Adrian Lamo and FBI Cyber Squad computer scientist Russell Handorf

10/18/12 Update: 2006 posting at forum – where Russell Handorf still contributes using his “grey hat hacker” handle “satanklawz” – suggests he has been working for FBI three years earlier than his resume claims; Adrian Lamo admits being “friends” with Handorf but still won’t answer any real questions; Chet Uber offers to have Lamo “interview” me – Neal Rauhauser, who claims he has nothing to do with Project Vigilant, suggests I should accept offer – which I will, after they start giving serious answers to my serious questions first; Project Vigilant submitted bid for Voice Stress Analyzer request by BoP to detect if inmates are lying.

Highlights: At college, Russell Handorf used to illegally “sniff” networks for free web access; Decade ago, hosted Adrian Lamo website where he used to be known as “satanklawz”; Defended Lamo online in web forum postings; In 2003, wrote that fugitive Lamo’s enemies might DoS the NY Times, attack investigators; Provided details on web on how to access potential Comcast customers’ private info; Wrote “Fear Not: Hacks, Attacks and Cracks” column; After Philadelphia InfraGard Board of Directors gig, former “grey hat hacker” joined FBI in September of 2009.

[Editor’s Note: Before publishing this article I emailed both Russell Handorf and Adrian Lamo to ask them questions about their past and possibly present relationship, but neither one got back to me. I’ll gladly correct any errors or add comments if they change their minds. My last two articles provide more background on Adrian Lamo, Neal Rauhauser, Project Vigilant and the Bradley Manning case: Bradley Manning Facebook friend was a security and risk management expert and More members from secretive, oddball Project Vigilant group revealed. Article by Ron Brynaert]

The following screenshot was the front page for a website owned by a “Grey Hat hacker” who the FBI hired to be a computer scientist for its Philadelphia Cyber Squad in 2009:

shtcmarchive

 

On November 14, 2001, Russell Handorf left a message at the Penetration Testing Mailing List at seclists.org, where “participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing.”

handorf1

Handorf was responding to a question about “a Cayman router which still has the default password set as blank. Can anyone supply any help in how to show the client that this is dangerous or esculate priv to admin?” In his response, future FBI Cyber Squad computer scientist Handorf mentioned Adrian Lamo, who would be arrested and charged with computer hacking crimes two years later.

to escalate privs, go to the webpage, and then where it has the passwords in the fields…. view the source of the webpage (passwords are there clear text).

for more and better information regarding this, talk to adrian lamo.

handorf2

At the bottom of his message, Handorf listed his personal website and four others which he presumably was attached to: www.russells-world.com www.inside-aol.com www.terrorists.net www.bad-mother-fucker.org and www.philly2600.net.

medium_0714_manninglamo

a January 21, 2001 interview [from a scrubbed article which was re-posted after Bradley Manning’s arrest in June of 2010], Adrian Lamo said that his websites were “inside-aol.com, terrorists.net and securid.org.” When asked, “What do you spend most of your time online doing?” Lamo responded, “breaking and exploring -=) [Hat tip to Adrian Lamo for opining on Facebook that original edit of this paragraph was “confusing on its face”.].

Just a few days ago, Lamo joked on Twitter that he “used to own” www.terrorists.net but that he “turned out just fine!”

Two months before Handorf recommended Lamo, the “homeless hacker” who, years later, would gain infamy after turning in Bradly Manning, “demonstrated” to Kevin Poulsen at SecurityFocus.com, “that he could rewrite the text of Yahoo! News articles at will, apparently using nothing more than a web browser and an easily-obtained Internet address.” Poulsen – who has reported on Lamo many, many times over the last decade – became a journalist after being convicted of computer hacking crimes, and later moved to Wired.com, where he exclusively published the May of 2010 chat logs between Lamo and Manning.

