Tuesday, October 16, 2012

Adrian Lamo and FBI Cyber Squad computer scientist Russell Handorf

10/18/12 Update: 2006 posting at forum - where Russell Handorf still contributes using his "grey hat hacker" handle "satanklawz" - suggests he has been working for FBI three years earlier than his resume claims; Adrian Lamo admits being "friends" with Handorf but still won't answer any real questions; Chet Uber offers to have Lamo "interview" me - Neal Rauhauser, who claims he has nothing to do with Project Vigilant, suggests I should accept offer - which I will, after they start giving serious answers to my serious questions first; Project Vigilant submitted bid for Voice Stress Analyzer request by BoP to detect if inmates are lying.

Highlights: At college, Russell Handorf used to illegally "sniff" networks for free web access; Decade ago, hosted Adrian Lamo website where he used to be known as "satanklawz"; Defended Lamo online in web forum postings; In 2003, wrote that fugitive Lamo's enemies might DoS the NY Times, attack investigators; Provided details on web on how to access potential Comcast customers' private info; Wrote "Fear Not: Hacks, Attacks and Cracks" column; After Philadelphia InfraGard Board of Directors gig, former "grey hat hacker" joined FBI in September of 2009.

[Editor's Note: Before publishing this article I emailed both Russell Handorf and Adrian Lamo to ask them questions about their past and possibly present relationship, but neither one got back to me. I'll gladly correct any errors or add comments if they change their minds. My last two articles provide more background on Adrian Lamo, Neal Rauhauser, Project Vigilant and the Bradley Manning case: Bradley Manning Facebook friend was a security and risk management expert and More members from secretive, oddball Project Vigilant group revealed. Article by Ron Brynaert]

The following screenshot was the front page for a website owned by a "Grey Hat hacker" who the FBI hired to be a computer scientist for its Philadelphia Cyber Squad in 2009:

On November 14, 2001, Russell Handorf left a message at the Penetration Testing Mailing List at seclists.org, where "participants frequenly disclose techniques and strategies that would be useful to anyone with a practical interest in security and network auditing."

Handorf was responding to a question about "a Cayman router which still has the default password set as blank. Can anyone supply any help in how to show the client that this is dangerous or esculate priv to admin?" In his response, future FBI Cyber Squad computer scientist Handorf mentioned Adrian Lamo, who would be arrested and charged with computer hacking crimes two years later.
to escalate privs, go to the webpage, and then where it has the passwords in the fields.... view the source of the webpage (passwords are there clear text).

for more and better information regarding this, talk to adrian lamo.

At the bottom of his message, Handorf listed his personal website and four others which he presumably was attached to: www.russells-world.com www.inside-aol.com www.terrorists.net www.bad-mother-fucker.org and www.philly2600.net.

In a January 21, 2001 interview [from a scrubbed article which was re-posted after Bradley Manning's arrest in June of 2010], Adrian Lamo said that his websites were "inside-aol.com, terrorists.net and securid.org." When asked, "What do you spend most of your time online doing?" Lamo responded, "breaking and exploring -=) [Hat tip to Adrian Lamo for opining on Facebook that original edit of this paragraph was "confusing on its face".].

Just a few days ago, Lamo joked on Twitter that he "used to own" www.terrorists.net but that he "turned out just fine!"

Two months before Handorf recommended Lamo, the "homeless hacker" who, years later, would gain infamy after turning in Bradly Manning, "demonstrated" to Kevin Poulsen at SecurityFocus.com, "that he could rewrite the text of Yahoo! News articles at will, apparently using nothing more than a web browser and an easily-obtained Internet address." Poulsen - who has reported on Lamo many, many times over the last decade - became a journalist after being convicted of computer hacking crimes, and later moved to Wired.com, where he exclusively published the May of 2010 chat logs between Lamo and Manning.
"The hacker has a history of exposing the security foibles of corporate behemoths. Last year he helped expose a bug that was allowing hackers to take over AOL Instant Messenger (AIM) accounts. And in May, he warned troubled broadband provider Excite@Home that its customer list of 2.95 million cable modem subscribers was accessible to hackers.

Lamo's hobby is a risky one. Unlike the software vulnerabilities routinely exposed by 'white hat' hackers, the holes Lamo goes after are specific to particular networks, and generally cannot be discovered without violating U.S. computer crime law. With every hack, Lamo is betting that the target company will be grateful for the warning, rather than angry over the intrusion.
On October 1, 2001, the College Humor website - which is an "an online depository for all of the content that floats around collegiate computer networks" announced, "Our new friend Russell Handorf has been named the Computer Security Administrator of CollegeHumor.com.He recently discovered a vulnerability in our page display script, notified us, we fixed it, and all was well."

In 2003, at a collegehumor forum, two people claimed Hardof sent them the following message: "read the Patriot Act- bu bye."

