What's New!

Chat with
Hackers

How to Defend
Your Computer 

The Guides
to (mostly) 
Harmless Hacking

Happy Hacker 
Digests (old stuff) 

Hacker Links 

Hacker
Wargames 

Meet the 
Happy Hacksters 

Help for 
Beginners 

Hacker 
Bookstore 

Humor 

It Sucks 
to Be Me!

How to Commit
Computer Crime (not)! 

What Is a 
Hacker, Anyhow? 

Have a 
Great Life! 

News from the 
Hacker War Front

Everything You Wanted to Know about Social Engineering -- But Were Afraid to Ask...


Richard Thieme: reporter of phony hacker stories

X-Sender: rthieme@mail.execpc.com
Date: Mon, 31 Jan 2000 13:44:17 -0600
To: Carolyn Meinel <>
From: Richard Thieme <rthieme@thiemeworks.com>
Subject: Re: In the words of Adam Penenberg, "So sue me."

At 12:24 PM 01/31/2000 -0700, you wrote:
>If I were to leave out that you had planned in advance to learn more about
>Se7en at this lunch, doesn't that contradict your writing so many stories
>about him shortly thereafter?

The causal fallacy here is "post hoc ergo propter hoc," i.e., after this therefore because of this. My doing a couple of interviews with Se7en afterward had nothing to do with some unannounced "plan" or alleged intention before doing them. I was very open to lerarning about everyone at DefCon, including Se7en and yourself.

>How could you explain this discrepancy?

It is not a discrepency. (see above)
>I don't even mention that you wrote magazine articles based on his wild
>stories uncritically despite knowing he was a pathological liar. I don't
>even mention the part of the luncheon where you were doing the Dutch uncle
>thing on him over his wild stories. You spent quite a loing time trying to
>persuade Se7en that he would come to a bad end if he kept it up.

This is all interpretation Carolyn and I disagree completely with your interpretation.

>In any case, this is not news but the anatomy of a social engineering
>scheme. I don't even bring up the question of whether you were the victim
>or collaborator. Actually, I am curious as to which you were. Did you just
>forget that Se7en was a pathological liar, or did you decide to sell stories
>you were quite certain were false?

Obviously, there are other options besides the two you suggest. This is an attack on my character that is not warranted. You ought to be ashamed of yourself.

>I am so fed up with phoney baloney
>hacker reporting -- that's one reason I sent out copies of this chapter.

That is a very ironic statement.

You asked my comments on the accuracy of your statements. I responded to that request.

I hope you can distinguish between an observable behavior or documented statement and your own interpretation of what you think someone's silence "must have meant." It is the difference between objective reporting and libel.

X-Sender: rthieme@mail.execpc.com
Date: Fri, 04 Feb 2000 12:50:07 -0600
To: Carolyn Meinel <>
From: Richard Thieme <rthieme@thiemeworks.com>
Subject: a legitimate concern

At 09:14 AM 02/04/2000 -0700, you wrote:
>The best I can do is write about what I observed and recorded at the time.
>I do question why you so uncritically wrote up what Se7en told you after we
>established without a shadow of a doubt at that luncheon that he was not a
>hacker and was a pathological liar.

Carolyn, that's a legitimate concern and I'll speak to it directly.

Many people in the hacking community are less than honest about the totality of their lives. That Se7en exaggerated in one obvious area to make himself sound bigger than he was did not necessarily lead to the inevitable conclusion that he was "a pathological liar." That's a diagnosis, not an opinion, and I was not in any position to make it after one lunch. So perhaps you concluded then as you say that "he was not a hacker and was a pathological liar" but I did not. Perhaps you had more context or more specific knowledge of Se7en or both. There was a great deal of exaggeration and posturing among many people at that con and in fact at many of the business conventions for which I speak - the costumes are different, maybe, but the posturing and exaggeration are the same. People exaggerate their importance and market an image of themselves that is larger than life. That's human nature.