The hacker has a history of exposing the security foibles of corporate behemoths. Last year he helped expose a bug that was allowing hackers to take over AOL Instant Messenger (AIM) accounts. And in May, he warned troubled broadband provider [email protected] that its customer list of 2.95 million cable modem subscribers was accessible to hackers.

Lamo’s hobby is a risky one. Unlike the software vulnerabilities routinely exposed by ‘white hat’ hackers, the holes Lamo goes after are specific to particular networks, and generally cannot be discovered without violating U.S. computer crime law. With every hack, Lamo is betting that the target company will be grateful for the warning, rather than angry over the intrusion.

On October 1, 2001, the College Humor website – which is an “an online depository for all of the content that floats around collegiate computer networks” announced, “Our new friend Russell Handorf has been named the Computer Security Administrator of CollegeHumor.com.He recently discovered a vulnerability in our page display script, notified us, we fixed it, and all was well.”

In 2003, at a collegehumor forum, two people claimed Hardof sent them the following message: “read the Patriot Act- bu bye.”

At college, Russell Handorf used to illegally “sniff” networks for free web access

An article from August 11, 2001 called “Driving Away With Wireless Secrets” published by Newsbytes, reported on how Handorf used to “sniff” networks to get free online internet access.

Some nights when they are bored and the traffic is light in downtown Philadelphia, Russell Handorf and a friend take what they call a “war drive” through the city’s financial district. They’re looking for wireless networks to sniff. Recently this summer, as Handorf, a student at Philadelphia’s Drexel University, was on a slow midnight cruise with his friend at the wheel and his Dell notebook across his lap, the computer’s wireless network card started to pick up a strong signal – right across the street from the headquarters of a major regional bank.

‘Within a couple of minutes, we synched up with the network and it let us in. No authentication at all. They were passing us all the traffic that was going across their network,’ said Handorf.

After his friend pulled the car over, Handorf used the bank’s Internet gateway to connect to his favorite Internet relay chat (IRC) channel.

‘I told my friends, ‘Look at my DNS.’ And they all said, ‘Oh my God, you’re in a bank!’ said Handorf, who claims he has no intention of harming the networks he sniffs, and only does it to get free, anonymous Web access.

A year later, a March 24, 2002 article for the Philadelphia Inquirer called “Drive-by hackers hunt free, easy Web access This man may be tapping into your network” – written by Reid Kanaley – showed that Handof was still “sniffing” for free internet access

Russell Handorf was in a no-parking zone, but so what? His laptop computer, propped against the steering wheel, had his full attention.

Handorf was probing the wireless-computer networks humming around Center City, trying to sneak his way online.

‘I’m on the Internet,’ he finally proclaimed on this recent afternoon. ‘Whaddya know. . . . This is a fast connection, too.’

Utilizing the credit-card-size wireless adapter plugged into the side of his laptop, Handorf, 22, of the city’s Queen Village section, had gotten onto the Net by tapping into the computer system of an unsuspecting business among the nearby office towers

….

Part hacker, part evangelist for high-speed wireless Internet access, Handorf is one of a growing number of computer enthusiasts touting the problems and promises of wireless networking.

One of the problems is the new sport Handorf was demonstrating. Variously called war driving, net stumbling, LAN jacking and drive-by hacking, it is focused on breaking into the so-called Wi-Fi networks that are popping up in more and more offices and homes.

War driving is “‘very common. Anyone who is a tech-savvy geek with a laptop and a wireless NIC [network interface card] is capable of doing it,’ said Handorf, a Memphis, Tenn., native with eyeglasses and close-cropped blond hair, who is studying business at Peirce College. He said he would not mind landing a job in computer security.

“Generally, computer-network intrusion is illegal under federal computer-crime statutes, but no cases involving hacking of wireless systems have been prosecuted, Department of Justice spokeswoman Casey Stavropoulos said last week,” the Inquirer reported. “Managers of two networks that played unwitting hosts to Handorf said last week that they were beefing up security on their systems after learning of his demonstration for this article.”

