Hellfirez
pchelp
Has anyone noticed that Hellfirez went scarce immediately following the
posting of information suggesting he was in Lockdown's employ as of
sometime last year?
Notable too is the fact that that same info has disappeared from the
Website and from the Google cache.
As is the fact that he has been absent during the mailbomb attack.
Now, an email from a friend has provided some interesting correlations.
The name Gavin Holmes is associated with Hellfirez in a number of
locations on the Web.
There is also a _possible_ association with the product/company found at
this URL:
http://www.languard.com/languard/lanscan.htm
This product _may possibly_ relate to or descend from the "NetSnooper
Gold" formerly promoted by Hellfirez. In its present form it has
definite applications as a cracking tool. It's well suited to locating
vulnerable shares and other exploitable aspects of remote systems and
includes something I've not seen before in any legitimate security-audit
tool: "Support for sending spoofed messages (social engineering)".
===
I believe in exposing bad actors. It's often the most effective way to
reduce their capacity to cause harm. I would like to ask that others do
as I am doing: Without wasting inordinate time in the effort, let's try
to find out what we can about these characters. Some genuine
investigation is called-for at this point. Follow up some clues,
contact people who might know answers, put together a picture that makes
sense, which allows us to make well-supported statements about the
activities, connections and identities of those involved.
Meanwhile, BTW, speculation without strong basis should be clearly
labeled as such or confined to email.
pchelp
abujamal
Hash: RIPEMD160
Salaam!
pchelp wrote:
> Has anyone noticed that Hellfirez went scarce immediately
> following the posting of information suggesting he was in
> Lockdown's employ as of sometime last year?
Yup. Didja notice that Paris didn't deny it? That tells me that
if we can identify the punk and you get Paris' employment records in
discovery in the federal case, you might have something. That's a
surprise.
My first take was that a connection was possible, probably even
likely, but would be impossible to establish. I figured Paris for
more sense than to deploy an agent who would expose himself. But
SilenceGold admitted that Hellfirez' motivation was Wayne's review of
Lockdown2000 and Paris' "business" practices, and while Paris denied
everything else, he did NOT deny the surprising news of Hellfirez'
December 2000 move to Lockdown. Of course if he did, and then we
managed to prove a connection, then Paris would be toast in federal
court -- which means to me, again, that Paris knows that we can
establish such a connection if we can figure out where to look.
> Notable too is the fact that that same info has disappeared
> from the Website and from the Google cache.
Too late. What was dangerous to them there was the raw
information. You're not a police agency that has to establish
probable cause and get a warrant, you can investigate wherever you
want, and you can give the results to the proper authorities and they
can use whatever you give them, there are no Constitutional
restraints on private citizens.
> As is the fact that he has been absent during the mailbomb attack.
Only apparently, I think. Of course he may have lost interest, or
he may be working on another "review," or he may be taking a vacation
in South America for the duration of the litigation. What would
Paris do -- fire him and alienate him? A Hellfirez NOT connected
with Paris would be on here shouting it, don't you think?
Inductive, always inductive. Look beyond the forest and the tree
of interest stands out like a sore thumb, it doesn't fit. You can't
take inductive reasoning to court, but it can sure show you stuff
that you can.
> Now, an email from a friend has provided some interesting
> correlations. The name Gavin Holmes is associated with
> Hellfirez in a number of locations on the Web. There is
> also a _possible_ association with the product/company
> found at this URL:
> http://www.languard.com/languard/lanscan.htm
LOL! That's enough, I think, your attorneys can ask
what's-his-name about Gavin Holmes and any formal or informal
connection with his clients. Web hosting of any variety can also be
considered as a "payment in kind." It's a binary proposition, yes or
no, and any kind of a "yes" means it's almost show time.
> This product _may possibly_ relate to or descend from the
> "NetSnooper Gold" formerly promoted by Hellfirez. In its
> present form it has definite applications as a cracking tool.
> It's well suited to locating vulnerable shares and other
> exploitable aspects of remote systems and includes something
> I've not seen before in any legitimate security-audit tool:
> "Support for sending spoofed messages (social engineering)".
LOL!
> I believe in exposing bad actors.
I like it when they expose themselves.
> It's often the most effective way to reduce their capacity to
> cause harm. I would like to ask that others do as I am doing:
> Without wasting inordinate time in the effort, let's try to
> find out what we can about these characters. Some genuine
> investigation is called-for at this point. Follow up some
> clues, contact people who might know answers, put together a
> picture that makes sense, which allows us to make well-supported
> statements about the activities, connections and identities of
> those involved.
I like that, but I'm ill-equipped for that, I'm not up to speed on
tracking this stuff, let alone tracking it on the Web, despite
Network Tracer that I like so much. You're much better at it, and
whatever information I have that you can use, please let me know what
I'm looking for. It shouldn't take too many people much time, those
who have an inkling of what they're doing, to pick up the necessary
information, and you can put it all together for another page on your
website and -- just possibly -- your attorneys.
> Meanwhile, BTW, speculation without strong basis should
> be clearly labeled as such or confined to email.
