BBC Panorama Interview with John Vranesevich, Hacker Investigator VRANESEVICH I actually got interested in security when I was in junior high school. I had one of the rare opportunities of being help administer systems at the high school, email systems, web servers, things like that, as part of an independent study programme I had. And one day I came in and one of the email servers I was in charge of administering had a problem, it had been broken into. Bob Davies, who was my faculty adviser for independent studies, basically said when I walked in the room "What the heck have you been doing to NASA?" And I said what do you mean, I just came from English, and it turned out that someone overseas had broken into our little mail server and used it as what we call a jump point to break into a system in NASA, and the NASA administrator had called our school as part of an investigation. So I sort of became fascinated how anyone overseas would even hear of little ?? P.A. Beaver that I went to school, much alone used one of our systems to break into NASA with, and I sort of became fascinated with it and started up my website shortly thereafter. CORBIN So what were you doing then with your website and what were you doing on line? VRANESEVICH On line I was learning basic things. Going back then we’re talking early 90s so the internet it really wasn’t what it was today. Certainly wasn’t anywhere near as commercialised. So I was learning ??, like I said, administering different systems, ?? systems. I would troubleshoot teachers computers as we got them in if they had problems with it and things like that. Just basically learning as much as I could. CORBIN So then you set up your website, Anti-online, and you started to go out there and to look at the dark side, if you like, of what was going on. What did you find? VRANESEVICH Yes, back then, what we now call the underground was sort of in its infancy. There were hackers out there who were probably I would say on the average much more skilled than the mean hacker is today. People who were interested in systems, who were interested about the internet, which was a new thing, who wanted to experiment with it. Back then we used the word hacker, it wasn’t necessarily affiliated with the type of maliciousness that it is today. Back then a hacker was simply someone who liked computers who was interested in them, who wanted to stretch them to their limits and wanted to develop new things for them, and help expand the technology in the community. Nowadays, as people are getting on line younger and the internet is much more easy to access, and utilities are much more easy to run, we’re seeing a younger, less mature individual become a quote "hacker" who hasn’t developed the skill set that the hacker of old developed. CORBIN Do you think these people are more malicious I their intent? VRANESEVICH Some of them. I think most of them are simply less mature. Teenagers have, throughout history, been a rebellious group, trying to fit in with their peers, trying to find their place in society, and they’ve always acted out, underage drinking, smoking, things like that to fit in. And now we simply find them doing the same things except now they have a tool that provides them with a lot more power than they used to have. CORBIN How dangerous can they be? VRANESEVICH They can be very dangerous. I mean we’ve seen teenagers break into Pentagon systems. We’ve seen teenagers shut off communications to an airport. We’ve seen teenagers steal hundreds of thousands of credit card numbers. We’ve even seen terrorists contacting some of these teenagers and attempting to hire them to do their dirty deeds. So they have a tool and it’s a very powerful tool. We, as a society, have set them up with that. We want computers in the classrooms, we want computers in the homes. It’s a great research tool. It opens up the world to a teenager. But what we haven’t focused on is the responsibility that comes with that and the type of power that the teenager then has and teaching them how to manage that. CORBIN I’d like to talk now about some of the cases that you’ve been involved in. Can you start with Solar Sunrise. Now how did you first become involved in that and how did it pan out? VRANESEVICH Solar Sunrise initially I got involved by watching a CNN report that basically said that That Deputy Secretary of Defence John Hamery had informed the President of a possible information ?? attack from Israel. And it was... I’m sorry, we need to redo that. CORBIN Okay. Tell me about Solar sunrise. VRANESEVICH Solar Sunrise I initially got involved by watching a CNN report. CNN it said that an individual Secretary.. Deputy Defence John Hamery had informed the President of a possible information warfare strike from Iraq at the time there was heightened tension between the United States and Iraq. An estimated 40 FBI agents were assigned to the case working full-time. DOD had an entire emergency group start up and begin investigating it. I was watching all this on ?? on CNN when my beeper went off, and it was a number that I didn’t recognise and I called it back and it was basically some kid that said to me "You see that shit on CNN, that’s me they’re talking about" and I