The 2002 story on Handorf added, “And while he has used some of those networks for Web surfing, it is ‘out of respect’ that he does not attempt to invade his hosts’ computer files.

Russell Handorf’s pre-FBI days as a “grey-hat hacker”

On October 15, 2001 in a discussion called “Civil Disobedience” by the Editor-In-Chief of HackersDigest.com, which quoted several Kevin Poulsen articles, John Thornton worried that about a bill, if passed, he claimed, “Hackers/Script Kiddies will no longer be looked at as just kids messing around with computers, but as terrorists.” In response, referring to himself as a “grey-hat hacker”, future FBI Cyber Squad computer scientist Russell Handorf argued that they shouldn’t “be bothering” the FBI “with Internet stuff when we are capable of doing it ourselves.”

Well, as a sysadmin and grey-hat hacker (not cracker) I’d like to say this… If anyone does abide by this, please do install some sort of alert system like ARIS to collect our knowledge about these news attempts and stuff. It is my understanding that John doesn’t want the companies to report the individuals to the ISPs and governmental agencies. This is a good idea, however it still needs to be reported because new stuff comes up all the time. What if this was sooner and CodeRed came out and no one decided to report anything?

My point is this: knowing that the FBI is first of all is swamped with other physical claims of attacks, why should we be bothering them with Internet stuff when we are capable of doing it ourselves? The lists of users on bugtraq and others are huge, there is much more expertise here than the government will ever set a finger on.

I’m all for what John is saying, however the reports of break ins should not be reported to the g’ovt, but to the lists- and the people in the lists should be more communicative to assist the afflicted company so that new attacks could be fended off like mace to a pack of wild badgers.

please forgive any grammatical and spelling errors, this message was written in haste (lunch time:P).

A definition for hackers at Technopedia states that they “utilize[] alternative system access methods to sabotage computer systems and networks. Hacking actions are differentiated as illegal and unacceptable (black/grey hat hacking), or legal and acceptable (white hat hacking).”

Hacker types are delineated according to intent, as follows:

Black hat hackers break into computer systems illegally and cause harm by stealing or destroying data, i.e., a banking system to steal money for personal gain.

White hat hackers use their skills to help enterprises create robust computer systems.

Grey hat hackers perform illegal hacking activities to show off their skills, rather than to achieve personal gain.

In his pre-FBI days, Russell Handorf defended Adrian Lamo online

handorf4

In a July 1, 2000 posting, Russell Handorf “a.k.a. a deity called alphonzo” claimed that he hosted Lamo’s website, www.inside-aol.com, and that he also owned websites named after the classic sci-fi b-movie “Soylent Green,” which famously starred Charlton Heston, and ends with the classic line, “Soylent Green is made out of people.” A year later, on July 1, 2001, another Handorf forum message says likewise.

According to the Texas US Business Directory Library, “Charles Handorf” was registered as a music company, and along with some of the other websites attached to his forum messages, WWW.SHITCUM.COM is listed, and the email address provided is [email protected]

handorf5

At SlashDot.org, Russell Handorf has a profile, which links to his personal website, http://www.russells-world.com, and links to a few comments he left under his nickname “satanklawz”.

handorf7

In a posting titled “AOL Still Working On AIM Security Hole,” future FBI Cyber Squad computer scientist Russell Handorf wrote at SlashDot.org on December 2, 2000 under the handle “satanklawz” attached to the email address [email protected], “read the article at inside-aol.com. you create an aol account that over gens the AIM account which inturn you need a CC inorder for billing to be authenticated.”

“wrong wrong wrong sir. the exploit is only for AIM and, eventho AOL has “FIXED” it, is still exploitable,” Handorf also wrote as “satanklawz”wrote at SlashDot.org.

handorf6

On December 1, 2001 at Geek.com Ron Kessen commented on an article called “Adrian Lamo’s Continuing Hack Ventures”, and both Lamo and Handorf left comments. “I’m not so sure I want to say this man’s work is good, but on the other hand I am a bit disturbed at how easy it is for him to hack into websites and corporate networks,” Kessen wrote.

