Figure 1: What people saw when they clicked on a malicious
link to Antionline.
So far that was just a denial of service attack. Where the
social engineering came in was when Martin and his buddies claimed
on their web sites that Vranesevich was denying access as an
attack on their web sites, trying to harm them by making their
links not work.
However, it was easy to for anyone to find out why those links
didn't work. Just run the mouse cursor on top of a link and you
can see at the bottom of the browser that the link looks really
weird. Also, in most browsers there is an option to let you download
the source code for the page, which is how I got a copy of the
above bogus link to Antionline.
When this silly attack failed to arouse mass indignation against
Vranesevich, Pete Shipley tried a new approach. To recap, he
runs the official email list for the Def
Con hackers' convention (which is owned by his good friend
Jeff Moss, until recently an employee of a major National
Security Agency contractor, Secure
Computing Corp.). Someone subscribed a large number of made
up user names with antionline.com to the Def Con list. Oh, yes,
someone also subscribed a lot of made up user names to my cmeinel.com
domain, which at the time was using a POP3 server on the Antionline
network. We were unable to get any of them unsubscribed by the
unsubscription methods publicly posted by the official Def Con
list. And, in fact, as I write this some nine months later, huge
amounts of Def Con mail list spam continues to be rejected at
the Antionline firewall. This was an illegal mailbomb attack.
I don't want to get sued disclaimer: Pete Shipley may not
be committing this mailbombing felony. Despite being the chief
security architect for Big Six accounting firm Peat Marwick,
he may simply be unable to figure out how to keep the Def Con
list he administers from doing this.
More on social engineering --->
Back to the index of "Everything You
Wanted to Know About Social Engineering -- But Were Afraid to
Ask --->