sort of then got introduced to a hacker who went by the handle Machiavelli who later, as we found out, was one of three teenagers who were actually the individuals responsible for those attacks against the DOD systems. CORBIN So what were these teenagers doing? VRANESEVICH They were breaking into what I would call sensitive US military computer systems. The military has never come on officially and said what type of systems were broken into. I had the opportunity to acquire some of the log files that these hackers had had from breaking into systems, and some of the systems they broke into were literally super computers being run by the US military. So certainly it becomes quite apparent why the military were so worried and worked up about the case as they were. CORBIN And these were just under aged kids basically and yet they’d managed to do this. VRANESEVICH Well they were two 16 year olds in California and a single 18 year old in Israel that in their spare time enjoyed breaking into systems. CORBIN Do you think this really set the alarm bells ringing in terms of the potential of what these people could do? VRANESEVICH Solar Sunrise was a turning point. Shortly thereafter we saw a lot of review, both from the United States from Defence internally, from the FBI and by the government as a whole saying well if a couple of 18 year olds or a couple of teenagers can do this, what could a foreign nation do to us. And shortly thereafter we saw Project Eligible Receiver which was an NSA sponsored event where they actually had some NSA hackers, individuals in the NSA who knew how to break into systems, go after the US in a mock information warfare attack, and what they came up with was rather surprising to everyone and that was that the majority of critical infrastructures here in the United States could be attacked remotely by a foreign terrorist group or country. CORBIN So still continuing on this theme, we now come to a point at which a group calling themselves rather mysteriously the ‘Masters of Downloading’ became involved. Now what happened here and what was your involvement? VRANESEVICH Masters of Downloading.. now I got a call by the FBI basically asking me to assist in a case. An individual, as we now know was a 17 year old teenager in the California area, broke into a server on the DISA which is the Defence Information Systems Agency. It’s a division of the United States Department of Defense. It’s in charge of providing basically internet access and network connectivity to the entire US Military. CORBIN It’s a pretty central system? VRANESEVICH It is very much a central system. CORBIN Pretty classified, secure system? VRANESEVICH Right, they’re in charge of two systems. One is Nippernet, which is the unsecured network where the US Military runs public web pages, and one is Supernet which is the classified system. The hacker managed to break into the DISA and steal software that the DISA used to manage some of those networks. Shortly after he stole it, he was contacted by Khalid Ibrahim who was an individual claiming to be affiliated with Osama Bin Laden’s terrorist faction - CORBIN Osama Bin Laden, the terrorist group? VRANESEVICH The well known international terrorist. And this individual, Khalid Ibrahim, sent Chameleon a thousand dollars up front money in exchange for the software, and after Chameleon sent him the software he was promised another 10,000 dollars in additional work. CORBIN So here we had a terrorist paying a hacker essentially? VRANESEVICH Paying a kid. CORBIN Paying a kid to get him sensitive defence information to order as it were? VRANESEVICH Exactly. Luckily we found out about this and tracked down Chameleon to his parents’ home in California and 20 FBI agents raided him at gunpoint before he had the opportunity to ship the software. CORBIN And who did Chameleon turn out to be? VRANESEVICH Chameleon turned out to be an individual named Martin Mifrett who at the time was 17 years old, living out of his parents’ garage basically, who had a computer lab set up in his garage that he and his friend played in and broke into systems in as it turned out. CORBIN And broke into the Pentagon from his parents’ garage? VRANESEVICH From his parents’ garage, yes. CORBIN What does the Chameleon case show, do you think, in terms of the willingness of terror groups to use this particular means of getting information? VRANESEVICH I think, at this point, terrorist groups are just now beginning to wake up to the type of power that this could provide them. Typically terrorist groups, small, maybe not well funded, you're talking about things like pipe bombs which, as their name implies, strikes terror but doesn’t necessarily do widespread across the board damage to a national infrastructure. Here we see terrorist groups who were watching news reports every day, just like this one where they’re hearing about young teenagers being able to gain access to these type of things, or being able to cause this type of damage and concern, and I’m sure they’re beginning to wake up to the fact that they too could have this type of power and this type of influence, where before a small terrorist faction, maybe 20 individuals, could at best cause havoc to a small