Incorrectly configured proxy servers, routers, and Web applications seem to be the most gaping vulnerabilities taken advantage of by this roving hacker. ZDNet calls him a “network intrusion specialist,” but I don’t like that term because it really doesn’t describe what he is. No matter how you slice it, he is breaking into corporate networks and taking advantage of vulnerabilities to gain access to classified or sensitive information he has no right to.

Companies have not gone after him legally because he has helped them fix security holes, and this is good. I just don’t like the picture; I envision another hacker of the same style taking full advantage of vulnerabilities and doing damage of some kind to the networks he compromises. Seems like if Lamo really wants to do security work he should get a real job like the rest of us. But I guess that wouldn’t be right; he might have to make a commitment, and we couldn’t have that, could we?

Five hours later, using the header “i’m not a preacher or a traveling salesman,” Lamo responded, “I generally don’t participate in discussions about me it feels crass. I’m not here to convince any of you of anything in particular. Debate over things like this is important to cultural evolution. It would be somehow unhealthy if there was no disagreement over this.”

Two people can look at the same event or person and come away with different conclusions without either having to be wrong — as long as this is the case, the world is probably still ticking.

All I want here is for you to be informed before making up your mind. Don’t take any one article as your sole source of information on this, or anything. Look further. Right up to the most damning ones. Moreover.com is a great source for this. Even then, remember that no one gets it exactly right.

If you believe that a person couldn’t follow a course without a motive, or that an action couldn’t find a person, rather than vice-versa, you may also believe that likening someone to Don Quixote is a bad thing.

Thanks to everyone who stopped to think about this, regardless of your final opinion. JMS put it best — our thoughts form the universe, they always matter.

A day later, Handorf defended Lamo, arguing, “Apparently the flame wars concerning jealousy have started.”

Everyone wants fame in some form or fashion, hackers earn theirs by playing the game of cat ‘n mouse (more like gazelle and cheetah now a days). From my observations from people who know him personally, and also persons who interact with him on an almost daily basis, Adrian is a very loyal, respectful, honorable man. Those individuals who say that he is wasting his time away by not conforming into Corporate America should work for old school companies like IBM (In reference to that old commercial, I think the first, that Apple Computers had) and be restricted to conformity. Hackers, at least the successful ones in my option, do not conform for any reason. It is this kind of thinking of ‘Lets try something new’ that exposes the weaknesses of the person who is still thinking within the box.

As for people loosing their jobs concerning computer hackers- if your company gets hacked by a documented exploit etc, it is not the hackers fault it is the company’s fault. Adrian’s reverse proxy attacks have been documented for quite some time (Since the [email protected] if I’m not mistaken). If people at WorldCom lost their jobs because of this, good. Why is it good? Because the incompetence and ignorance is being weeded out. Certifications and pieces of paper mean nothing in the world of computer security. The only reason why they exist is so that companies like Cisco can find another source of income. The only true computer security experts are hackers (btw- don’t get hacker and cracker and all those others confused) because they actually have a love for the art, spend the time learning, and also love what they do regardless of their pay.

Kudos to Adrian. He does what he loves regardless of pay. He does what he loves because of a never dieing curiosity. I leave this post with one more phrase. Curiosity killed the cat, but satisfaction brought him back.

A comment – most likely – left by Handorf at SecurityFocus.com on June 29, 2001, was left under the name “satanklawz (at) terrorists (dot) net [email concealed],” which suggests Russell used that nickname at another Adrian Lamo website.