At college, Russell Handorf used to illegally "sniff" networks for free web access

An article from August 11, 2001 called "Driving Away With Wireless Secrets" published by Newsbytes, reported on how Handorf used to "sniff" networks to get free online internet access.
Some nights when they are bored and the traffic is light in downtown Philadelphia, Russell Handorf and a friend take what they call a "war drive" through the city's financial district. They're looking for wireless networks to sniff. Recently this summer, as Handorf, a student at Philadelphia's Drexel University, was on a slow midnight cruise with his friend at the wheel and his Dell notebook across his lap, the computer's wireless network card started to pick up a strong signal - right across the street from the headquarters of a major regional bank.

'Within a couple of minutes, we synched up with the network and it let us in. No authentication at all. They were passing us all the traffic that was going across their network,' said Handorf.

After his friend pulled the car over, Handorf used the bank's Internet gateway to connect to his favorite Internet relay chat (IRC) channel.

'I told my friends, 'Look at my DNS.' And they all said, 'Oh my God, you're in a bank!' said Handorf, who claims he has no intention of harming the networks he sniffs, and only does it to get free, anonymous Web access.
A year later, a March 24, 2002 article for the Philadelphia Inquirer called "Drive-by hackers hunt free, easy Web access This man may be tapping into your network" - written by Reid Kanaley - showed that Handof was still "sniffing" for free internet access

"Russell Handorf was in a no-parking zone, but so what? His laptop computer, propped against the steering wheel, had his full attention.

Handorf was probing the wireless-computer networks humming around Center City, trying to sneak his way online.

'I'm on the Internet,' he finally proclaimed on this recent afternoon. 'Whaddya know. . . . This is a fast connection, too.'

Utilizing the credit-card-size wireless adapter plugged into the side of his laptop, Handorf, 22, of the city's Queen Village section, had gotten onto the Net by tapping into the computer system of an unsuspecting business among the nearby office towers


Part hacker, part evangelist for high-speed wireless Internet access, Handorf is one of a growing number of computer enthusiasts touting the problems and promises of wireless networking.

One of the problems is the new sport Handorf was demonstrating. Variously called war driving, net stumbling, LAN jacking and drive-by hacking, it is focused on breaking into the so-called Wi-Fi networks that are popping up in more and more offices and homes.

War driving is "'very common. Anyone who is a tech-savvy geek with a laptop and a wireless NIC [network interface card] is capable of doing it,' said Handorf, a Memphis, Tenn., native with eyeglasses and close-cropped blond hair, who is studying business at Peirce College. He said he would not mind landing a job in computer security.
"Generally, computer-network intrusion is illegal under federal computer-crime statutes, but no cases involving hacking of wireless systems have been prosecuted, Department of Justice spokeswoman Casey Stavropoulos said last week," the Inquirer reported. "Managers of two networks that played unwitting hosts to Handorf said last week that they were beefing up security on their systems after learning of his demonstration for this article."

The 2002 story on Handorf added, "And while he has used some of those networks for Web surfing, it is 'out of respect' that he does not attempt to invade his hosts' computer files.

Russell Handorf's pre-FBI days as a "grey-hat hacker"

On October 15, 2001 in a discussion called "Civil Disobedience" by the Editor-In-Chief of HackersDigest.com, which quoted several Kevin Poulsen articles, John Thornton worried that about a bill, if passed, he claimed, "Hackers/Script Kiddies will no longer be looked at as just kids messing around with computers, but as terrorists." In response, referring to himself as a "grey-hat hacker", future FBI Cyber Squad computer scientist Russell Handorf argued that they shouldn't "be bothering" the FBI "with Internet stuff when we are capable of doing it ourselves."

"Well, as a sysadmin and grey-hat hacker (not cracker) I'd like to say this... If anyone does abide by this, please do install some sort of alert system like ARIS to collect our knowledge about these news attempts and stuff. It is my understanding that John doesn't want the companies to report the individuals to the ISPs and governmental agencies. This is a good idea, however it still needs to be reported because new stuff comes up all the time. What if this was sooner and CodeRed came out and no one decided to report anything?

My point is this: knowing that the FBI is first of all is swamped with other physical claims of attacks, why should we be bothering them with Internet stuff when we are capable of doing it ourselves? The lists of users on bugtraq and others are huge, there is much more expertise here than the government will ever set a finger on.

I'm all for what John is saying, however the reports of break ins should not be reported to the g'ovt, but to the lists- and the people in the lists should be more communicative to assist the afflicted company so that new attacks could be fended off like mace to a pack of wild badgers.

please forgive any grammatical and spelling errors, this message was written in haste (lunch time:P).
A definition for hackers at Technopedia states that they "utilize[] alternative system access methods to sabotage computer systems and networks. Hacking actions are differentiated as illegal and unacceptable (black/grey hat hacking), or legal and acceptable (white hat hacking)."
"Hacker types are delineated according to intent, as follows:

Black hat hackers break into computer systems illegally and cause harm by stealing or destroying data, i.e., a banking system to steal money for personal gain.

White hat hackers use their skills to help enterprises create robust computer systems.