community, can now potentially cause havoc to an entire nation. CORBIN Carrying on with obviously the defence theme, we’ve heard about another project. There’s a project by the name of Moonlight Maze presently still under investigation. What do we know about this? VRANESEVICH Moonlight Maze I really can’t comment on because it is still an active ongoing investigation. CORBIN Are you involved with it? VRANESEVICH I am not directly involved in the case, no. CORBIN What do we know about it? VRANESEVICH Nothing that I could comment on, on the record. There’s a ruling don’t comment about any cases that are currently ongoing. I certainly wouldn’t want anything I say to jeopardise any case in any way. CORBIN So obviously there are a number of defence cases, cases impacting the security area. Now what about the commercial area. Back in February we saw a great sort of blizzard of attacks which impacted e-commerce, what was all that about? VRANESEVICH What we saw in February was what we called denial of service attacks. Basically what happens is a hacker will simply flood the connection of an internet site till the lines can’t get through. You can kind of think of it as a bank of a thousand telephones constantly calling your home phone and keeping it busy so that your friends can’t get through to talk to you. Same basic concept. And what we saw was a group what we believe to be a group of hackers doing that to some of our e-commerce sites on the internet, as well as sites like Yahoo, E- Trade, CNN and many others, and that again was a wake up call because now not only are we seeing attacks against the military system, but we can see the type of damage it can do to corporate systems. The damage in lost figures were in the billions for those attacks from lost data revenue and from these companies being forced to upgrade their systems to try to help mitigate these attacks. CORBIN The problem is though, the more a hacker realises the power at his or her disposal, because they see the effect of these attacks, the more attractive presumably it becomes to do them. VRANESEVICH Right. One of the things that people and the average individual doesn’t realise is how easy it is to do this sort of thing. This isn’t a case where the technology is advanced and these individuals are finding very creative ways around it. The technology is very open. I have to use the comparison of a gun. Anyone can go get a gun and begin to shoot people. There is nothing physically or technically that stops them from doing it. The only thing that stops them from doing it is that it’s not accepted activity by our society. We, as society, care about others in the society. We have rules and laws we set up and we make consequences to those who break those laws and rules. The same sort of thing exists on the internet where there is nothing technically that stops someone from doing Denial of Service attacks or from breaking into a system, or anything else for that matter. The only thing that’s stopping them, or supposed to be stopping them, are rules and laws. But since the internet community is one which is global, where different countries have different rules, different countries have different laws, some things which may be acceptable in some countries aren’t acceptable in another, you don’t have those type of standards where you could have in local community or even in a country. CORBIN Now one of the cases that you’ve been involved in recently involved an online store called CD Universe, selling CDs over the net. Now I think that’s pretty much an example of what you're talking about. How did you get involved in that and I want you to sort of take me through it as to how the calls came in and how you actively went on line to try and find the individual responsible. VRANESEVICH CD Universe was a case where we got a call from the FBI which basically said this website, CD Universe, had been broken into and their credit card database had been stolen. The credit card database now we know contained something like 350,000 credit card numbers from individuals around the world. So we began actively trying to investigate the whos, the whys, the hows of the whole case. CORBIN And how did you actually do that? VRANESEVICH We started out, the individual who was claiming responsibility went by the handle Maxus. He set up a web page where he basically began releasing these credit card numbers because his extortion attempts against CD Universe were unsuccessful. So we basically knew some background information. We knew he went by the handle Maxus and we had an email address for him because the email address was on the website. So what we began to do is look into the whole culture of people who are involved in trading and using stolen credit card numbers. We went to forums we knew that these people frequented. We tried to learn the hierarchy of these forms, who were the people just looking for a new computer for themselves and who were the people who did this as a full-time job. And we began doing what we called trust chains. CORBIN Trust chains? VRANESEVICH Trust chains. Something about hackers which makes my job and law enforcement’s job a little easier is that there is an expectation of anonymity. In the everyday