BBC Panorama
Interview with John Vranesevich, Hacker Investigator

VRANESEVICH	
I actually got interested in security when I 
was in junior high school.  I had one of the 
rare opportunities of being help administer 
systems at the high school, email systems, 
web servers, things like that, as part of an 
independent study programme I had.  And one 
day I came in and one of the email servers I 
was in charge of administering had a problem, 
it had been broken into.  Bob Davies, who was 
my faculty adviser for independent studies, 
basically said when I walked in the room 
"What the heck have you been doing to NASA?"  
And I said what do you mean, I just came from 
English, and it turned out that someone 
overseas had broken into our little mail 
server and used it as what we call a jump 
point to break into a system in NASA, and the 
NASA administrator had called our school as 
part of an investigation.  So I sort of 
became fascinated how anyone overseas would 
even hear of little ?? P.A. Beaver that I 
went to school, much alone used one of our 
systems to break into NASA with, and I sort 
of became fascinated with it and started up 
my website shortly thereafter.

CORBIN	
So what were you doing then with your website 
and what were you doing on line?

VRANESEVICH	
On line I was learning basic things.  Going 
back then we’re talking early 90s so the 
internet it really wasn’t what it was today.  
Certainly wasn’t anywhere near as 
commercialised.  So I was learning ??, like I 
said, administering different systems, ?? 
systems.  I would troubleshoot teachers 
computers as we got them in if they had 
problems with it and things like that.  Just 
basically learning as much as I could.

CORBIN	
So then you set up your website, Anti-online, 
and you started to go out there and to look 
at the dark side, if you like, of what was 
going on.  What did you find?

VRANESEVICH	
Yes, back then, what we now call the 
underground was sort of in its infancy.  
There were hackers out there who were 
probably I would say on the average much more 
skilled than the mean hacker is today.  
People who were interested in systems, who 
were interested about the internet, which was 
a new thing, who wanted to experiment with 
it.  Back then we used the word hacker, it 
wasn’t necessarily affiliated with the type 
of maliciousness that it is today.  Back then 
a hacker was simply someone who liked 
computers who was interested in them, who 
wanted to stretch them to their limits and 
wanted to develop new things for them, and 
help expand the technology in the community.  
Nowadays, as people are getting on line 
younger and the internet is much more easy to 
access, and utilities are much more easy to 
run, we’re seeing a younger, less mature 
individual become a quote "hacker" who hasn’t 
developed the skill set that the hacker of 
old developed.

CORBIN	
Do you think these people are more malicious 
I their intent?

VRANESEVICH	
Some of them.  I think most of them are 
simply less mature.  Teenagers have, 
throughout history, been a rebellious group, 
trying to fit in with their peers, trying to 
find their place in society, and they’ve 
always acted out, underage drinking, smoking, 
things like that to fit in.  And now we 
simply find them doing the same things except 
now they have a tool that provides them with 
a lot more power than they used to have.

CORBIN	
How dangerous can they be?

VRANESEVICH	
They can be very dangerous.  I mean we’ve 
seen teenagers break into Pentagon systems.  
We’ve seen teenagers shut off communications 
to an airport.  We’ve seen teenagers steal 
hundreds of thousands of credit card numbers.  
We’ve even seen terrorists contacting some of 
these teenagers and attempting to hire them 
to do their dirty deeds.  So they have a tool 
and it’s a very powerful tool.  We, as a 
society, have set them up with that.  We want 
computers in the classrooms, we want 
computers in the homes.  It’s a great 
research tool.  It opens up the world to a 
teenager.  But what we haven’t focused on is 
the responsibility that comes with that and 
the type of power that the teenager then has 
and teaching them how to manage that.
CORBIN	I’d like to talk now about some of the cases 
that you’ve been involved in.  Can you start 
with Solar Sunrise.  Now how did you first 
become involved in that and how did it pan 
out?

VRANESEVICH	
Solar Sunrise initially I got involved by 
watching a CNN report that basically said 
that That Deputy Secretary of Defence John 
Hamery had informed the President of a 
possible information ?? attack from Israel.  
And it was... I’m sorry, we need to redo 
that.

CORBIN	
Okay. Tell me about Solar sunrise.

VRANESEVICH	
Solar Sunrise I initially got involved by 
watching a CNN report.  CNN it said that an 
individual Secretary.. Deputy Defence John 
Hamery had informed the President of a 
possible information warfare strike from Iraq 
at the time there was heightened tension 
between the United States and Iraq.  An 
estimated 40 FBI agents were assigned to the 
case working full-time.  DOD had an entire 
emergency group start up and begin 
investigating it.  I was watching all this on 
?? on CNN when my beeper went off, and it was 
a number that I didn’t recognise and I called 
it back and it was basically some kid that 
said to me "You see that shit on CNN, that’s 
me they’re talking about" and I sort of then 
got introduced to a hacker who went by the 
handle Machiavelli who later, as we found 
out, was one of three teenagers who were 
actually the individuals responsible for 
those attacks against the DOD systems.