Grey hat hackers perform illegal hacking activities to show off their skills, rather than to achieve personal gain.
In his pre-FBI days, Russell Handorf defended Adrian Lamo online

In a July 1, 2000 posting, Russell Handorf "a.k.a. a deity called alphonzo" claimed that he hosted Lamo's website, www.inside-aol.com, and that he also owned websites named after the classic sci-fi b-movie "Soylent Green," which famously starred Charlton Heston, and ends with the classic line, "Soylent Green is made out of people." A year later, on July 1, 2001, another Handorf forum message says likewise.

According to the Texas US Business Directory Library, "Charles Handorf" was registered as a music company, and along with some of the other websites attached to his forum messages, WWW.SHITCUM.COM is listed, and the email address provided is satanklawz@yahoo.com

At SlashDot.org, Russell Handorf has a profile, which links to his personal website, http://www.russells-world.com, and links to a few comments he left under his nickname "satanklawz".

In a posting titled "AOL Still Working On AIM Security Hole," future FBI Cyber Squad computer scientist Russell Handorf wrote at SlashDot.org on December 2, 2000 under the handle "satanklawz" attached to the email address root@inside-aol.com, "read the article at inside-aol.com. you create an aol account that over gens the AIM account which inturn you need a CC inorder for billing to be authenticated."

"wrong wrong wrong sir. the exploit is only for AIM and, eventho AOL has "FIXED" it, is still exploitable," Handorf also wrote as "satanklawz" wrote at SlashDot.org.

On December 1, 2001 at Geek.com Ron Kessen commented on an article called "Adrian Lamo's Continuing Hack Ventures", and both Lamo and Handorf left comments. "I'm not so sure I want to say this man's work is good, but on the other hand I am a bit disturbed at how easy it is for him to hack into websites and corporate networks," Kessen wrote.
"Incorrectly configured proxy servers, routers, and Web applications seem to be the most gaping vulnerabilities taken advantage of by this roving hacker. ZDNet calls him a “network intrusion specialist,” but I don't like that term because it really doesn't describe what he is. No matter how you slice it, he is breaking into corporate networks and taking advantage of vulnerabilities to gain access to classified or sensitive information he has no right to.

Companies have not gone after him legally because he has helped them fix security holes, and this is good. I just don't like the picture; I envision another hacker of the same style taking full advantage of vulnerabilities and doing damage of some kind to the networks he compromises. Seems like if Lamo really wants to do security work he should get a real job like the rest of us. But I guess that wouldn't be right; he might have to make a commitment, and we couldn't have that, could we?
Five hours later, using the header "i'm not a preacher or a traveling salesman," Lamo responded, "I generally don't participate in discussions about me it feels crass. I'm not here to convince any of you of anything in particular. Debate over things like this is important to cultural evolution. It would be somehow unhealthy if there was no disagreement over this."
"Two people can look at the same event or person and come away with different conclusions without either having to be wrong — as long as this is the case, the world is probably still ticking.

All I want here is for you to be informed before making up your mind. Don't take any one article as your sole source of information on this, or anything. Look further. Right up to the most damning ones. Moreover.com is a great source for this. Even then, remember that no one gets it exactly right.

If you believe that a person couldn't follow a course without a motive, or that an action couldn't find a person, rather than vice-versa, you may also believe that likening someone to Don Quixote is a bad thing.

Thanks to everyone who stopped to think about this, regardless of your final opinion. JMS put it best — our thoughts form the universe, they always matter.
A day later, Handorf defended Lamo, arguing, "Apparently the flame wars concerning jealousy have started."
"Everyone wants fame in some form or fashion, hackers earn theirs by playing the game of cat 'n mouse (more like gazelle and cheetah now a days). From my observations from people who know him personally, and also persons who interact with him on an almost daily basis, Adrian is a very loyal, respectful, honorable man. Those individuals who say that he is wasting his time away by not conforming into Corporate America should work for old school companies like IBM (In reference to that old commercial, I think the first, that Apple Computers had) and be restricted to conformity. Hackers, at least the successful ones in my option, do not conform for any reason. It is this kind of thinking of 'Lets try something new' that exposes the weaknesses of the person who is still thinking within the box.

As for people loosing their jobs concerning computer hackers- if your company gets hacked by a documented exploit etc, it is not the hackers fault it is the company's fault. Adrian's reverse proxy attacks have been documented for quite some time (Since the Excite@Home if I'm not mistaken). If people at WorldCom lost their jobs because of this, good. Why is it good? Because the incompetence and ignorance is being weeded out. Certifications and pieces of paper mean nothing in the world of computer security. The only reason why they exist is so that companies like Cisco can find another source of income. The only true computer security experts are hackers (btw- don't get hacker and cracker and all those others confused) because they actually have a love for the art, spend the time learning, and also love what they do regardless of their pay.