world, if we see someone walking around with a mask and a trench coat and a dark hat and gloves on we get a little suspicious. Why is he trying to hide himself? This is not the type of person I want to be around. If I walked into the local supermarket with a ski mask on it would certainly raise some eyebrows. But online that’s normal. Hackers try to hide their identity, every hacker does, and it’s accepted as part of the culture. But just as hackers can hide their identity that means that we can too. So what we began to do is pose as individuals involved in this scheme. We learn the jargon that these people use, we learn how they begin transactions, how they interact with one another and we simply mimicked that, and what we started to do was creating people, one after the other, that got involved in this scene and we began making friends, and we began setting up fictitious deals, and we just worked our way up until we started to get to the top, and of course we could use other fake people that we created to add credibility to us, like the one with one keyboard that said you know, I’m interested in buying some credit card numbers. On another keyboard I’d have another person we set up say yeah I’ve dealt with him in the past, he’s legitimate. So by doing this we were able to rather quickly climb up the ladder until we actually got in contact with Maxus’ number two. We know Maxus had distributed a lot of cards to and what was happening then our individuals were actually starting to resell Maxus’ numbers wherefore $500 for a lot of 50 credit card numbers you could begin your own fraud business if you will. So we simply set up a buy with him, and then we contacted Max and said the email address we knew from the beginning of the investigation you could say for dealing with your number 2 man, we’ve dealt with all these people in the past, half of those people were fictitious individuals that we created, and eventually we built up trust with him that he was willing to deal with us directly, and when it came to that point we were able to get his bank account information which enabled us to trace it back to an individual named Maxim Ivankauf who was located in Latvia. CORBIN And what’s happened to Maxim Ivankauf? VRANESEVICH I imagine Maxim Ivankauf right now is just sitting with a bank account that is rather heftily filled. Unfortunately because of differences in laws and extradition and so on and so forth, the United States doesn’t necessarily have the best affiliations with Latvian authorities. CORBIN So he’s safe. VRANESEVICH He’s safe and probably rather wealthy right now. CORBIN And this of course is a growing problem. VRANESEVICH Absolutely. We see a lot of credit card coming from Russia. It’s something that although it’s illegal the Russian Mafia obviously has significant power over there currently, and this is a great way to fund operations. CORBIN Well this brings us back to the whole question of law enforcement. Now the FBI is well known for operating in this area. They have skills at it. But how easy is it for them to really get to grips with this kind of crime? VRANESEVICH It’s proven to be not very easy at all for them. They’ve a lot of skill, a lot of experience, in dealing with real world problems. If they can pick up fibres or fingerprints from a crime scene, they can trace it back to the year, make, model of the car that the fibre came from and the thumb that left the fingerprint. But when you go online, you have that same sort of evidence, they’re having a lot harder of a time, and that’s simply because it’s new. By definition governments worldwide are reactive organisations. As new things develop, as new social problems arise, governments come up with ways to deal with those, and what we’re seeing here is a rapidly expanding problem, a rapidly expanding form, and governments are desperately trying to catch up and they’re simply not able to catch up at the speed with which the technology is expanding. CORBIN And the hackers are always a step ahead of them. VRANESEVICH Absolutely. One of the advantages hackers have over law enforcement worldwide and over militaries worldwide, is that they share information. If one hacker finds out a way to break into a system, he shares it with all hackers. If they find a way around a defence, they share it with all hackers. They communicate on a regular basis. And what we see in governments and law enforcement, in militaries is that that sort of free exchange of information does not exist because traditionally militaries have had to be secretive about their defences. Militaries had to be secretive about their weapons, law enforcement had to be secretive about they way they track criminals. So you have all these different organisations even within actual branches of the military or law enforcement that are doing research about this, but they’re not sharing their learning with other groups. CORBIN So in reality, how much of a backlog of cases is there? I mean FBI says they’re on top of this, but are they? VRANESEVICH FBI has currently backlogged 800 cases that they’ve chosen to accept and investigate. CORBIN 800 cases? VRANESEVICH 800 cases. CORBIN In a backlog? VRANESEVICH In a backlog and those are ones that