CORBIN	
So what were these teenagers doing?

VRANESEVICH	
They were breaking into what I would call 
sensitive US military computer systems.  The 
military has never come on officially and 
said what type of systems were broken into.  
I had the opportunity to acquire some of the 
log files that these hackers had had from 
breaking into systems, and some of the 
systems they broke into were literally super 
computers being run by the US military.  So 
certainly it becomes quite apparent why the 
military were so worried and worked up about 
the case as they were.

CORBIN	
And these were just under aged kids basically 
and yet they’d managed to do this.

VRANESEVICH	
Well they were two 16 year olds in California 
and a single 18 year old in Israel that in 
their spare time enjoyed breaking into 
systems.

CORBIN	
Do you think this really set the alarm bells 
ringing in terms of the potential of what 
these people could do?

VRANESEVICH	
Solar Sunrise was a turning point.  Shortly 
thereafter we saw a lot of review, both from 
the United States from Defence internally, 
from the FBI and by the government as a whole 
saying well if a couple of 18 year olds or a 
couple of teenagers can do this, what could a 
foreign nation do to us.  And shortly 
thereafter we saw Project Eligible Receiver 
which was an NSA sponsored event where they 
actually had some NSA hackers, individuals in 
the NSA who knew how to break into systems, 
go after the US in a mock information warfare 
attack, and what they came up with was rather 
surprising to everyone and that was that the 
majority of critical infrastructures here in 
the United States could be attacked remotely 
by a foreign terrorist group or country.

CORBIN	
So still continuing on this theme, we now 
come to a point at which a group calling 
themselves rather mysteriously the ‘Masters 
of Downloading’ became involved.  Now what 
happened here and what was your involvement?

VRANESEVICH	
Masters of Downloading.. now I got a call by 
the FBI basically asking me to assist in a 
case.  An individual, as we now know was a 17 
year old teenager in the California area, 
broke into a server on the DISA which is the 
Defence Information Systems Agency.  It’s a 
division of the United States Department of 
Defense.  It’s in charge of providing 
basically internet access and network 
connectivity to the entire US Military.  

CORBIN	
It’s a pretty central system?

VRANESEVICH	
It is very much a central system.

CORBIN	
Pretty classified, secure system?

VRANESEVICH	
Right, they’re in charge of two systems.  One 
is Nippernet, which is the unsecured network 
where the US Military runs public web pages, 
and one is Supernet which is the classified 
system. The hacker managed to break into the 
DISA and steal software that the DISA used to 
manage some of those networks. Shortly after 
he stole it, he was contacted by Khalid 
Ibrahim who was an individual claiming to be 
affiliated with Osama Bin Laden’s terrorist 
faction -

CORBIN	
Osama Bin Laden, the terrorist group?

VRANESEVICH	
The well known international terrorist.  And 
this individual, Khalid Ibrahim, sent 
Chameleon a thousand dollars up front money 
in exchange for the software, and after 
Chameleon sent him the software he was 
promised another 10,000 dollars in additional 
work.

CORBIN	
So here we had a terrorist paying a hacker 
essentially?

VRANESEVICH	
Paying a kid.

CORBIN	
Paying a kid to get him sensitive defence 
information to order as it were?

VRANESEVICH	
Exactly. Luckily we found out about this and 
tracked down Chameleon to his parents’ home 
in California and 20 FBI agents raided him at 
gunpoint before he had the opportunity to 
ship the software.

CORBIN	
And who did Chameleon turn out to be?

VRANESEVICH	
Chameleon turned out to be an individual 
named Martin Mifrett who at the time was 17 
years old, living out of his parents’ garage 
basically, who had a computer lab set up in 
his garage that he and his friend played in 
and broke into systems in as it turned out.

CORBIN	
And broke into the Pentagon from his parents’ 
garage?

VRANESEVICH	
From his parents’ garage, yes.

CORBIN	
What does the Chameleon case show, do you 
think, in terms of the willingness of terror 
groups to use this particular means of 
getting information?

VRANESEVICH	
I think, at this point, terrorist groups are 
just now beginning to wake up to the type of 
power that this could provide them.  
Typically terrorist groups, small, maybe not 
well funded, you're talking about things like 
pipe bombs which, as their name implies, 
strikes terror but doesn’t necessarily do 
widespread across the board damage to a 
national infrastructure.  Here we see 
terrorist groups who were watching news 
reports every day, just like this one where 
they’re hearing about young teenagers being 
able to gain access to these type of things, 
or being able to cause this type of damage 
and concern, and I’m sure they’re beginning 
to wake up to the fact that they too could 
have this type of power and this type of 
influence, where before a small terrorist 
faction, maybe 20 individuals, could at best 
cause havoc to a small community, can now 
potentially cause havoc to an entire nation.

