Twitter exploded last night with news that the self-proclaimed world’s #1 hacker’s email and Twitter accounts were compromised. Personally, the amount of time that good people spend feeding that troll annoys me. Which is why I’m not mentioning his name. Why give him any more SEO points for acting poorly? Since the beginning of time there have been charlatans, shysters, and frauds; this guy is no different. Major media outlets are too dumb and lazy to do the work required to vet their experts, so they respond to his consistent PR efforts. Whatever.
But let’s deal with the situation at hand because it’s important. First off, if you bait a lion, you shouldn’t be surprised when you get eaten. Tell me you were surprised when Roy got mauled by his white tiger. I was more surprised it took that long. In other words, live by the sword, die by the sword. And clearly that is the case here.
Now there are 4gb of email and other sensitive files in the wild, and this guy’s closet will be opened for all to see. And there are skeletons in there. To be clear, this is wrong. The attackers are breaking the law, but it’s hard to feel bad for the victim. His sophomoric threats, frivolous lawsuits, and intimidation games probably worked OK in the schoolyard, but in the real world – not so much. It’s your bed, now you get to sleep in it.
Second, if you know you are a target, why would you leave a huge amount of sensitive documents in an email store on a publicly accessible server? I read a Tweet that said his email was at GoDaddy. Really? And isn’t the first rule of email that it’s not a file store? I know we all probably violate that dictum from time to time, but to have financial records, account numbers, and legal filings in your email box? Come on, now! Basically, I suspect there is stuff there that could put our victim in the big house for a long time. Again, you made the bed, now sleep in it.
We take ridiculous security precautions for a 3-person company. It’s actually a huge pain in the ass. And we are fully cognizant that at some point we will likely be breached. Crap, if it can happen to Kaminsky it can happen to us. So we don’t do stupid things. Too often. And that really is the lesson here. Everyone can be breached, even the world’s #1 hacker.
Reader interactions
2 Replies to “You Made Your Bed, Now Sleep in It”
@Loner,
You are assuming that any of these reporters actually look before they talk to an expert. I’m sure some do. But a lot don’t. They are all under so much pressure to crank stuff out, they go with whatever is in front of them. And that’s what happened.
The system is broken, and not just the media system. SEO is busted too. Which is why it’s actually of benefit to him to squat on folks names (like Errata and others) with domain sites saying how great he is. The unfortunate truth is that these tactics work. And until they don’t, this guy won’t be the last charlatan we run into.
I also agree that it’s awesome that so many folks stepped up to deflate this shyster and show that stealing other folks ideas and trying to rule by intimidation and lawsuits don’t work. But alas, I believe the folks at attrition.org will be busy for a long time to come. There is lots of snake oil in this business, so we aren’t close to finished.
Mike.
Normally I would agree that most charlatans are not worth the time. This particular one is an exception, for me. He actively stains the profession (for a couple years now) and insists on putting his face on television, news, and so on. And really, all for penny stock income (i.e. fraud), not security business. In my non-legal opinion, he’s breaking laws and milking a broken system (both the “media sources database” as well as online penny stock shenanigans). Sadly, I really think this guy is delusional and has spouted off his own fraudulent rhetoric so much that he drinks his own kool-aid and probably truly believes he’s more of a security expert than anyone else.
I don’t agree with his personal information being hacked and divulged, on a professional level. On a “hacker” level, more power to whomever did it.
But here’s some progress! A year ago, Google searches on this guy’s name and company would reveal nothing but the automatic news-sharing of the penny stock/press release world; nothing obviously amiss at all (beyond the thin veil of lies). Today, Google searches pull up attrition.org and other blogs basically outing this guy and hopefully keeping couch-investors from being had.
The only next step, in my little world, is to get that information into the news media sources databases (Lexis Nexis?) so anytime he asks for airtime, his entries in there tell the journos to stay away and move on.