they’ve chosen to investigate. FBI doesn’t investigate every computer crimes case that is reported to them. CORBIN So they’re pretty much snowed under. VRANESEVICH I would say so. CORBIN And do the FBI always prosecute? What do they tend to do, what’s the tactic? VRANESEVICH We haven’t seen a lot of prosecutions and in fact in the United States we really haven’t yet seen a computer crimes case that has fully worked its way through the judicial system. Every case we’ve seen where there’s been a prosecution there’s been a plea bargain. CORBIN A sort of deal. VRANESEVICH A deal, basically worked out where the individual admits to his crimes, explains how he did it, agrees to provide restitution and serves a much lesser sentence than if they went through the courts. CORBIN Do you think that the FBI, recognising the problems, are really just trying to find out as much as they can, and that is the way they’re trying to tackle it? VRANESEVICH That’s part of it, and I think part of it too is that this is new. Much like DNA evidence, which now is becoming rather accepted, was a new thing, this is a new thing, and defence attorneys are worried that all this technical evidence would have to be brought before a jury would confuse them and they would just trust the government and find the person guilty, and reversally, prosecution is worried that they’ll bring all this technical evidence in front of the jury, the jury won’t understand any of it and will simply acquit the individual. CORBIN So what tactics are the FBI actually employing? VRANESEVICH What the FBI are starting to try to do it appears is actually set up a rather extensive network of informers. I guess the tactic is, instead of trying to dig our way through all this technical evidence that’s left behind which may or may not have been altered by a hacker, which may or may not even exist in every case, let’s go back and deploy some techniques that we’ve been using for decades, and that’s the people aspect. You don’t need to dig through evidence if someone brags and you have the individual that they brag to willing to testify, that takes all that out of the picture. So what we’re seeing with a lot of mainly juvenile cases, or teenagers that have been caught doing this type of thing, they get raided by the FBI and FBI goes in usually at gunpoint, questions the individual, ceases the equipment and we find no charges are brought. So I think what we can assume in most of those cases that those individuals have agreed to assist on other cases that are perhaps more serious. CORBIN So they’ve turned informer basically in return for not being prosecuted? VRANESEVICH Right, they basically in exchange for not being prosecuted, agreed to assist the FBI for any number of years or months or projects. CORBIN But of course this doesn’t lead to high profile cases and punishment which perhaps means that they aren’t deterred at the end of the day. You know, why should people stop doing it? VRANESEVICH There is very little deterrence factor. Unfortunately what we see is most of these individuals get raided by the FBI. A few weeks pass, perhaps a couple of months and they end up getting hired by a big security firm, and start making salaries well above the average Pizza Hut delivery boy. So really the deterrent.. good question. Here in the United States we have campaigns like ‘Be cool, stay in school’, ‘This is your brain on drugs’. We have commercials worry about teen pregnancy. But I have yet to see a commercial that talks about the consequences of breaking into Pentagon system, or breaking into any computer system. And truly I’ve had teenagers contact me who don’t know where the line is. "I know I’m allowed to visit a webpage, I think I’m allowed to look at the network a little bit, but where’s the line between what I’m allowed to do and what’s illegal?" They simply don’t know and I think part of the problem is that the governments don’t know yet either. CORBIN Is there a sort of a copycat factor here as well that when a crime is committed and publicity is given to it, others sort of pile in? VRANESEVICH Exactly, and one of the reasons, and one of the prime motivations why people hack is what we call here peer motivation, and that’s you're doing it for peer recognition, a feeling of self-superiority, a feeling of belonging which, as I said before, most teenagers go for at some time in their life, and here’s a teenager that can do something from his parents’ bedroom that will cause CNN to do 24 hour a day coverage, or the BBC to do 24 hour a day coverage, and sure, why not jump on the bandwagon and have their picture on there as well. CORBIN Now one of the areas we haven’t talked about is viruses, that they can be very damaging too. Now what did you make of the recent Love Bug virus that seemed to spread so widely and certainly capture people's imagination. VRANESEVICH The Love Bug virus personally I think was an accident. That really, although the authorities began to brag quite early that they quote, "track down the evil malicious person behind it", really probably only took them five to ten seconds to do that because within the source code that individual gave his email address, his webpage, the country he lived in, the