Kudos to Adrian. He does what he loves regardless of pay. He does what he loves because of a never dieing curiosity. I leave this post with one more phrase. Curiosity killed the cat, but satisfaction brought him back.
A comment - most likely - left by Handorf at SecurityFocus.com on June 29, 2001, was left under the name "satanklawz (at) terrorists (dot) net [email concealed]," which suggests Russell used that nickname at another Adrian Lamo website.

In 2003, Russell Handorf wrote that fugitive Adrian Lamo's enemies might DoS the NY Times, attack investigators

On September 7, 2003, Handorf left a comment on a forum at infosyssec.com called "Adrian Lamo Live on TechTV discusses the FBI hunt for him..." which stated that "you can out right shoot" someone "in the physical world" if they "break into" your "personal property." While Lamos was a fugitive still at large, future FBI computer scientist Russell Handorf claimed that he feared "people who aren't his friends" might "unleash that hellous DoS against NYT and attack the people heading this investigation." Interspersed throughout his somewhat scary comments, Handorf included a few animated smiley faces.
"'I have a problem with the attempts of applying the analogy of "is it legal if someone were to break into , not do anything and tell you how to fix it?' The biggest issue with it that I have is that, in the physical world, you can out right shoot the person upon entry Razz Physical vs metaphysical (kinda- electrons have weight last time i checked Razz).

As he stated, if they don't play fair he'll give them a run for their money. I believe that to be the truth Razz The other issue that I'm concerned about are the people who aren't his friends, but heard of/support/etc him and are going to unleash that hellous DoS against NYT and attack the people heading this investigation are going to bring more woe onto Lamo.

As he said, this is going to be really really interesting as to how this pans out.
On March 3, 2004, Handorf started a forum thread at infosyssec.com called "Adrian Lamo's 1st article - Profiling network administrators," which linked to the March 1, 2004 www.networkworld.com story, and began with the Editor's Note: "Adrian Lamo, a white hat hacker who pled guilty to accessing The New York Times computers without permission, agreed to share what he knows about some of the common IT security slips network administrators make. Lamo studies journalism at American River College in Sacramento, Calif, as he awaits sentencing next month."

"Well, It's a start," Handorf wrote with an animated smiley face attached to the end of his sentence.

Russell Handorf provided details on web on how to access potential Comcast customers' private info

Eight days before 9/11, on September 3, 2001 in bugtraq posting called "verizon wireless website gaping privacy holes," Handorf wrote, "that was the point of the post- already i've been able to find a way to gather information of finding my peers (friends n such) phone number [Editor's Note: Adrian Lamo sarcastically comments at his Facebook page that the reference to 9/11 is "[t]asteful and relevant"; sorry, Adrian, I wasn't trying to suggest you and "satanklawz" were part of any terrorist plot, but how about addressing real questions instead of cherry-picking stuff to snark at?].
"they (verizon) has another database which links to this one that shows customer names/numbers -> info holes

this is my most preferable way to tell my colleagues that they're about to max out their minutes. verizon knows that these holes are exploitable, but they wont do anything about them. the problem have persisted since bellatlantic has changed their name to verizon.
On February 6, 2002, Handorf wrote on a seclists.org message forum, "Back when excite () home was compromised by adrian lamo, I was privy to such access as well. On the computer havoc.corp.home.net there lay the 'help desk' interface, where the users settings were editable. I distinctly remember the speed being an editable option for the modems. However the only way, to my current knowledge, it to edit this information on the ISP side- still. I remember a while back when faster transmission speeds were achieved via just plugging in a 100 base t nic and setting it to full duplex, but this is not the case anymore."

"As for current hacks for cable modems, there are a few that I have discovered specifically with comcast.net," Handorf added. "However this cannot be disclosed at this time. I will post it at a later date."

On February 7, 2002 MSNBC published an articled called "Comcast broadband data exposed," which claimed that future FBI computer scientist Russell Handorf left details on how to access a database containing private information of potential subscribers.
"A database with thousands of records detailing potential Comcast Business Communications Internet customers was found exposed on the Web this week by a computer security researcher. Phone numbers, addresses, private customer service comments and monthly billing information belonging to several thousand, mostly corporate users, was exposed. The so-called 'leads' database included prospective customers and was protected only by the same username and password 'test.'

DETAILS FOR ACCESSING the database were posted in an Internet mailing list devoted to computer security issues on Wednesday by researcher Russell Handorf.

Anyone following the trivial instructions found a Web-based 'front-end' to a database of leads for Comcast Business Communications — a division of Comcast Telecommunications Inc.

Among the options listed on the site were sales calls by zip code, revenue forecasts, sales pending, top 100 customers and 'approved credit memos.' One page labeled 'maintenance' included options like 'add employee' and 'run billing,' though it was not immediately known if such functions could really be carried out via the Internet page.
However, "[i]t did not appear that credit card information of bank account information was exposed," MSNBC reported.

