======================================================================== Exposing Eric “Loki” Hines and Fate Labs. I am an ex-member of ‘Fate Labs’, as such I feel I can give you some incites into the fraudulent activities of their ‘founder’ Eric “Loki” Hines. Eric Hines solicited a well known Web defacer who was a member of the defacement group known as the “World of Hell” to join Fate Labs; this member was known as “[RaFa]” whom was appointed to the position of the “Senior Research Scientist” for Fate Labs in 2001 by Eric Hines. This is rather contradictory considering “Fate Labs” is a collection of Internet security professionals according to the Fate Labs Web page. “[RaFa]” title as the “Senior Research Scientist” for Fate Labs can be seen in an article from ZDnet http://news.zdnet.co.uk/story/0,,t269-s2094091,00.html This relationship caused trouble for Fate Labs when “[RaFa]” defaced a company’s website that lost employees in the attacks on the World Trade Center with a clueless speech about ‘anti-terrorism’ this was done with his group known as “The Dispatchers” whose Mission was to target “terrorists everywhere”. Ironic A news article was written about “[RaFa]”’s mistake in defacing the Web site of a victim of terrorism. http://www.intellnet.org/news/2001/09/17/6801-1.html In order to distance him from the bad publicity now thrown at Fate Labs because of “[RaFa]” Mr. Hines immediately posted a press release on Fate Labs Web page saying “[RaFa]” had been dismissed from Fate Labs. This was not the truth. Mr. Hines introduced a ‘new” member to Fate Labs whom he claimed worked on the ‘Peek-a-booty’ program with the “cDc” three days after the press release. This in fact was “[RaFa]” using a different nickname! Eric Hines also claims to work with NIPC and the F.B.I helping in the apprehension and convictions of computer hackers according to his profile listed at: http://www.fatelabs.com/management.php A log of a conversation between “[RaFa]” and Eric “Loki” Hines appeared on a Web site which occurred on the IRC Server at irc.fatelabs.com it can be seen at: http://www.pasarelaip.com/hemeroteca/ITnews20011002.htm the FBI wanted me to setup a trap for you that I Wouldnt paricipate in <[RaFa]> so feds were asking you about me? dood they wanted me to aid them in your arrest instead of getting upset with me for something you thought i did towards you was me actually helping you out well i could tell that it wasnt your environment, I wish you the best. I just see an enormous talent you in and dont want to see you make any mistakes I know, but you arent outside the jurrisdiction of INTERPOL Thats who has been hounding me about you That PR is what saved any agents requesting more information on you i dont know exactly whats going on but i urge you to remain low.. you have some problems right now that i think are bigger than you understand <[RaFa]> uhmm ok.. they are linking you with a bunch of shit.. all i can say is to really be careful, separate yourself from all that other bullshit i just worrya bout you like a brother <[RaFa]> ok I will <[RaFa]> Dispatcher = dead <[RaFa]> don't worry <[RaFa]> and <[RaFa]> logos4u = dead anyways, i spoke to Jak.. so i know about that i was getting emails from their cybercrime division i trashed it immediately, i received a phone call from their Washington DC office as a followup i didnt want it in my inbox they dont know anything about you, their only link to you was Fate Labs thats the point for the PR I wonder what Mr. Hines colleagues at the F.B.I and the NIPC would think about the fact he is telling a wanted computer criminal that he has received communication requesting assistance in his capture? Especially since he also appears to conspire to help “[RaFa]” elude them? Fate Labs as a security research forum: Eric Hines cannot write code in any programming language, therefore he relies on help from other programmers he has recruited into Fate Labs (See the new recruitment campaign listed on the front page of www.fatelabs.com ) in order to further boost his career as a “Security Professional”. In his above mentioned profile on www.fatelabs.com the following snippet is listed: “He [Eric Hines] continues to be a driving force in continued advancements of new security technology and vulnerability research.” In March 2000 nearly all of the programmers left Fate Labs because of their frustrations with Eric. This affected Fate Labs operations severely, leaving an almost two year gap in Fate Labs research with no security advisories issued between 12/05/2000 through 08/05/2002. If Eric is such a driving force why so long without any new advisories? There is an advisory that is not listed on www.fatelabs.com which was released late into 2001, why doesn’t Fate Labs mention this on their current advisory list? This advisory was released as F8-DLINK20010906. The vulnerability was found by one of Fate Labs research team, when he tested his own D-Link Dl-704 Cable/DSL Internet Gateway, unfortunately he was not running the latest firmware for the device and to Fate Labs embarrassment found a denial of service vulnerability that had already been addressed and fixed in the latest vendor firmware. As mentioned Eric Hines cannot write code, and he could not find anyone to write this code for his advisory so he claimed that Fate Labs did not write code for the advisory because it would be a waste of time, and suggested people use “hping2” or “Jolt.c” to recreate the condition as seen in: http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0102.html In that advisory he also attacks the people behind anti-security movement, these people in turn pointed out how useless his advisory was, and made fun of his claim that he would “Squash their movement” made in Fate Labs Advisory F8-DLINK20010906 How can someone who cannot write and therefore audit source code claim to be a vulnerability researcher, a penetration tester and an open disclosure contributor? Along with his claims of working with NIPC and the F.B.I he also lists himself as being a Department of Defense contractor and claims that Fate Labs has the Top Secret clearance required to audit DoD networks. This is not true, they have no such clearance. Furthermore if he did, can we trust someone who has assisted a known “script kiddie” to escape justice to work with the U.S Military and the U.S government in securing their infrastructure? Eric Hines also claims on his Fate Labs webpage to have worked in the Security Industry for Ten years, however he is only twenty three, are we to believe that not only in Ten years he has not been able to learn a programming language, but that he has been working with companies since the tender age of thirteen helping them secure their infrastructure? His recent “shoutcast” advisory (http://www.fatelabs.com/advisories/shoutcast-advisory.txt) was a complete farce; even the vendors did not take it seriously. However he was recently quoted by “Wired Magazine” telling them he was not afraid of “Black Hat” reprisals when he releases his exploits: http://www.wired.com/news/culture/0,1284,54400,00.html “But Hines said the constant threats he receives from angry black hats will not frighten Fate Research Labs into sitting on vulnerabilities it discovers. “ Looking at the caliber of Eric Hines research and vulnerabilities since he lost his complete programming staff you have to ask if the “Black Hats” are intimidated by an already patched Denail of service attack vulnerability on a home Cable/DSL router and a “retrieve password locally” attack on “ShoutCast” multimedia daemon? I apologize for the length of this rant; however the “Internet Security” frauds amongst us have to be exposed.