town he lived in, and the name of himself and all of his friends. So there’s really very little investigation involved there. CORBIN But the actual love bug virus, surely, I mean what does it show in terms of the possibilities of such viruses and the damage that they can do? VRANESEVICH Well sure, we saw within six hours millions of systems across the world were infected. It’s a disease that spreads very rapidly globally. What we’re sort of seeing now is back in the physical world what we saw in the past is something like the plague. Any time a virus or a new strain of bacteria would appear entire countries and populations would die out. Here we are in the computer area where we don’t have the computer version of penicillin yet, and every time a new virus peaks its head up, we find a huge segment of the population becoming infected. Luckily things like Melissa and the Love Bug didn’t have what we would call necessarily devastating pay loads and that they would corrupt a few files, perhaps email themselves to your friends. What we’re waiting for are viruses that come out that will devastate your computer system to a point where it’s not recoverable. CORBIN And you think that will happen? VRANESEVICH I think we’re starting to see that. Within the past couple of weeks we saw a few strains of the Love Bug which were starting to delete files on the system. Killer Resume is a perfect example of that. And we’ve unfortunately also seen some viruses that no longer require you to click on an attachment to become activated. Simply by reading the email they become activated, and I think one of the things that we’re going to see within the near future is an email coming to your inbox, you begin to read it and while you're doing that it begins formatting your system. CORBIN Now there’s one other area that we’ve looked at and it doesn’t really fall into either hacking or viruses, but it’s a programme and that is the software produced by the so- called Cult of the Dead Cow. Now what are the dangers of this software and what do you think these people are trying to do in inventing something like this? VRANESEVICH Well the Cult of the Dead Cow invented a programme called Back Orifice and then later a second version called BO2K or Back Orifice 2000, and basically what it is, is written for the hacker community and allows a hacker to gain complete access to your system. It can be hidden in a game for example, where you get an email, it has a game attached to it, you install it, you play the game, nothing looks strange. Unfortunately, behind the scenes, it’s installing Back Orifice or Back Orifice 2000 which can then allow a hacker to have complete control of your system. CORBIN It sounds scary. VRANESEVICH Right, a lot of people have fallen victim to it, and claim what they will about their initial intentions, every time this programme was created - it was released first at Defcon which is the worlds largest annual hacker convention held in Las Vegas - and it is released with great fanfare and laser light shows and rock music and a well choreographed stage production for this hacker community where they literally get the entire crowd to chant their names and it is almost like a cult-like atmosphere. So I think real motivation tends to go back to what we would call peer motivation, self-superiority issues, recognition, acceptance, and in this case within the hacker community downright fame. CORBIN So they’re pretty well regarded. VRANESEVICH By hackers, yes. They’ve provided the nation’s and the world’s youth a very easy point and quick way to break into anyone’s computer system. CORBIN They, of course, say they’re doing it to point out the holes in the Microsoft system, the lack of security, the fact that it’s easy to do something like this. Well they’ve got a point haven’t they? VRANESEVICH Not really because technically Back Orifice didn’t exploit a bug in Windows. It’s like saying you download email software and the fact that email software allows email to come onto your system is some sort of vulnerability. Well now you can start an email programme and that’s what the programme is designed to do. The same thing is true with Back Orifice. It’s not a problem that’s inherently on Windows. It’s a problem that happens when you install their software. So if anything here, it’s the bug, it’s not Microsoft, it’s the Cult of the Dead Cow. And shortly after they’ve released the software they teamed up with a company called Network Five Recorder who for $10 a pop has software that will detect Back Orifice and prevent your computer from getting it. CORBIN Ahhh, so it looks like a commercial concern. Invent the bug and then invent the cure. VRANESEVICH Yes, it’s what we in the United States would call racketeering. CORBIN Okay, now John some see you as a person who started out with your website as a hacker, if you like a white hat, whatever you want to call it, somebody interested in this area for good. But I mean what’s happened now to you in terms of the way that other hackers regard you? VRANESEVICH I think it’s rather safe to say that I’m not taken in very high regard within the hacker culture. Probably in the last year alone I’m responsible for over 100 people being raided. These