CORBIN	
Carrying on with obviously the defence theme, 
we’ve heard about another project.  There’s a 
project by the name of Moonlight Maze 
presently still under investigation.  What do 
we know about this?

VRANESEVICH	
Moonlight Maze I really can’t comment on 
because it is still an active ongoing 
investigation.

CORBIN	
Are you involved with it? 

VRANESEVICH	
I am not directly involved in the case, no.

CORBIN	
What do we know about it?

VRANESEVICH	
Nothing that I could comment on, on the 
record.  There’s a ruling don’t comment about 
any cases that are currently ongoing.  I 
certainly wouldn’t want anything I say to 
jeopardise any case in any way.

CORBIN	
So obviously there are a number of defence 
cases, cases impacting the security area.  
Now what about the commercial area.  Back in 
February we saw a great sort of blizzard of 
attacks which impacted e-commerce, what was 
all that about?

VRANESEVICH	
What we saw in February was what we called 
denial of service attacks.  Basically what 
happens is a hacker will simply flood the 
connection of an internet site till the lines 
can’t get through.  You can kind of think of 
it as a bank of a thousand telephones 
constantly calling your home phone and 
keeping it busy so that your friends can’t 
get through to talk to you.  Same basic 
concept.  And what we saw was a group what we 
believe to be a group of hackers doing that 
to some of our e-commerce sites on the 
internet, as well as sites like Yahoo, E-
Trade, CNN and many others, and that again 
was a wake up call because now not only are 
we seeing attacks against the military 
system, but we can see the type of damage it 
can do to corporate systems.  The damage in 
lost figures were in the billions for those 
attacks from lost data revenue and from these 
companies being forced to upgrade their 
systems to try to help mitigate these 
attacks.

CORBIN	
The problem is though, the more a hacker 
realises the power at his or her disposal, 
because they see the effect of these attacks, 
the more attractive presumably it becomes to 
do them.

VRANESEVICH	
Right.  One of the things that people and the 
average individual doesn’t realise is how 
easy it is to do this sort of thing.  This 
isn’t a case where the technology is advanced 
and these individuals are finding very 
creative ways around it.  The technology is 
very open.  I have to use the comparison of a 
gun.  Anyone can go get a gun and begin to 
shoot people.  There is nothing physically or 
technically that stops them from doing it.  
The only thing that stops them from doing it 
is that it’s not accepted activity by our 
society.  We, as society, care about others 
in the society.  We have rules and laws we 
set up and we make consequences to those who 
break those laws and rules.  The same sort of 
thing exists on the internet where there is 
nothing technically that stops someone from 
doing Denial of Service attacks or from 
breaking into a system, or anything else for 
that matter.  The only thing that’s stopping 
them, or supposed to be stopping them, are 
rules and laws.  But since the internet 
community is one which is global, where 
different countries have different rules, 
different countries have different laws, some 
things which may be acceptable in some 
countries aren’t acceptable in another, you 
don’t have those type of standards where you 
could have in local community or even in a 
country.

CORBIN	
Now one of the cases that you’ve been 
involved in recently involved an online store 
called CD Universe, selling CDs over the net.  
Now I think that’s pretty much an example of 
what you're talking about.  How did you get 
involved in that and I want you to sort of 
take me through it as to how the calls came 
in and how you actively went on line to try 
and find the individual responsible.

VRANESEVICH	
CD Universe was a case where we got a call 
from the FBI which basically said this 
website, CD Universe, had been broken into 
and their credit card database had been 
stolen.  The credit card database now we know 
contained something like 350,000 credit card 
numbers from individuals around the world.  
So we began actively trying to investigate 
the whos, the whys, the hows of the whole 
case.

CORBIN	
And how did you actually do that?

VRANESEVICH	
We started out, the individual who was 
claiming responsibility went by the handle 
Maxus.  He set up a web page where he 
basically began releasing these credit card 
numbers because his extortion attempts 
against CD Universe were unsuccessful.  So we 
basically knew some background information.  
We knew he went by the handle Maxus and we 
had an email address for him because the 
email address was on the website.  So what we 
began to do is look into the whole culture of 
people who are involved in trading and using 
stolen credit card numbers.  We went to 
forums we knew that these people frequented.  
We tried to learn the hierarchy of these 
forms, who were the people just looking for a 
new computer for themselves and who were the 
people who did this as a full-time job.  And 
we began doing what we called trust chains.

CORBIN	
Trust chains?

