterson's latest (Dec. 22) stories about why I (Carolyn Meinel) have to publicly claim that I believe everything he says. Why don't these types just bother people on IRC with their bragging?

From: "M Peterson" <apalamen@sbcglobal.net>
To: "'Carolyn Meinel'"
Subject: Actual Malice?
Date: Thu, 18 Dec 2003 20:40:04 -0600

Carolyn, you do know that by not confirming any of the information I have given you (Freedom of Information Act), 3rd-party independent consultants that you have shown actual intent and actual malice and flagrant disregard for the truth in order to discredit me?

Carolyn replies: This guy doesn't have a clue of what he is talking about. He says I could use the Freedom of Information Act to obtain records of what he implies is his arrest as a juvenile, a getting "caught" that he says is the first computer crime for which someone got "caught" in history.

First, all he has to do to prove he was arrested is send me a copy of the paperwork. This he has not done.

Second, I can't use the Freedom of Information Act (FOIA) because the US Privacy Act forbids release of Federal government documents on individuals unless the affected individual provides a signed, notarized statement and provides copies of identifying material such as a driver's license. Most importantly, the law protects juvenile records from public disclosure.

Here's the really funny thing. Everyone Mr. Peterson told me to contact for verification of one thing or another has told me they couldn't verify his allegations.

Also, I warned Peterson that if he kept it up, I'd post his correspondence on "It sucks to be me." I gave him four weeks to simmer down and apologize for his harassment of me, but all he has done is get increasingly threatening and obnoxious.

An apology would be nice…

I actually did get caught by the Source using (ME:STZ089) by (SYSOP:STC007) these were the actual accounts and can be verified and subpoenaed if needed. The FBI investigated on behalf of The Source for the sum of $4000.00 of online time. The charge the FBI used was a statute on the books from the days of Telegraph Fraud – the only thing they had. It was called ‘Fraud-by-Wire’ because data was being transmitted across Interstate Lines with a Fixed-Dollar amount attached to it - there was no precedence or statute for what I was doing. Although I was not the very first hacker, I may have been the first one who actually wanted to get caught – because he did not like seeing new hackers beginning to destroy systems and wanted a way out.

Carolyn replies: Peterson is the first person ever who has demanded that I call him a criminal. Normally a person would get really upset, and have reason to sue, if I were to publicly claim that he or she had been arrested for computer crime without any evidence that it was true. That's one reason I'm not claiming that Peterson is an arrested, perhaps convicted criminal. I have no evidence that this ever happened.

I am sorry you chose not to ignore my typos and continue to use actual malice in not verifying any of the information I gave you independently. You have instead chosen a path of a personal vendetta on a public forum to discredit me (my real name is actually Mark Peterson).

I came to your consulting firm in good faith as a potential client (privately). You called me a pathological liar, when all I was doing was trying to tell you the truth.

I apologize for calling you ignorant for not understanding the 3rd-party vulnerabilities I was trying to tell you about – but then again, you called me a liar and didn’t give me a chance to be nice to you.

Carolyn replies: I waited through many emails for this Peterson character to correct his whoppers, and all he has done is send more whoppers. He said that in 1982 he broke into NIPRnet, the unclassified Pentagon network. When I told him NIPRnet wasn't created until 1995, Peterson emailed back saying, OK, then he broke into MILnet in 1983. He got closer that time, but MILnet was not created until 1984. These were not "typos."

This email can be used in the trial. For it is the truth.

I cannot help it if I may have been the very first computer hacker caught by the FBI and chose to remain hidden all these years. Who else is claiming the first pole position? Anyone?

The first man in the U.S. convicted of computer crime was Capt. Zap -- Ian Murphy. This is well documented. The Symantec antivirus/computer security company web site has a history of computer crime that documents this. If Peterson is unfairly left out of this history, he can present his documentation to Symantec.

You have caused me a lot of unnecessary emotional distress by your actions. All I wanted was someone to tell me yes, that’s a vulnerability (I did not mean it was an exploit). In theory I thought to prove that a new browser window can be called from a compromised .JS webservice provider. It has been confirmed that “yes” it can be done, and “yes” it is a vulnerability by 3 independent security firms, that I chose to ask privately.

This is so typically Peterson. First he gives me contacts in two computer security firms who supposedly confirmed his vulnerability. They both denied it. Now he says he has three secret firms that have supposedly confirmed it. Am I am being cruel to Peterson in refusing to endorse the existence of his vulnerability without him providing a proof of concept code I could use to test it myself. Sheesh!

Do you realize that you publicly agreed that there is a “Man-in-the-Middle” vulnerability for Online Banks on the Internet? Bingo! Now how many people in normal-land realize that?

Man-in-the-middle exploits against banks have been in the news for many years. See, for example:

All I question is whether Peterson has discovered a new man-in-the-middle attack. It sounds to me like all he has is the idea of a computer criminal changing the code on a third-party server feeding into the bank's web site to pop up a window saying "gimme your back account info." This would work for about five seconds because someone would notice this funny popup and take the computer that was broken into offline. Breaking into a computer associated with a web site is hardly a new concept. Back in 2001, Fuzzi Bunni defaced Securityfocus.com by breaking into the ad server for its web site and running an insulting banner.