A February 8, 2002 article at Computer World - written by Todd R. Weiss - reported, "A hacker found a list of potential corporate customers on the Web site of Comcast Business Communications Inc. and exposed data from the list in an online security forum, forcing the company to shut down the site yesterday for an internal review."
"The vulnerability was exposed by a hacker who identified himself as Russell Handorf in a security forum posting on the Web site of San Mateo, Calif.-based SecurityFocus.

In an interview today, Handorf, 21, said he found the unlinked Web page by using a proxy hunting program while looking through the CBC site in December. Handorf said he was interested in the Comcast site because he expected to find security vulnerabilities due to the transition under way by Philadelphia-based parent company cable company Comcast Corp., after its acquisition of Denver-based AT&T Broadband in December.

What he found, he said, were Web servers that he could access by using common user names and passwords such as 'user' and 'test.' The vulnerabilities are there, he said, because administrators have a massive amount of work ahead of them and are apparently prone to "simple oversights."

'My intent was to find something and tell them about it,' said Handorf, a Philadelphia-based computer security researcher.

Handorf said that he notified Comcast of the problem but that the company denied any vulnerabilities. Then, on Feb. 6, he posted his message on the SecurityForum list, he said. After that, Handorf said, Comcast thanked him for finding the problem and telling them about it. 'My intentions are good,' he said.
Seven years later when Comcast's homepage and website were hacked, Adrian Lamo tweeted on November 26, 2009, "And here Comcast greeted my news happily. Delivery, people. All in the delivery." [Editor's Note: I'm not sure if Lamo was claiming that he had something to do with Handorf's exposure of potential Comcast customers' personal info.] A year later, "Christopher Allen Lewis, a.k.a. 'EBK,' 20, of Newark, Delaware, and Michael Paul Nebel, a.k.a. 'Slacker,' 28, of Kalamazoo, Michigan," who were "associated with hacker group Kryogeniks", pleaded guilty and "were sentenced to 18 months in prison", according to news reports.

On March 22, 2006, Handorf left the following message and picture on an infosyssec.com forum board.
"Sorry, this thread is just too good to stay away from Smile

First point I want to make is that the goverment does have a role in regulating companies. One word: monopolies. When they get out of hand, you get that 5,000 dollar long distance bill for calling Aunt Edna you dont have any one to complain to, or any other choice for useage. I applaud the government for looking into companies not just for monopoly related issues, but issues similiar to Enron, Adelphia, etc. Who's to keep the company's honest? The customer? Hell no. (which raises who keeps the government honest, but living in one that has debated what the word "is" means and continues to interfeer with peoples personal rights and beliefs, I plead the fiz'ifth).

Other point is along the lines of once data is out, it's public. Hell yea, this is jsut the way things are. Companies will harvest this info, toss it into GIS databases, analyze, market, sell, buy, etc. All to do what? Make money. This is what businesses do, leave that alone. If you dont want businesses to make money, then you dont want an economy. Face up, things will NEVER be like they are on Star Trek for one reason: humans. We're stingy, greedy, smelly critters that love to horde things for ourselves. Nothing beats human nature in this case.

And that being said, I submit this creepy image.

Russell Handorf's "Fear Not: Hacks, Attacks and Cracks" column

Ken Belva, Publisher and Editor-in-Chief at bloginfosec.com, wrote the following recommendation for Handorf at LinkedIn.com on December 1, 2010, which didn't mention his position at the FBI: "Ken's ability to create a new information security media outlet, to recruit authors and to then help direct the theme of the content greatly exemplifies his visions of information security and to herd the proverbial cats. He has been a great colleague and sounding board for new, adventurous and challenging topics for discussion. I've enjoyed writing for him and look forward to working with him in the future."

Handorf used to write the column, "Fear Not: Hacks, Attacks and Cracks" for bloginfosec.com, according to a bio posted on March 4, 1999.

One of Handorf's columns on counterfeit Cisco hardware, published on May 6, 2008, linked to an October 23, 2006 networld.com article in which future Democratic consultant Neal Rauhauser is quoted. Rauhauser and Adrian Lamo, would later "volunteer" for Project Vigilant, under director Chet Uber.
"'Recently, I did some voice over IP integration for a client in Huntsville, and the engineer there asked if he could pay me with five extra VoIP network cards he had left over from the project,' says Neal Rauhauser, founder of Layer 3 Arts, a system integrator in Omaha. 'I got four cards I could use, and one that was counterfeit.'

Fortunately, Rauhauser never installs anything before checking it first. He's wise to counterfeits, having had his first run-in with such products in 2004, when two of six new Cisco 1721 routers started acting up at one of his client sites, a large auto manufacturer in Michigan. They turned out to be counterfeit, and he has since been campaigning against counterfeit products.

There were visible differences between the counterfeit and the real gear, he says, but only after close inspection. The counterfeit VoIP card had a brand-new box even though the card was 4 years old. He also noticed discrepancies in packaging and labeling.

'The printing on the bar-code label was fuzzy like it'd been printed off a low-quality printer instead of a laser. And its internal packaging was a plastic bag instead of a plastic box like the others,' Rauhauser says.