In 2003, Russell Handorf wrote that fugitive Adrian Lamo’s enemies might DoS the NY Times, attack investigators

handorf8

On September 7, 2003, Handorf left a comment on a forum at infosyssec.com called “Adrian Lamo Live on TechTV discusses the FBI hunt for him…” which stated that “you can out right shoot” someone “in the physical world” if they “break into” your “personal property.” While Lamos was a fugitive still at large, future FBI computer scientist Russell Handorf claimed that he feared “people who aren’t his friends” might “unleash that hellous DoS against NYT and attack the people heading this investigation.” Interspersed throughout his somewhat scary comments, Handorf included a few animated smiley faces.

‘I have a problem with the attempts of applying the analogy of “is it legal if someone were to break into , not do anything and tell you how to fix it?’ The biggest issue with it that I have is that, in the physical world, you can out right shoot the person upon entry Razz Physical vs metaphysical (kinda- electrons have weight last time i checked Razz).

As he stated, if they don’t play fair he’ll give them a run for their money. I believe that to be the truth Razz The other issue that I’m concerned about are the people who aren’t his friends, but heard of/support/etc him and are going to unleash that hellous DoS against NYT and attack the people heading this investigation are going to bring more woe onto Lamo.

As he said, this is going to be really really interesting as to how this pans out.

adrian-lamo-arrest-warrant

On March 3, 2004, Handorf started a forum thread at infosyssec.com called “Adrian Lamo’s 1st article – Profiling network administrators,” which linked to the March 1, 2004 www.networkworld.com story, and began with the Editor’s Note: “Adrian Lamo, a white hat hacker who pled guilty to accessing The New York Times computers without permission, agreed to share what he knows about some of the common IT security slips network administrators make. Lamo studies journalism at American River College in Sacramento, Calif, as he awaits sentencing next month.”

“Well, It’s a start,” Handorf wrote with an animated smiley face attached to the end of his sentence.

Russell Handorf provided details on web on how to access potential Comcast customers’ private info

Eight days before 9/11, on September 3, 2001 in bugtraq posting called “verizon wireless website gaping privacy holes,” Handorf wrote, “that was the point of the post- already i’ve been able to find a way to gather information of finding my peers (friends n such) phone number [Editor’s Note: Adrian Lamo sarcastically comments at his Facebook page that the reference to 9/11 is “[t]asteful and relevant”; sorry, Adrian, I wasn’t trying to suggest you and “satanklawz” were part of any terrorist plot, but how about addressing real questions instead of cherry-picking stuff to snark at?].

they (verizon) has another database which links to this one that shows customer names/numbers -> info holes

this is my most preferable way to tell my colleagues that they’re about to max out their minutes. verizon knows that these holes are exploitable, but they wont do anything about them. the problem have persisted since bellatlantic has changed their name to verizon.

On February 6, 2002, Handorf wrote on a seclists.org message forum, “Back when excite () home was compromised by adrian lamo, I was privy to such access as well. On the computer havoc.corp.home.net there lay the ‘help desk’ interface, where the users settings were editable. I distinctly remember the speed being an editable option for the modems. However the only way, to my current knowledge, it to edit this information on the ISP side- still. I remember a while back when faster transmission speeds were achieved via just plugging in a 100 base t nic and setting it to full duplex, but this is not the case anymore.”

“As for current hacks for cable modems, there are a few that I have discovered specifically with comcast.net,” Handorf added. “However this cannot be disclosed at this time. I will post it at a later date.”

On February 7, 2002 MSNBC published an articled called “Comcast broadband data exposed,” which claimed that future FBI computer scientist Russell Handorf left details on how to access a database containing private information of potential subscribers.

A database with thousands of records detailing potential Comcast Business Communications Internet customers was found exposed on the Web this week by a computer security researcher. Phone numbers, addresses, private customer service comments and monthly billing information belonging to several thousand, mostly corporate users, was exposed. The so-called ‘leads’ database included prospective customers and was protected only by the same username and password ‘test.’

DETAILS FOR ACCESSING the database were posted in an Internet mailing list devoted to computer security issues on Wednesday by researcher Russell Handorf.