VRANESEVICH	
Trust chains.  Something about hackers which 
makes my job and law enforcement’s job a 
little easier is that there is an expectation 
of anonymity.  In the everyday world, if we 
see someone walking around with a mask and a 
trench coat and a dark hat and gloves on we 
get a little suspicious.  Why is he trying to 
hide himself?  This is not the type of person 
I want to be around.  If I walked into the 
local supermarket with a ski mask on it would 
certainly raise some eyebrows.  But online 
that’s normal.  Hackers try to hide their 
identity, every hacker does, and it’s 
accepted as part of the culture.  But just as 
hackers can hide their identity that means 
that we can too.  So what we began to do is 
pose as individuals involved in this scheme.  
We learn the jargon that these people use, we 
learn how they begin transactions, how they 
interact with one another and we simply 
mimicked that, and what we started to do was 
creating people, one after the other, that 
got involved in this scene and we began 
making friends, and we began setting up 
fictitious deals, and we just worked our way 
up until we started to get to the top, and of 
course we could use other fake people that we 
created to add credibility to us, like the 
one with one keyboard that said you know, I’m 
interested in buying some credit card 
numbers.  On another keyboard I’d have 
another person we set up say yeah I’ve dealt 
with him in the past, he’s legitimate.  So by 
doing this we were able to rather quickly 
climb up the ladder until we actually got in 
contact with Maxus’ number two.  We know 
Maxus had distributed a lot of cards to and 
what was happening then our individuals were 
actually starting to resell Maxus’ numbers 
wherefore $500 for a lot of 50 credit card 
numbers you could begin your own fraud 
business if you will.  So we simply set up a 
buy with him, and then we contacted Max and 
said the email address we knew from the 
beginning of the investigation you could say 
for dealing with your number 2 man, we’ve 
dealt with all these people in the past, half 
of those people were fictitious individuals 
that we created, and eventually we built up 
trust with him that he was willing to deal 
with us directly, and when it came to that 
point we were able to get his bank account 
information which enabled us to trace it back 
to an individual named Maxim Ivankauf who was 
located in Latvia.

CORBIN	
And what’s happened to Maxim Ivankauf?

VRANESEVICH	
I imagine Maxim Ivankauf right now is just 
sitting with a bank account that is rather 
heftily filled.  Unfortunately because of 
differences in laws and extradition and so on 
and so forth, the United States doesn’t 
necessarily have the best affiliations with 
Latvian authorities.

CORBIN	
So he’s safe.

VRANESEVICH	
He’s safe and probably rather wealthy right 
now.

CORBIN	
And this of course is a growing problem.

VRANESEVICH	
Absolutely.  We see a lot of credit card 
coming from Russia.  It’s something that 
although it’s illegal the Russian Mafia 
obviously has significant power over there 
currently, and this is a great way to fund 
operations.  

CORBIN	
Well this brings us back to the whole 
question of law enforcement.  Now the FBI is 
well known for operating in this area.  They 
have skills at it.  But how easy is it for 
them to really get to grips with this kind of 
crime?

VRANESEVICH	
It’s proven to be not very easy at all for 
them.  They’ve a lot of skill, a lot of 
experience, in dealing with real world 
problems.  If they can pick up fibres or 
fingerprints from a crime scene, they can 
trace it back to the year, make, model of the 
car that the fibre came from and the thumb 
that left the fingerprint.  But when you go 
online, you have that same sort of evidence, 
they’re having a lot harder of a time, and 
that’s simply because it’s new.  By 
definition governments worldwide are reactive 
organisations.  As new things develop, as new 
social problems arise, governments come up 
with ways to deal with those, and what we’re 
seeing here is a rapidly expanding problem, a 
rapidly expanding form, and governments are 
desperately trying to catch up and they’re 
simply not able to catch up at the speed with 
which the technology is expanding.

CORBIN	
And the hackers are always a step ahead of 
them.

VRANESEVICH	
Absolutely.  One of the advantages hackers 
have over law enforcement worldwide and over 
militaries worldwide, is that they share 
information.  If one hacker finds out a way 
to break into a system, he shares it with all 
hackers.  If they find a way around a 
defence, they share it with all hackers.  
They communicate on a regular basis.  And 
what we see in governments and law 
enforcement, in militaries is that that sort 
of free exchange of information does not 
exist because traditionally militaries have 
had to be secretive about their defences.  
Militaries had to be secretive about their 
weapons, law enforcement had to be secretive 
about they way they track criminals.  So you 
have all these different organisations even 
within actual branches of the military or law 
enforcement that are doing research about 
this, but they’re not sharing their learning 
with other groups.

CORBIN	
So in reality, how much of a backlog of cases 
is there?  I mean FBI says they’re on top of 
this, but are they?

VRANESEVICH	
FBI has currently backlogged 800 cases that 
they’ve chosen to accept and investigate.

CORBIN	
800 cases?

VRANESEVICH	
800 cases.

CORBIN	
In a backlog?

VRANESEVICH	
In a backlog and those are ones that they’ve 
chosen to investigate.  FBI doesn’t 
investigate every computer crimes case that 
is reported to them.