are people's friends, people's mentors, people's allies, and obviously any time you interfere with someone’s social structure like that they tend to back life quite heavily towards you. CORBIN They call you public enemy number one. VRANESEVICH Yes, that’s what they called.. last Defcon they actually had wanted posters, several hundred of them hanging up everywhere with my face so it gets interesting sometimes. CORBIN But how has it actually impacted on your life, the fact that you are a hated figure out there in the hacker community? VRANESEVICH Well our network, webservers, email servers and work stations get attacked somewhere in the neighbourhood of 340 times an hour which last year alone added up to 3.2 million attempts against our systems, so that can keep us pretty busy. CORBIN What about personally though, what’s happened to you? VRANESEVICH Personally death threats are a regular common occurrence. My family, pictures of my sister for example who is 17 were posted online. They got a hold of a picture of her along with her address and phone number and invitations to rape her that caused the local police to begin monitoring their house. I’ve had death threats from individuals claiming to be responsible for terrorist groups or affiliated with terrorist groups, so sometimes it gets interested. CORBIN Do you think that one should take those seriously? VRANESEVICH Some of them I do and most of them I don’t. I haven’t been pipe bombed yet so I take that as a good sign. CORBIN Is it worth it? VRANESEVICH Absolutely. I’m certainly not going to be intimidated by a criminal or a criminal faction that doesn’t want to be stopped. If anything that’s a motivator. CORBIN So do you think that there really is a hard core, a criminal element out there? Some people say it’s just kids having fun, what’s the harm? VRANESEVICH I absolutely believe that there’s a very strong criminal element. Cases like credit card fraud are incredibly rampant. You know, cases of stealing military data are probably incredibly rampant. We see those things have happened, we’ve seen indicators, and we see things getting more and more serious as time progresses. CORBIN Where will it all end up? VRANESEVICH Good question. Hopefully it will end up in a giant awareness campaign and governments worldwide begin stalking their systems better, begin protecting their systems better. We see educational campaigns in the schools where when we push computers into a classroom we also push education on the responsibility in the use of the those computers, and we start seeing some of these criminals become prosecuted, and we start seeing the deterrent factor. Certainly we’re always seeing crime, we will always see crime, and no matter what there’ll be crime, but I think this is one area where that crime definitely needs to be taken under control. CORBIN One thing I haven’t asked you about is the recent case in Britain. Now there’s a Welsh hacker called Curador? Do you know anything about him? Has he been in touch? VRANESEVICH Yes, Curador actually called several times and curiously left us his phone number which needless to say made it rather easy to track him down. Curador was pretty much a copycat of Maxus I would say, breaking into systems. We don’t have any evidence that he used any of the credit card numbers he stole, or sold any of the credit card numbers. He was simply posting them on line for others to use as they would. So I have a feeling that a prosecution against him is imminent and will probably be rather successful. CORBIN John, what exactly is your relationship with the FBI and how do you use the information that you’ve garnered over the years to help solve these cases? VRANESEVICH We do a lot of different things with law enforcement and the military here in the US. One of the things is assisting in investigations where basically we get a phone call and asked to come in as a consultant on a case. We also do some education, a lecture down at Quantico at the FBI training academy to other agents and law enforcement personnel in some of the techniques we use here to profile hackers and to track them down. We also do research, trying to find new ways to track down hackers for organisations like the Department of Defense which we have a few research contracts through which will again assist in future investigations. CORBIN And do you keep files on active hackers if you like, how many do you know about? VRANESEVICH Yes, we currently have files on probably 7,000 individual hackers worldwide and probably 128-230 different hack groups or clans that we keep an active eye on. CORBIN 7,000 active hackers out there? VRANESEVICH Yes, I suspect the number is probably a lot higher. There are areas where we have weaknesses, particular areas like China and Indonesia where things tend to be a lot more disguised, a lot more hidden, and because of some severe language barrier we haven’t yet gained good insight to yes. CORBIN But you're pretty confident they’re all out there, there’s someone virtually in every country where there’s a computer? VRANESEVICH Oh more than someone, a lot of someones. We find that really the number of hackers in the country is proportional to the number of people on line. There are