Anyone following the trivial instructions found a Web-based ‘front-end’ to a database of leads for Comcast Business Communications — a division of Comcast Telecommunications Inc.

Among the options listed on the site were sales calls by zip code, revenue forecasts, sales pending, top 100 customers and ‘approved credit memos.’ One page labeled ‘maintenance’ included options like ‘add employee’ and ‘run billing,’ though it was not immediately known if such functions could really be carried out via the Internet page.

However, “[i]t did not appear that credit card information of bank account information was exposed,” MSNBC reported.

A February 8, 2002 article at Computer World – written by Todd R. Weiss – reported, “A hacker found a list of potential corporate customers on the Web site of Comcast Business Communications Inc. and exposed data from the list in an online security forum, forcing the company to shut down the site yesterday for an internal review.”

The vulnerability was exposed by a hacker who identified himself as Russell Handorf in a security forum posting on the Web site of San Mateo, Calif.-based SecurityFocus.

In an interview today, Handorf, 21, said he found the unlinked Web page by using a proxy hunting program while looking through the CBC site in December. Handorf said he was interested in the Comcast site because he expected to find security vulnerabilities due to the transition under way by Philadelphia-based parent company cable company Comcast Corp., after its acquisition of Denver-based AT&T Broadband in December.

What he found, he said, were Web servers that he could access by using common user names and passwords such as ‘user’ and ‘test.’ The vulnerabilities are there, he said, because administrators have a massive amount of work ahead of them and are apparently prone to “simple oversights.”

‘My intent was to find something and tell them about it,’ said Handorf, a Philadelphia-based computer security researcher.

Handorf said that he notified Comcast of the problem but that the company denied any vulnerabilities. Then, on Feb. 6, he posted his message on the SecurityForum list, he said. After that, Handorf said, Comcast thanked him for finding the problem and telling them about it. ‘My intentions are good,’ he said.

lamocomcasttweet

Seven years later when Comcast’s homepage and website were hacked, Adrian Lamo tweeted on November 26, 2009, “And here Comcast greeted my news happily. Delivery, people. All in the delivery.” [Editor’s Note: I’m not sure if Lamo was claiming that he had something to do with Handorf’s exposure of potential Comcast customers’ personal info.] A year later, “Christopher Allen Lewis, a.k.a. ‘EBK,’ 20, of Newark, Delaware, and Michael Paul Nebel, a.k.a. ‘Slacker,’ 28, of Kalamazoo, Michigan,” who were “associated with hacker group Kryogeniks”, pleaded guilty and “were sentenced to 18 months in prison”, according to news reports.

On March 22, 2006, Handorf left the following message and picture on an infosyssec.com forum board.

Sorry, this thread is just too good to stay away from Smile

First point I want to make is that the goverment does have a role in regulating companies. One word: monopolies. When they get out of hand, you get that 5,000 dollar long distance bill for calling Aunt Edna you dont have any one to complain to, or any other choice for useage. I applaud the government for looking into companies not just for monopoly related issues, but issues similiar to Enron, Adelphia, etc. Who’s to keep the company’s honest? The customer? Hell no. (which raises who keeps the government honest, but living in one that has debated what the word “is” means and continues to interfeer with peoples personal rights and beliefs, I plead the fiz’ifth).

Other point is along the lines of once data is out, it’s public. Hell yea, this is jsut the way things are. Companies will harvest this info, toss it into GIS databases, analyze, market, sell, buy, etc. All to do what? Make money. This is what businesses do, leave that alone. If you dont want businesses to make money, then you dont want an economy. Face up, things will NEVER be like they are on Star Trek for one reason: humans. We’re stingy, greedy, smelly critters that love to horde things for ourselves. Nothing beats human nature in this case.