The two interviews that I subsequently published focused on plausible or at any rate possible truths - that he had been taught by others how to dumpster dive and how to phone phreak. There is nothing in those two interviews that is not plausible, although in retrospect he is clearly describing things he knows others to have done rather than things he hasdone himself. As a description of behavior, he is accurate; as a description of himself, he is not.

And yes, it was my first Def Con and four years of experience has taught me more than I knew then. Once it was revealed to me that the entire pedophile deal was a lie (social engineering is a polite phrase for that one), I never referred to it again, and I did my best to hedge the off-hand remark about it (it was a very small part of the piece on Blosser) by saying "no one knows ..." which was the literal truth. If I had known then what I know now, I would have not said even that, of course.

And I continue to feel compassion for Se7en. He is very smart and a good writer and in my opinion is quite within the possibility of redemption. I have worked with people a lot further down than he was who have come back onto the train, and I also remember people who did not give up on me at my worse and think I should do the same with others. I liked him and I feel sorry for him. That's doesn't mean I can't see what he did clearly, just that I am going to let it go at that.

But come on, CM. We go back all the way to that lunch and that con. I killed that profile on you for Salon that I was exploring because it would have turned into a "personality piece" which would not have served you or anybody. And at least one of the solid sources you cited to me contradicted directly what you said he said ... which does not necessarily make you a "pathological liar" in my book, but does call into question how forthright and open everyone in this domain can be at different times ...

I think we all need to approach one another in this domain with greater understanding and compassion. There is simply no need to create adversarial relationships out of what can be collegial or at worst neutral postures.

Sincerely,

RT

Richard Thieme

ThiemeWorks ... professional speaking and
business consulting:
ThiemeWorks
P. O. Box 17737 the impact of computer technology
Milwaukee Wisconsin on people in organizations:
53217-0737 helping people stay flexible
voice: 414.351.2321 and effective
http://www.thiemeworks.com during times of accelerated change.

X-Sender: rthieme@mail.execpc.com
Date: Sat, 05 Feb 2000 16:53:39 -0600
To: Carolyn Meinel <>
From: Richard Thieme <rthieme@thiemeworks.com>
Subject: Re: a legitimate concern

At 09:34 PM 02/04/2000 -0700, you wrote:
>I can understand you believe that it is OK to write a story on the basis of
>no evidence just because we hadn't proven that Se7en lied 100% of the time.

Carolyn, that is not what I said. It is - once again - a distortion.

The validation given Se7en by Dark Tangent at others at DefCon 4 is not insignifcant. "Evidence" for hacking activity would consist of logs of telephone calls or computer activity and no one requests that before deciding they have a credible report in this domain. Including yourself. You yourself have established yourself as someone in "the hacker scene" while admitting to many people that you do not have sophisticated technical skills. And you ignored my statement, that people to whom you referred me directly refuted and contradicted what you said.

Can you extend to others the courtesy you want others to extend to you?

Carolyn replies: That looks to me like a pretty wimpy blackmail attempt. It only would be serious if I really was a phony computer security expert. Mr. Thieme is welcome to write any "expose" he wants to write about me. If he continues to write totally phony news stories about me or anyone else, I believe that is his First Amendment right. Whether anyone will pay him to continue writing stories he knows are phony is another matter.

Oh, yes, about my not having any sophisticated technical skills -- when I wrote "How Hackers Break in -- and how they are caught" for the Oct. 1998 Scientific American, there was plenty of opportunity for people to expose my supposed lack of skills in the letters to the editor of the Feb. 1999 issue. You will notice that no one could find anything wrong with that article. Mr. Thieme was one of the people who emailed the editor of Scientific American pretending to know that I supposedly have no technical knowledge. OK, OK, I'm not claiming I'm any sort of genius -- I'm just saying I write things that don't suck.

Back to "So Sue Me"--->


Carolyn's most
popular book,
in 4th edition now!
For advanced
hacker studies,
read Carolyn's
Google Groups
Subscribe to Happy Hacker
Email:
Visit this group

 © 2013 Happy Hacker All rights reserved.