CORBIN	
So they’re pretty much snowed under.

VRANESEVICH	
I would say so.

CORBIN	
And do the FBI always prosecute?  What do 
they tend to do, what’s the tactic?

VRANESEVICH	
We haven’t seen a lot of prosecutions and in 
fact in the United States we really haven’t 
yet seen a computer crimes case that has 
fully worked its way through the judicial 
system.  Every case we’ve seen where there’s 
been a prosecution there’s been a plea 
bargain.

CORBIN	
A sort of deal.

VRANESEVICH	
A deal, basically worked out where the 
individual admits to his crimes, explains how 
he did it, agrees to provide restitution and 
serves a much lesser sentence than if they 
went through the courts.

CORBIN
Do you think that the FBI, recognising the 
problems, are really just trying to find out 
as much as they can, and that is the way 
they’re trying to tackle it?

VRANESEVICH	
That’s part of it, and I think part of it too 
is that this is new.  Much like DNA evidence, 
which now is becoming rather accepted, was a 
new thing, this is a new thing, and defence 
attorneys are worried that all this technical 
evidence would have to be brought before a 
jury would confuse them and they would just 
trust the government and find the person 
guilty, and reversally, prosecution is 
worried that they’ll bring all this technical 
evidence in front of the jury, the jury won’t 
understand any of it and will simply acquit 
the individual.

CORBIN	
So what tactics are the FBI actually 
employing?

VRANESEVICH	
What the FBI are starting to try to do it 
appears is actually set up a rather extensive 
network of informers.  I guess the tactic is, 
instead of trying to dig our way through all 
this technical evidence that’s left behind 
which may or may not have been altered by a 
hacker, which may or may not even exist in 
every case, let’s go back and deploy some 
techniques that we’ve been using for decades, 
and that’s the people aspect.  You don’t need 
to dig through evidence if someone brags and 
you have the individual that they brag to 
willing to testify, that takes all that out 
of the picture.  So what we’re seeing with a 
lot of mainly juvenile cases, or teenagers 
that have been caught doing this type of 
thing, they get raided by the FBI and FBI 
goes in usually at gunpoint, questions the 
individual, ceases the equipment and we find 
no charges are brought.  So I think what we 
can assume in most of those cases that those 
individuals have agreed to assist on other 
cases that are perhaps more serious.
CORBIN	So they’ve turned informer basically in 
return for not being prosecuted?

VRANESEVICH	
Right, they basically in exchange for not 
being prosecuted, agreed to assist the FBI 
for any number of years or months or 
projects.

CORBIN	
But of course this doesn’t lead to high 
profile cases and punishment which perhaps 
means that they aren’t deterred at the end of 
the day. You know, why should people stop 
doing it?

VRANESEVICH	
There is very little deterrence factor.  
Unfortunately what we see is most of these 
individuals get raided by the FBI.  A few 
weeks pass, perhaps a couple of months and 
they end up getting hired by a big security 
firm, and start making salaries well above 
the average Pizza Hut delivery boy.  So 
really the deterrent.. good question.  Here 
in the United States we have campaigns like 
‘Be cool, stay in school’, ‘This is your 
brain on drugs’.  We have commercials worry 
about teen pregnancy.  But I have yet to see 
a commercial that talks about the 
consequences of breaking into Pentagon 
system, or breaking into any computer system.  
And truly I’ve had teenagers contact me who 
don’t know where the line is.  "I know I’m 
allowed to visit a webpage, I think I’m 
allowed to look at the network a little bit, 
but where’s the line between what I’m allowed 
to do and what’s illegal?"   They simply 
don’t know and I think part of the problem is 
that the governments don’t know yet either.

CORBIN	
Is there a sort of a copycat factor here as 
well that when a crime is committed and 
publicity is given to it, others sort of pile 
in?

VRANESEVICH	
Exactly, and one of the reasons, and one of 
the prime motivations why people hack is what 
we call here peer motivation, and that’s 
you're doing it for peer recognition, a 
feeling of self-superiority, a feeling of 
belonging which, as I said before, most 
teenagers go for at some time in their life, 
and here’s a teenager that can do something 
from his parents’ bedroom that will cause CNN 
to do 24 hour a day coverage, or the BBC to 
do 24 hour a day coverage, and sure, why not 
jump on the bandwagon and have their picture 
on there as well.

CORBIN	
Now one of the areas we haven’t talked about 
is viruses, that they can be very damaging 
too.  Now what did you make of the recent 
Love Bug virus that seemed to spread so 
widely and certainly capture people's 
imagination.

VRANESEVICH	
The Love Bug virus personally I think was an 
accident.  That really, although the 
authorities began to brag quite early that 
they quote, "track down the evil malicious 
person behind it", really probably only took 
them five to ten seconds to do that because 
within the source code that individual gave 
his email address, his webpage, the country 
he lived in, the town he lived in, and the 
name of himself and all of his friends.  So 
there’s really very little investigation 
involved there.