He contacted the customer who gave him the product, and the customer admitted he bought the cards off eBay. The four good cards came from a reputable seller. The bad card came from TFS Systems, which claims to be a Cisco registered reseller that buys only from Cisco's top-tier distributors. Rauhauser took pictures of the differences in products and called TFS to find how they wound up selling counterfeit product to his client.

'They were ready to pull my leg and tell me I was wrong. So I told them I was going to the FBI,' Rauhauser says. 'Then they asked me to box it up again, keep it pristine and they'll get me my money. I'm sure they sold it again on eBay right after they got it.'
A column Handorf wrote on May 28, 2008 called "Real VoIPsploits: Helping to Introduce Your Local SWAT Team" addressed "Caller ID spoofing."
"This isn’t new stuff; traditional PBX’s have been spoofing phone numbers for a very long time. This is evident in when you get a phone call from most organizations and the number comes up as a 1800, or the like. However, there are services out on the Internet that sell caller ID spoofing to anyone who is willing to pay.

So what? What’s the worse that can happen? You can ask the people who were victimized by the latest mischievous pranks, often called SWATing. If you guess that this social engineering hack involves law enforcement, you’re right. Recently, a ring of phone hackers (phreakers) used services that allow you change your caller ID over the Internet to terrorize some of their peers and total strangers. They would call the police and emergency communications centers with a spoofed caller ID pretending to be a crazed person who has hostages. As you can imagine the result is the local SWAT team ready to siege and apprehend the suspect. Fortunately, no one seems to have been hurt and the most of the perpetrators were apprehended, but this is still ongoing.
Russell Handorf joins FBI in 2009, after serving on Philadelphia InfraGard Board of Directors

According to a profile of Handorf at zoominfo.com, he earned a PhD for Information Assurance and a Masters degree for Information Security at Drexel University's Goodwin College."

A bio at SecureWorldExpo.com adds, "Russell Handorf works for the Philadelphia office of the Federal Bureau of Investigation on the Cyber Squad. In his 'pre-FBI' years, he worked as a Senior Security Analyst for the Federal Reserve Bank of Philadelphia and NASDAQ-OMX-PHLX. Before this he consulted for the US Federal and State Governments, companies and educational institutions where he performed security audits and assessments of their clients, infrastructure and networks. His industry experience started as the CIO and Director of Research and Development for a Philadelphia based wireless broadband solutions provider, ClosedNetworks. He previously served on the Board of Directors for the Philadelphia InfraGard Chapter, initially as Secretary and later Vice President. In his spare time, he is completing his PhD in Information Assurance."

Handorf's list of presentations include the following:
"2008-May SecureWorld Expo Philadelphia, PA

Secure World – Honeypots: A beginners guide for implementation in your production network

Honeypots and Honeynets have often been the tool of researchers and information security experts. However these open source tools have developed to a point in which they can provide protection for your production network and use is no longer restricted to the 'security technophile.' Learn how a proper deployment can alert you to real threats to your company's infrastructure and complement your existing security tool chain.

2007-December Drexel University Philadelphia, PA

Drexel – Wireless Security, Hacking and Forensics Techniques

A two hour presentation was given explaining where the current attackers are focusing their efforts in the wireless space. Security defense and countermeasures were presented and demonstrated. A new wireless hacking attack technique was demonstrated to the audience. After reviewing the new attack vectors, the challenges of conducting forensics in a wireless airspace were conveyed. The contents of a wireless forensics toolkit was explained and demonstrated.

2007-September HTCIA Philadelphia, PA

HTCIA – Wireless Forensics

A non 'Power Point' presentation was given explaining where the current attackers are focusing their efforts in the wireless space. After reviewing the new attack vectors, the challenges of conducting forensics in a wireless airspace were conveyed. The contents of a wireless forensics toolkit was explained. The presentation then began to discuss wireless forensics and security challenges of RFID and Bluetooth.

2007-February InfraGard Collegeville, PA

InfraGard – RFID and Bluetooth, a Hackers Perspective

The presentation was related to new short ranged radio broadcasts; demonstrations included new covert methods of communication and tools that hackers can use for intercepting these radio broadcasts. Discussions were centered around bringing awareness to the security teams of the vulnerabilities and possible solutions to them until the industry resolves inherent weaknesses in these communication protocols.

2006-February InfraGard Collegeville, PA

InfraGard – Wireless and VoIP Security Issues

Presented in summary the latest wireless security issues for implementation and design. Focused the remainder of the lecture on VoIP security issues from system design to the integration into PSTN networks. Demonstrations included a 'Linksys of Doom,' Caller ID spoofing, and call interception.

2005-December West Chester University West Chester, PA

InfraGard – Information Assurance Center

Presented on wireless security issues. Core presentation was participation in a panel regarding how law enforcement interacts with private industry when investigating a case. The audience interacted with the activity of a simulated attack. It covered: what a company should do if breached, rules of evidence in prosecuting a cyber crime, FBI computer forensic processing and procedures, and hacker tricks and motivation.