And that being said, I submit this creepy image.

makeitso

Russell Handorf’s “Fear Not: Hacks, Attacks and Cracks” column

Ken Belva, Publisher and Editor-in-Chief at bloginfosec.com, wrote the following recommendation for Handorf at LinkedIn.com on December 1, 2010, which didn’t mention his position at the FBI: “Ken’s ability to create a new information security media outlet, to recruit authors and to then help direct the theme of the content greatly exemplifies his visions of information security and to herd the proverbial cats. He has been a great colleague and sounding board for new, adventurous and challenging topics for discussion. I’ve enjoyed writing for him and look forward to working with him in the future.”

Handorf used to write the column, “Fear Not: Hacks, Attacks and Cracks” for bloginfosec.com, according to a bio posted on March 4, 1999.

One of Handorf’s columns on counterfeit Cisco hardware, published on May 6, 2008, linked to an October 23, 2006 networld.com article in which future Democratic consultant Neal Rauhauser is quoted. Rauhauser and Adrian Lamo, would later “volunteer” for Project Vigilant, under director Chet Uber.

‘Recently, I did some voice over IP integration for a client in Huntsville, and the engineer there asked if he could pay me with five extra VoIP network cards he had left over from the project,’ says Neal Rauhauser, founder of Layer 3 Arts, a system integrator in Omaha. ‘I got four cards I could use, and one that was counterfeit.’

Fortunately, Rauhauser never installs anything before checking it first. He’s wise to counterfeits, having had his first run-in with such products in 2004, when two of six new Cisco 1721 routers started acting up at one of his client sites, a large auto manufacturer in Michigan. They turned out to be counterfeit, and he has since been campaigning against counterfeit products.

There were visible differences between the counterfeit and the real gear, he says, but only after close inspection. The counterfeit VoIP card had a brand-new box even though the card was 4 years old. He also noticed discrepancies in packaging and labeling.

‘The printing on the bar-code label was fuzzy like it’d been printed off a low-quality printer instead of a laser. And its internal packaging was a plastic bag instead of a plastic box like the others,’ Rauhauser says.

He contacted the customer who gave him the product, and the customer admitted he bought the cards off eBay. The four good cards came from a reputable seller. The bad card came from TFS Systems, which claims to be a Cisco registered reseller that buys only from Cisco’s top-tier distributors. Rauhauser took pictures of the differences in products and called TFS to find how they wound up selling counterfeit product to his client.

‘They were ready to pull my leg and tell me I was wrong. So I told them I was going to the FBI,’ Rauhauser says. ‘Then they asked me to box it up again, keep it pristine and they’ll get me my money. I’m sure they sold it again on eBay right after they got it.’

A column Handorf wrote on May 28, 2008 called “Real VoIPsploits: Helping to Introduce Your Local SWAT Team” addressed “Caller ID spoofing.”

This isn’t new stuff; traditional PBX’s have been spoofing phone numbers for a very long time. This is evident in when you get a phone call from most organizations and the number comes up as a 1800, or the like. However, there are services out on the Internet that sell caller ID spoofing to anyone who is willing to pay.

So what? What’s the worse that can happen? You can ask the people who were victimized by the latest mischievous pranks, often called SWATing. If you guess that this social engineering hack involves law enforcement, you’re right. Recently, a ring of phone hackers (phreakers) used services that allow you change your caller ID over the Internet to terrorize some of their peers and total strangers. They would call the police and emergency communications centers with a spoofed caller ID pretending to be a crazed person who has hostages. As you can imagine the result is the local SWAT team ready to siege and apprehend the suspect. Fortunately, no one seems to have been hurt and the most of the perpetrators were apprehended, but this is still ongoing.

Russell Handorf joins FBI in 2009, after serving on Philadelphia InfraGard Board of Directors

According to a profile of Handorf at zoominfo.com, he earned a PhD for Information Assurance and a Masters degree for Information Security at Drexel University’s Goodwin College.”

Leave a Reply

Your email address will not be published. Required fields are marked *