CORBIN	
But the actual love bug virus, surely, I mean 
what does it show in terms of the 
possibilities of such viruses and the damage 
that they can do?

VRANESEVICH	
Well sure, we saw within six hours millions 
of systems across the world were infected.  
It’s a disease that spreads very rapidly 
globally.  What we’re sort of seeing now is 
back in the physical world what we saw in the 
past is something like the plague.  Any time 
a virus or a new strain of bacteria would 
appear entire countries and populations would 
die out.  Here we are in the computer area 
where we don’t have the computer version of 
penicillin yet, and every time a new virus 
peaks its head up, we find a huge segment of 
the population becoming infected.  Luckily 
things like Melissa and the Love Bug didn’t 
have what we would call necessarily 
devastating pay loads and that they would 
corrupt a few files, perhaps email themselves 
to your friends. What we’re waiting for are 
viruses that come out that will devastate 
your computer system to a point where it’s 
not recoverable.

CORBIN	
And you think that will happen?

VRANESEVICH	
I think we’re starting to see that.  Within 
the past couple of weeks we saw a few strains 
of the Love Bug which were starting to delete 
files on the system.  Killer Resume is a 
perfect example of that.  And we’ve 
unfortunately also seen some viruses that no 
longer require you to click on an attachment 
to become activated.  Simply by reading the 
email they become activated, and I think one 
of the things that we’re going to see within 
the near future is an email coming to your 
inbox, you begin to read it and while you're  
doing that it begins formatting your system.

CORBIN	
Now there’s one other area that we’ve looked 
at and it doesn’t really fall into either 
hacking or viruses, but it’s a programme and 
that is the software produced by the so-
called Cult of the Dead Cow.   Now what are 
the dangers of this software and what do you 
think these people are trying to do in 
inventing something like this?

VRANESEVICH	
Well the Cult of the Dead Cow invented a 
programme called Back Orifice and then later 
a second version called BO2K or Back Orifice 
2000, and basically what it is, is written 
for the hacker community and allows a hacker 
to gain complete access to your system.  It 
can be hidden in a game for example, where 
you get an email, it has a game attached to 
it, you install it, you play the game, 
nothing looks strange.  Unfortunately, behind 
the scenes, it’s installing Back Orifice or 
Back Orifice 2000 which can then allow a 
hacker to have complete control of your 
system.

CORBIN	
It sounds scary.

VRANESEVICH	
Right, a lot of people have fallen victim to 
it, and claim what they will about their 
initial intentions, every time this programme 
was created - it was released first at Defcon 
which is the worlds largest annual hacker 
convention held in Las Vegas - and it is 
released with great fanfare and laser light 
shows and rock music and a well choreographed 
stage production for this hacker community 
where they literally get the entire crowd to 
chant their names and it is almost like a 
cult-like atmosphere.  So I think real 
motivation tends to go back to what we would 
call peer motivation, self-superiority 
issues, recognition, acceptance, and in this 
case within the hacker community downright 
fame.

CORBIN	
So they’re pretty well regarded.

VRANESEVICH	
By hackers, yes.  They’ve provided the 
nation’s and the world’s youth a very easy 
point and quick way to break into anyone’s 
computer system.

CORBIN	
They, of course, say they’re doing it to 
point out the holes in the Microsoft system, 
the lack of security, the fact that it’s easy 
to do something like this.  Well they’ve got 
a point haven’t they?

VRANESEVICH	
Not really because technically Back Orifice 
didn’t exploit a bug in Windows.  It’s like 
saying you download email software and the 
fact that email software allows email to come 
onto your system is some sort of 
vulnerability.  Well now you can start an 
email programme and that’s what the programme 
is designed to do. The same thing is true 
with Back Orifice.  It’s not a problem that’s 
inherently on Windows.  It’s a problem that 
happens when you install their software.  So 
if anything here, it’s the bug, it’s not 
Microsoft, it’s the Cult of the Dead Cow.  
And shortly after they’ve released the 
software they teamed up with a company called 
Network Five Recorder who for $10 a pop has 
software that will detect Back Orifice and 
prevent your computer from getting it.

CORBIN	
Ahhh, so it looks like a commercial concern.  
Invent the bug and then invent the cure.

VRANESEVICH	
Yes, it’s what we in the United States would 
call racketeering.

CORBIN	
Okay, now John some see you as a person who 
started out with your website as a hacker, if 
you like a white hat, whatever you want to 
call it, somebody interested in this area for 
good.  But I mean what’s happened now to you 
in terms of the way that other hackers regard 
you?

VRANESEVICH	
I think it’s rather safe to say that I’m not 
taken in very high regard within the hacker 
culture.  Probably in the last year alone I’m 
responsible for over 100 people being raided.  
These are people's friends, people's mentors, 
people's allies, and obviously any time you 
interfere with someone’s social structure 
like that they tend to back life quite 
heavily towards you.