2005-October Lehigh Valley Chapter of Certified Fraud Examiners Allentown, PA

Wireless Security and Forensics

Presented on basic wireless security 101 information for Law Enforcement Officers and security professionals. Topics included wireless definitions, technologies, antennas, hacking tools, and a demonstration of a wireless network hack and denial of service attack. A wireless 'doom box' was presented to highlight the attack potentials and possibilities.

2005-April SecureWorld Expo / InfraGard Philadelphia, PA

Wireless Security

Presented on basic wireless security 101 information for Federal Law Enforcement Officers and security professionals. Topics included wireless definitions, technologies, antennas, hacking tools, and a demonstration of a wireless network hack and denial of service attack. A wireless 'doom box' was presented to highlight the attack potentials and possibilities.

2005-January Federal Bureau of Investigation Philadelphia, PA
On November 3, 2010, Handorf addressed the Philadelphia Chapter InfraGard Meeting, as a FBI Computer Scientist, on "Stuxnet & Botnets."

Another bio at bloginfosec.com states, "Mr. Handorf serves on the Board of Directors for the FBI’s Philadelphia InfraGard Chapter, which has more than 800 members locally."
"He has consulted for the US Federal and State Governments, companies and educational institutions where he performed security audits and assessments of their clients, infrastructure and networks. He was CIO and Director of Research and Development for a Philadelphia based wireless broadband solutions provider.

He teaches at Drexel University’s Goodwin College, conducts technical reviews for InfoWorld and serves as net control for the Philadelphia Amateur Radio Emergency Service. He has recently completed a Master of Science degree in Information Security.
A resume at Russell's website - which he stopped updating a few years ago - states that he was a member of the Philadelphia InfraGard chapter since 2004, and joined the Board of Directors in 2006. It also claims Handorf received the following awards: 2007 – Recognition from INMA Board of Directors and FBI for InfraGard service and efforts: "2007 – Recognition letter from Special Agent in Charge of Philadelphia United States Secret Service; 2006 – InfraGard Appreciation Award from Director of the FBI and 2005 – FBI Appreciation Award."

Handorf's LinkedIn resume claims he started working for the FBI as a computer scientist in September of 2009, and that he worked as a Security Consultant from July 2001 to August 2002, but only list "NA" as his place of employment. According to LinkedIn, US Secret Service Special Agent John Toney wrote a recommendation for Handorf on May 1, 2008 which said that Handorf "would make a great Special Agent."

"Russ has been an invaluable member of the Philadelphia Area Electronic Crimes Task Force. His expertise in the field of information security is surpassed only by his willingness to help with any project. Russ is a great resource and sounding board whenever I am facing a new scheme that I can't quite figure out. He would make a great Special Agent"
A June 20, 2012 article for the Philadelphia Inquirer called "Advice for investors from the FBI on how to avoid getting scammed" - written by Erin Arvedlund - included an interview with Handorf.
"If you log in to your bank or brokerage account on a mobile phone, you are most vulnerable, said Russell Handorf of the FBI's Philadelphia field office.

'If you have programs like Skype on your phone — whether an Android or an iPhone — you've allowed that software to tag your location, take pictures of you and whomever you are talking to, and read your calendar, all of which can then be sent to other people,' Handorf said.

Ask yourself if you really need the latest application on your phone, and install anti-malware software for Android, BlackBerry or iPhone. While not foolproof, it's a first line of defense.

Investors can take startlingly easy precautions with usernames and passwords. Do you use the same key for your house, your car and your bike lock? Of course not. Then do the same for your online persona, Handorf added.
At West Chester University's College of Business Affairs Charles (Russ) Handorf M.S. is listed as a Special Agent for the Federal Bureau of Investigation Philadelphia, PA, and he teaches in the Criminal Justice Department.

Forum posting suggests Russell Handorf has been working for FBI since at least 2006

At the LanPartyGoDS.com forum, which is the LAN Portal for PA, NJ, DE, and MD, Russell Handorf posts "funny" videos and other messages still using the name "satanklawz".

Handorf's latest post was on September 28, 2012. On October 9, 2011, the FBI Cyber Squad computer scientist linked to a video of Adolf Hitler speaking while the theme song of the TV show "The Jeffersons" - "Movin On Up" - plays in the background.

But a curious posting from November 13, 2006 suggests Russell Handorf may have been working for the FBI at least three years earlier than his resume claims. In the posting, "satanklawz" claims that he had a car accident - somewhere in "Filthadelphia" - and rear-ended a woman who "freaked out" because he was wearing an FBI hat. After the police arrived, Handorf says he "told one of the officers 'Officer, by law I have to tell you that I have my side arm on my person at the moment. Do you want to see my permit?' To which he responded 'Dont worry, you're white.'"
I got into a car accident this morning. Through a series of complicated events... well not really. A cab driver stopped suddenly to pick someone up, the person I was following who was behind the cab driver screeched to a halt, as did I.... but the woman who was following me either

1). Had a bad reaction time
2). Was distracted
3). Crappy breaks
4). Combination of 1 2 and 3
So Ghetto beamer 2.0 is in progress. Just a minor fender bender.