If Peterson really has something new, the decent thing would be to provide proof of concept code to a laboratory that can test it such as the U.S. government CERT center, so the computer security industry can come up with a way to defend against it. If Peterson is for once telling the truth that he has submitted his vulonerability to three computer security firms that have verified it, yet they are keeping it secret, what are we supposed to think? That he and they are gearing up to commit crime against banks? If Peterson has only legal intentions for his exploit, he will submit it to CERT and they will put out an alert and online banks will take measures to defend against Peterson's exploit. He has no business harassing me to pretend that I have verified his exploit!

That’s all I was trying to get you to see… I was right in front of it, setting banks up with the technology and did not realize the basics of the vulnerability of allowing 3rd-party services to run on a secure server. It’s all I was getting at.

About the court trial: My father and brother will testify under oath that the FBI talked with me on behalf of The Source. The Freedom of Information Act will exonerate me as well.

I already wrote on this site that I have verified that an FBI agent had *talked* with Peterson. This is not the same as getting "caught," as Peterson has claimed. Not the same as a "court trial."

The FBI are in the background on all this. I gave you the information you needed to find out that I am a real true human being with all the emotions, strengths, weaknesses and frailities of a live human being and with what I hoped was proof of a weakpoint in the basic structure of Online Websites. I have written and signed depositions from 2 lawfirms in New Zealand that I was never fired and voluntarily left to go start a charity (the one I gave you).

Peterson has admitted that his boss tried to fire him. Then he left, and Peterson sued his employer over his reasons for leaving. Sounds like he got fired to me.

If a lawsuit is what will be needed for you to publicly apologize for possibly damaging a young man who left his life and loved one behind in NZ to tell the FBI and the Online Community about an overlooked backdoor without having an injunction placed on him in New Zealand – then so beit.

I leave it up to you to consider whether this email constitutes harrassment or a real attempt at trying to right a terrible wrong.

Sincerely,

Mark Peterson

PS> Can you fathom any reason why the FBI would visit a juvenile in the first place? Your placing your bets on the wrong horse if you don’t think they visited me for breaking into computer systems… all on a c-64 with a manual-dial-it-yourself $49.00 “mighty-mo” modem… J

From: "M Peterson" <apalamen@sbcglobal.net>
To: "'Carolyn Meinel'"
Subject: About your website
Date: Wed, 17 Dec 2003 15:57:15 -0600

Carolyn Meinel,

You were sent emails correcting the libelous statements you have placed on your webpage of http://www.happyhacker.org/sucks

I was not fired, I settled an employment greivance. Mr. Ottaway attempted to find a way to fire me in an attempt at circumventing sensitive NZ employment laws. I have sent emails to you in order to clarify your understanding on my email’s intent to disseminate this information correctly to you with no typos or misunderstandings.
I settled an employment grievance lawsuit. I was not fired. Please correct your website.

Carolyn replies: Sounds to me like Peterson just now said he got fired but managed to do it in some complicated way that he feels makes it somehow not quite the same as fired.

I was investigated by the FBI in the early 80’s for computer hacking. Your website is falsely presuming this event did not occur. Please correct this flagrant disregard for US laws on defamation of characters before legal action is taken.

Having an agent knock at Peterson's door [this incident verified by the FBI] does not seem to me to be a good fit to Peterson's claim of being "caught by the FBI." It cerrtainly doesn't impress me as fitting his claim of being nailed for "Fraud-by-wire."

I have a theory on how to ‘backdoor’ a website – and your statements are misleading on the accuracy of this theory. You originally stated that this could not be done.

That is totally false. I have repeatedly requested proof of concept code from Peterson so I and others can test his alleged exploit. Peterson has repeatedly refused to provide it. He's been demanding that I publicly endorse his secret exploit as being something that works. Well, duh, I don't let people intimidate me into lying on their behalf. It definitely sucks to be me when I get accosted by someone like Peterson.

I will need a public apology for your flagrant disregard for the truth to be placed in its position or I will sue you for libel. You have 24 hours to comply before legal proceedings begin.

Best regards,
Mark Peterson

Peterson can not get me convicted of libel if I am telling the truth. He also can't get a judge to convict me for giving my opinion. If he can find a lawyer foolish enough to bring a lawsuit against me for libel, the judge will discipline the lawyer for taking an obvioulsy phony case and force Peterson to pay all my court costs. I also have a good chance of winning a judgement against Peterson for harassment.

The last person who threatened to sue me for libel was none other than Kevin Mitnick. Of course he never did. Click here to read the hilarious story.

Read about Peterson's secret scheme to steal account information from gazillions of banks --->>

More "It Sucks to be Me" --->>

Tired of reading about people that want to be computer criminals or are just plain malicious? To read about hackers who use their skills to make the world a better place, click here for "Have a Great Life."


Carolyn's most
popular book,
in 4th edition now!

For advanced
hacker studies,
read Carolyn's

Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

© 2013 Happy Hacker All rights reserved.