CORBIN	
They call you public enemy number one.

VRANESEVICH	
Yes, that’s what they called.. last Defcon 
they actually had wanted posters, several 
hundred of them hanging up everywhere with my 
face so it gets interesting sometimes.

CORBIN	
But how has it actually impacted on your 
life, the fact that you are a hated figure 
out there in the hacker community?

VRANESEVICH	
Well our network, webservers, email servers 
and work stations get attacked somewhere in 
the neighbourhood of 340 times an hour which 
last year alone added up to 3.2 million 
attempts against our systems, so that can 
keep us pretty busy.

CORBIN	
What about personally though, what’s happened 
to you?

VRANESEVICH	
Personally death threats are a regular common 
occurrence.  My family, pictures of  my 
sister for example who is 17 were posted 
online.  They got a hold of a picture of her 
along with her address and phone number and 
invitations to rape her that caused the local 
police to begin monitoring their house.  I’ve 
had death threats from individuals claiming 
to be responsible for terrorist groups or 
affiliated with terrorist groups, so 
sometimes it gets interested.

CORBIN	
Do you think that one should take those 
seriously?

VRANESEVICH	
Some of them I do and most of them I don’t.  
I haven’t been pipe bombed yet so I take that 
as a good sign.

CORBIN	
Is it worth it?

VRANESEVICH	
Absolutely.  I’m certainly not going to be 
intimidated by a criminal or a criminal 
faction that doesn’t want to be stopped.  If 
anything that’s a motivator.

CORBIN	
So do you think that there really is a hard 
core, a criminal element out there?  Some 
people say it’s just kids having fun, what’s 
the harm?

VRANESEVICH	
I absolutely believe that there’s a very 
strong criminal element.  Cases like credit 
card fraud are incredibly rampant.  You know, 
cases of stealing military data are probably 
incredibly rampant.  We see those things have 
happened, we’ve seen indicators, and we see 
things getting more and more serious as time 
progresses.

CORBIN	
Where will it all end up?

VRANESEVICH	
Good question.  Hopefully it will end up in a 
giant awareness campaign and governments 
worldwide begin stalking their systems 
better, begin protecting their systems 
better.  We see educational campaigns in the 
schools where when we push computers into a 
classroom we also push education on the 
responsibility in the use of the those 
computers, and we start seeing some of these 
criminals become prosecuted, and we start 
seeing the deterrent factor.  Certainly we’re 
always seeing crime, we will always see 
crime, and no matter what there’ll be crime, 
but I think this is one area where that crime 
definitely needs to be taken under control.

CORBIN	
One thing I haven’t asked you about is the 
recent case in Britain.  Now there’s a Welsh 
hacker called Curador?  Do you know anything 
about him?  Has he been in touch?

VRANESEVICH	
Yes, Curador actually called several times 
and curiously left us his phone number which 
needless to say made it rather easy to track 
him down.  Curador was pretty much a copycat 
of Maxus I would say, breaking into systems. 
We don’t have any evidence that he used any 
of the credit card numbers he stole, or sold 
any of the credit card numbers.  He was 
simply posting them on line for others to use 
as they would.  So I have a feeling that a 
prosecution against him is imminent and will 
probably be rather successful.

CORBIN	
John, what exactly is your relationship with 
the FBI and how do you use the information 
that you’ve garnered over the years to help 
solve these cases?

VRANESEVICH	
We do a lot of different things with law 
enforcement and the military here in the US.  
One of the things is assisting in 
investigations where basically we get a phone 
call and asked to come in as a consultant on 
a case.  We also do some education, a lecture 
down at Quantico at the FBI training academy 
to other agents and law enforcement personnel 
in some of the techniques we use here to 
profile hackers and to track them down.  We 
also do research, trying to find new ways to 
track down hackers for organisations like the 
Department of Defense which we have a few 
research contracts through which will again 
assist in future investigations.

CORBIN	
And do you keep files on active hackers if 
you like, how many do you know about?

VRANESEVICH	
Yes, we currently have files on probably 
7,000 individual hackers worldwide and 
probably 128-230 different hack groups or 
clans that we keep an active eye on.

CORBIN	
7,000 active hackers out there?

VRANESEVICH	
Yes, I suspect the number is probably a lot 
higher.  There are areas where we have 
weaknesses, particular areas like China and 
Indonesia where things tend to be a lot more 
disguised, a lot more hidden, and because of 
some severe language barrier we haven’t yet 
gained good insight to yes.

CORBIN	
But you're pretty confident they’re all out 
there, there’s someone virtually in every 
country where there’s a computer?