more hackers in the United States than any other country because there are more people on the internet than the United States than any other country, and it pretty much goes down the chain in proportion to the population. CORBIN So as more people get online, it stands to reason, as it were, that there will be more hackers online. VRANESEVICH Absolutely . CORBIN Now we talked just now about the whole Masters of Downloading, but we’re particularly interested obviously in the British angle. Now what do we know about the Masters of Downloading, in particular a group within them that might have come from Britain? VRANESEVICH Shortly after one of the Chief Members of the Masters of Downloading, Chameleon, got raided, and we sort of saw this whole faction break off, and they called themselves the Millworm, and Millworm managed to break into the Bhabha Atomic Research Centre in India, shortly after India had done their first nuclear test. Here in the United States that was pretty significant because the Pentagon was very widely criticised for not knowing that India was planning nuclear tests, and surely about a week afterwards, this group called Millworm announced that they had downloaded a large sum of that research data. CORBIN So the hackers had got in where the professional intelligence officers had failed to go. VRANESEVICH Absolutely and exactly how far they got in we’re not really sure. We know that the language of the research was actually in a language called Bengali which is a pretty standard one for Indian research scientists to use. We know that the Pentagon was actively seeking the data the hackers stole and we know that the hackers were never prosecuted. So what happened to that data and what happened to those individuals it’s hard to say. CORBIN So maybe a trade off, maybe the Pentagon gets the information from the hackers and no prosecution is forthcoming. VRANESEVICH Potentially. CORBIN So have we heard any more about this British group since? VRANESEVICH No, we really haven’t. Since that whole incident occurred and the individuals in Britain realised it was being investigated by the US Pentagon, plus officials over in Britain, the Ministry of Defence in particular, they pretty much became rather quiet and have been ever since. There was only one case where we saw an individual who we believe was part of the group Millworm, raise his head and that was when one of the individuals who we believed to be in Britain attacked the webpage of the United States Senate and defaced it. CORBIN And when was that? VRANESEVICH That would have been in May of last year. CORBIN When you discovered that Chameleon was in effect selling information to a member of a terrorist group, did you manage to track him down at all? What happened? VRANESEVICH We spent a great deal of time trying to track down and verify who Khalib Ibraham was. The best we were able to confirm is that he was indeed in Israel. CORBIN In Israel? VRANESEVICH In Israel. We actually contacted him through email and confronted him with what he was doing. At first he denied it and what we decided to do was go live with the story about this individual on our website and basically tell everyone as much as we knew about this individual to try to expose him, put an end to his operations. Shortly thereafter he began quite bluntly admitting his claimed affiliations and his actions and we began seeing some rather severe death threats from this individual who claimed to be part of a terrorist faction. CORBIN And he was threatening you. VRANESEVICH Threatening me, my family, and other individuals who had been working on this case. CORBIN What did he say? VRANESEVICH He said all sorts of great things that I don’t think I can repeat on the air but the gist of it was I have a great deal of money. I have proven that with Chameleon. If I can send a 17 year old a thousand dollars, do you not think that I can send someone twice or ten times that much to shut you up. CORBIN Do you take that seriously? VRANESEVICH At the time I did. Obviously we knew he had money. We knew he was involved in this to some degree. Of course the FBI got involved and things sort of slowly died down and haven’t heard much since. CORBIN What worries you about the sort of atmosphere out there, the culture of some of these people, and the way it differs perhaps from the past, and what do you think really motivates them and drives them now? VRANESEVICH It used to be they were motivated by the love of technology. They wanted to help it progress. They wanted to help develop it, they wanted to be able to say I had a part in creating this incredible new form that brings people across the world together, makes the world more of a global village as we call it. Now we’re starting to see that change as more and more people come on line, younger and younger people come on line who are by definition less mature. We’re starting to see much more of a malicious attitude where it’s sort of like the tough men gang mentality, don’t mess with me or I’ll ruin you, and unfortunately computers now are providing the power where these individuals can ruin people, or at least severely disrupt our lives or disrupt our nation’s infrastructure even. (End of Interview)