Well, anyways, I get out and she freaks out because I have my FBI hat on. I call the cops and they show up. When they do, I told one of the officers "Officer, by law I have to tell you that I have my side arm on my person at the moment. Do you want to see my permit?" To which he responded "Dont worry, you're white." Well, anyways, long story short the cop said it was her fault, as it is, and now I have some interesting dimples in my bumper.

Meh, Filthadelphia

At his Facebook account, Adrian Lamo admits being "friends" with FBI Cyber Squad computer scientist Russell Handorf, but doesn't think it's newsworthy, even though the revelation that he became an unpaid informant for Army CID - for about a year after speaking to Bradley Manning starting in July of 2010 - didn't occur until December of 2011. Lamo also often corrects people on Twitter - and made an edit to his own Wikipedia account [which I'll expand upon in a future article] - when they say he informed for the FBI.

"I and the FBI wanted to continue feeding him disinformation," Adrian Lamo told Elinor Mills in a story published on June 7, 2010 at CNET.com, but he refuses to explain what that means, as well, since it more than suggests he fed Manning "disinformation" during his chats.

"Speaking of Ron, oh shit! the conspiracy unravels even further with the revelation that ... I have friends? Who knew! Diabolical of me.

I wonder why Russ wouldn't return a request for comment from this completely stable and not-at-all hilarious guy. *broad, puzzled shrug*

Project Vigilant Intelligence Directorate James Smith - who no one has ever reported works with the group, to my knowledge - left a few comments on Lamo's thread, which are similar to absurd tweets by PV's director Chet Uber, that I'm not reporting anything "new": "he is just re writing news that's already out their. (Well some of it I guess) The other half is just bullshit."

"It's like a conspiracy theory /w no actual conspiracy," Lamo agrees. "All the ingredients are there, but it's like he forgot to add flour before popping it in the oven."

I asked Adrian Lamo on Twitter if he contacted his FBI "friend" in May of 2010 after he started speaking to Bradley Manning, and I will update this article, if he actually answers a question seriously, which he hasn't yet. And I'd also like to know if Lamo knows exactly when Russell Handorf joined the FBI, since it may have been 2006 or earlier, and not 2009 as he notes elsewhere on the web.

Meanwhile, Neal Rauhauser - who claims he has no ties anymore to Project Vigilant - thinks I should accept Chet Uber "offer" to let Adrian Lamo "interview" me for a news site PV is allegedly launching.

"Mr. Ron Brynaert, on behalf of the ProjectVIGILANT News Agency we would like to interview you. Response?," Uber tweeted. "@6 @attritionorg Could you please repeat the offer to Mr. Brynaert as despite my apology he has blocked me. The reporter would be Mr. Lamo."

Uber also tweeted: "I am totally enjoying reading the saga of Ron Brynaert up to 15,000, nothing new. It is amazing how time and total disorder create nada," and "@6 Why is it that Ron Brynaert continues to post things that are all public knowledge in a rambling mad method but refuses an interview?"

Then Uber tweeted something to the effect that Project Vigilant is still watching me, which is similar to scary tweets sent by another member of the secretive group to Barrett Brown, as I will be reporting in a future article: "For all those that believe that you can hide by blocking someone after you yourself have month long tirades tell @ronbryn we still watch him."

If Lamo, Uber and Rauhauser start giving me serious answers to serious questions I will agree to an interview, even though I know Adrian will try to turn the tables on me to grill me on absurd lawsuits, ridiculous criminal accusations and smears by right wing bloggers. Lamo also probably will ask me about an attempt by my former employer, RAW STORY, to prevent me from reporting on them, after they ducked questions about private information - and smears - they apparently told Neal Rauhauser and their links to convicted bomber Brett Kimberlin.

Perhaps Project Vigilant intends to test out a Voice Stress Analyzer program which Chet Uber bid on at fbo.gov for a Bureau of Prisons facility. The request is specifically from "a Federal Correctional Institution (FCI) in Berlin, New Hampshire", which "is a medium security facility housing male offenders," who "require[] an investigative tool, that is an analytical software system capable of passively analyzing an inmate's verbal response, in order to detect lying, stress and/or deception."
"FCI Berlin requires an investigative tool, that is an analytical software system capable of passively analyzing an inmate's verbal response, in order to detect lying, stress and/or deception. This is done independent of the inmate's spoken language, in either a live or record mode, and without any equipment being attached to the inmate. This software is functionally similar to a Lie Detector system, but without the need for hardware and certified expert operators. Training will be required and at least 1 year of support."
Even so, I'm game - that is - if the Project Vigilant trio first answer half of the hundred or so questions they've dodged for nearly 16 months.

1 comment:

Anonymous said...

Wow, so this is what real journalism looks like.