VRANESEVICH	
Oh more than someone, a lot of someones.  We 
find that really the number of hackers in the 
country is proportional to the number of 
people on line.  There are more hackers in 
the United States than any other country 
because there are more people on the internet 
than the United States than any other 
country, and it pretty much goes down the 
chain in proportion to the population. 

CORBIN	
So as more people get online, it stands to 
reason, as it were, that there will be more 
hackers online.

VRANESEVICH	
Absolutely .  

CORBIN	
Now we talked just now about the whole 
Masters of Downloading, but we’re 
particularly interested obviously in the 
British angle.  Now what do we know about the 
Masters of Downloading, in particular a group 
within them that might have come from 
Britain?

VRANESEVICH	
Shortly after one of the Chief Members of the 
Masters of Downloading, Chameleon, got 
raided, and we sort of saw this whole faction 
break off, and they called themselves the 
Millworm, and Millworm managed to break into 
the Bhabha Atomic Research Centre in India, 
shortly after India had done their first 
nuclear test.  Here in the United States that 
was pretty significant because the Pentagon 
was very widely criticised for not knowing 
that India was planning nuclear tests, and 
surely about a week afterwards, this group 
called Millworm announced that they had 
downloaded a large sum of that research data.

CORBIN	
So the hackers had got in where the 
professional intelligence officers had failed 
to go.

VRANESEVICH	
Absolutely  and exactly how far they got in 
we’re not really sure.  We know that the 
language of the research was actually in a 
language called Bengali which is a pretty 
standard one for Indian research scientists 
to use.  We know that the Pentagon was 
actively seeking the data the hackers stole 
and we know that the hackers were never 
prosecuted.  So what happened to that data 
and what happened to those individuals it’s 
hard to say.

CORBIN	
So maybe a trade off, maybe the Pentagon gets 
the information from the hackers and no 
prosecution is forthcoming.

VRANESEVICH	
Potentially.

CORBIN	
So have we heard any more about this British 
group since?

VRANESEVICH	
No, we really haven’t.  Since that whole 
incident occurred and the individuals in 
Britain realised it was being investigated by 
the US Pentagon, plus officials over in 
Britain, the Ministry of Defence in 
particular, they pretty much became rather 
quiet and have been ever since.  There was 
only one case where we saw an individual who 
we believe was part of the group Millworm, 
raise his head and that was when one of the 
individuals who we believed to be in Britain 
attacked the webpage of the United States 
Senate and defaced it.

CORBIN	
And when was that?

VRANESEVICH	
That would have been in May of last year.

CORBIN	
When you discovered that Chameleon was in 
effect selling information to a member of a 
terrorist group, did you manage to track him 
down at all?  What happened?

VRANESEVICH	
We spent a great deal of time trying to track 
down and verify who Khalib Ibraham was.  The 
best we were able to confirm is that he was 
indeed in Israel.

CORBIN	
In Israel?

VRANESEVICH	
In Israel.  We actually contacted him through 
email and confronted him with what he was 
doing.  At first he denied it and what we 
decided to do was go live with the story 
about this individual on our website and 
basically tell everyone as much as we knew 
about this individual to try to expose him, 
put an end to his operations.  Shortly 
thereafter he began quite bluntly admitting 
his claimed affiliations and his actions and 
we began seeing some rather severe death 
threats from this individual who claimed to 
be part of a terrorist faction.

CORBIN	
And he was threatening you.

VRANESEVICH	
Threatening me, my family, and other 
individuals who had been working on this 
case.

CORBIN	
What did he say?

VRANESEVICH	
He said all sorts of great things that I 
don’t think I can repeat on the air but the 
gist of it was I have a great deal of money.  
I have proven that with Chameleon.  If I can 
send a 17 year old a thousand dollars, do you 
not think that I can send someone twice or 
ten times that much to shut you up.

CORBIN	
Do you take that seriously?

VRANESEVICH	
At the time I did.  Obviously we knew he had 
money.  We knew he was involved in this to 
some degree.  Of course the FBI got involved 
and things sort of slowly died down and 
haven’t heard much since.

CORBIN	
What worries you about the sort of atmosphere 
out there, the culture of some of these 
people, and the way it differs perhaps from 
the past, and what do you think really 
motivates them and drives them now?

VRANESEVICH	
It used to be they were motivated by the love 
of technology.  They wanted to help it 
progress.  They wanted to help develop it, 
they wanted to be able to say I had a part in 
creating this incredible new form that brings 
people across the world together, makes the 
world more of a global village as we call it.  
Now we’re starting to see that change as more 
and more people come on line, younger and 
younger people come on line who are by 
definition less mature.  We’re starting to 
see much more of a malicious attitude where 
it’s sort of like the tough men gang 
mentality, don’t mess with me or I’ll ruin 
you, and unfortunately computers now are 
providing the power where these individuals 
can ruin people, or at least severely disrupt 
our lives or disrupt our nation’s 
infrastructure even.

(End of Interview)