Any given set of facts can suggest conclusions. It is a fact that
someone said that Hellfirez joined Lockdown last year. It is not
necessarily a fact that he did, but the fact that the post vanished
immediately after being re-published here is another fact from which
anyone may draw the reasonable conclusion that *someone* caused it to
disappear for a reason.
In other words, it is not dangerous to observe a set of facts and
openly draw conclusions from them. Whether those facts *compel* that
conclusion is for an attorney to determine -- laymen can't be
expected to have the necessary legal expertise to apply the Rules of
Evidence to determine whether the conclusion is actually *proven* by
those facts, their apparent significance is sufficient. To say that
this fact or that fact does or does not *compel* a conclusion looks
like a practice of law to me, and I'm sure we don't want to be guilty
of any unauthorized practice of law, it's illegal.
So I can conclude that Paris had his employee Hellfirez set up a
team of Sub Seven crew members to spam this newsgroup attacking
Wayne, on the basis of the facts that we already have. Let the
lawyers decide whether those facts compel such a conclusion, it seems
reasonable to me from what I've seen. Do I say Paris did that? No
- -- I say that the facts that we have say that. Whether they say it
loud enough to be heard in court is not my bailiwick, I'm not
licensed to practice law.
Like I've said before -- he's a con man. Scru'im.
> pchelp
was-salaam,
abujamal
- --
PCHelpers: Putting the "Personal" into "Personal Computers"
and closing the door on the tyranny of ignorance.
PCHelpers International: http://www.pchelpers.org/
news://news.pchelponline.org mailto:pche...@pchelpers.org
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: Unpublished key by intent of signer
iQEVAwUBOudNvtbWRcYTlnfrAQM/uwgAy3yFDB9gRFKygB5/3wKKqktNjPrXnNeM
UVYv1pwWBPlTRHMZV51A6y2uBBOMgLSjaalAlSk1Zbn6/+6dC0WwrwH4Bb4Sv06F
TbgGAg6HQP7QZM5HyB3/a2UzxAlbKy0dHpVRwJ9SOyx9okJlPfTn9YgmEwEZYd6g
EC25IPoVVv2U0UgrHMZ4J741eNs32c8MzlN93d0HBzScdRm058w90wYoZPdBwCfv
DaqdMAN6cQRmtPwv7MplaD6reo4TrIMIB7UN9uSi3koU5S9ceamoITeJb53wuyJr
mfQ7FTmsB0IDsAzAijcEHTtwPew5G4dcluoSAaI+owmhol8QMxHobQ==
=h9kn
-----END PGP SIGNATURE-----
abujamal
Hash: RIPEMD160
Salaam!
pchelp wrote:
> Without wasting inordinate time in the effort, let's try to
> find out what we can about these characters.
Here ... ZAP logs, you know the format. Notice I'm on a dynamic
IP with a considerable range. I change every few hours or at whim, I
don't think these kids could come after me anyway, they're not very
impressive. But maybe there's something here ... all of these are
FWIN,2001/ and -7:00 GMT, which portions of the lines I've removed:
04/20,19:30:01,208.24.179.201:0,63.50.124.227:0,ICMP
(type:8/subtype:0)
04/21,02:46:53,202.107.212.76:4550,63.50.124.227:111,TCP (flags:S)
04/21,12:00:59,203.149.173.180:3583,63.22.231.192:53,TCP (flags:S)
04/21,13:15:07,202.96.154.34:1108,63.22.231.192:111,TCP (flags:S)
04/21,14:32:17,216.201.181.59:3059,63.22.231.192:53,TCP (flags:S)
04/21,14:41:17,64.6.243.42:12852,63.22.231.192:16289,TCP (flags:AR)
04/21,15:04:04,64.6.243.42:5428,63.22.231.192:24225,TCP (flags:AR)
04/21,19:30:38,210.209.13.210:3663,63.22.231.192:111,TCP (flags:S)
04/21,19:42:46,211.119.65.34:1514,63.22.231.192:555,TCP (flags:S)
04/21,23:38:07,209.181.107.201:1886,168.191.239.209:111,TCP (flags:S)
04/22,09:18:39,12.14.200.2:3816,38.28.190.89:111,TCP (flags:S)
04/22,15:07:45,210.93.218.49:4338,63.50.124.231:111,TCP (flags:S)
04/22,15:34:16,63.216.196.194:137,63.50.124.231:137,UDP
04/22,15:53:09,210.152.231.11:4016,63.50.124.231:110,TCP (flags:S)
04/22,16:53:26,211.185.134.130:1220,63.50.124.231:111,TCP (flags:S)
04/22,17:10:58,163.178.106.130:1653,63.50.124.231:53,TCP (flags:S)
04/22,17:38:02,24.69.122.252:2464,63.50.124.231:53,TCP (flags:S)
04/22,17:39:59,208.7.37.250:80,63.50.124.231:1321,TCP (flags:A)
04/22,17:44:56,211.220.193.234:4638,63.50.124.231:111,TCP (flags:S)
04/22,17:48:31,195.55.201.56:3770,63.50.124.231:53,TCP (flags:S)
04/22,17:54:53,207.71.92.193:119,63.50.124.231:1314,TCP (flags:AP)
04/22,18:11:48,210.209.13.210:2781,63.50.124.231:111,TCP (flags:S)
04/22,21:34:20,211.38.46.231:2798,63.50.124.231:53,TCP (flags:S)
04/23,15:42:05,210.205.87.128:2448,63.22.231.236:111,TCP (flags:S)
04/25,01:36:57,206.205.246.128:2139,63.50.124.215:23,TCP (flags:S)
04/25,04:16:17,198.111.177.151:3034,63.50.124.215:111,TCP (flags:S)
04/25,09:54:21,12.46.89.13:137,63.50.124.215:137,UDP
04/25,11:45:47,207.71.92.193:80,63.50.124.215:1808,TCP (flags:R)
04/25,11:45:47,207.71.92.193:80,63.50.124.215:1805,TCP (flags:R)
04/25,11:45:47,207.71.92.193:80,63.50.124.215:1807,TCP (flags:R)
04/25,13:34:03,24.29.195.46:1975,63.24.110.12:111,TCP (flags:S)
Like I've said before -- he's a con man. Scru'im.
> pchelp
was-salaam,
abujamal
- --
PCHelpers: Putting the "Personal" into "Personal Computers"
and closing the door on the tyranny of ignorance.
PCHelpers International: http://www.pchelpers.org/
news://news.pchelponline.org mailto:pche...@pchelpers.org
-----BEGIN PGP SIGNATURE-----
Version: 6.5.8ckt http://www.ipgpp.com/
Comment: Unpublished key by intent of signer
iQEVAwUBOudRRNbWRcYTlnfrAQNLXAgAv1M+OHRHDG+HjMRWOVVyPUuSYVdbJ1jq
d9rrRfQx6YXQceOiu/t+q+lXiFnfH6OoTVFew9YcvAgvlEP/nceICOXoRhL5YxKP
xLelDZDA0/eDOBbHo/crgJftqKfxVJEJtxrXOnlpqMxqKgZ5rQQmm4hoQJKG3P10
Xg/wnmKbEUOMTZKfO2ZNZjDnMtIWlyNcHI3JBWpHntHWTKs1vlG2Z08s6a+5qd2O
yPbWuTDHYLIkVP2pIbGKrng890+I+XtS/Uwo1Hi5elJ26xrN1ZlsT3G911NQ0jdW
oJ9UhBgXOxrOkOuzC+fP0U606dVidVTS+46csp1ZeErONEQ70qnB+Q==
=WVEX
-----END PGP SIGNATURE-----
Jamie M
> "pchelp" wrote...
>
> <...>
>> Now, an email from a friend has provided some interesting
>> correlations. The name Gavin Holmes is associated with Hellfirez in a
>> number of locations on the Web.
>
>
> =======================================================
> Monday 07/03/2000 8:24:15pm
> Name: HeLLfiReZ that Evil Unca Dude
> E-Mail: hellf...@yahoo.com
> Homepage Title: SubSeven IRC
> Homepage URL: http://websites.ntl.com/~gavin.holmes/
> Referred By: From a Friend
> Location: UK
> Comments: nice site but theres only one thing missing subseven.zip
> :)))))) =======================================================
>
>
> At page 2 of 13,
> http://mars.guestworld.tripod.lycos.com/wgb/wgbview.dbm?owner=KathysFrie
> nds
>
> The ntl homepage returns "Not Found".
> Note Location - ntl: is a UK ISP.
>
>
Nice work. http://websites.ntl.com/~gavin.holmes/ obviously means either
him or his dad (depending on his age) is called gavin holmes. NTL are a
telephone company aswell and you have to be with them I believe to be able
to be with the isp ntl, and their login name (and webspace) would be the
person's name that was registered. But then again I guess that was
obvious.
Jamie
reader
<...>
> Now, an email from a friend has provided some interesting correlations.
> The name Gavin Holmes is associated with Hellfirez in a number of
> locations on the Web.
reader
<...>
> Nice work. http://websites.ntl.com/~gavin.holmes/ obviously means either
> him or his dad (depending on his age) is called gavin holmes. NTL are a
> telephone company aswell and you have to be with them I believe to be able
> to be with the isp ntl, and their login name (and webspace) would be the
> person's name that was registered. But then again I guess that was
> obvious.
How about he lives near Grimsby:
http://www.grimsby-online.co.uk/articles/viewpoint/article021.html
Jamie M
> "reader" <rea...@yghtjjdsb.com> wrote in <FFjogLez...@colossus.SMG>:
>
>> http://www.grimsby-online.co.uk/articles/viewpoint/article021.html
>
> Oooh neat.
>
> How about an ICQ number?
>
> ICQ: 8781589
> Nickname: HeLLfiReZ
> Homepage: http://sub7crew.org
>
>
> Jamie
>
According to the ICQ info his birth date was 30 Jan 66. Of course you dont
have to tell the truth there or anything, but interesting nontheless.
Jamie
Jamie M
abujamal
pchelp wrote:
> That fits his claim that he's 35. Likely to be true therefore.
Rather aged dunderhead. One would think he'd found a life by now,
but apparently not.
> pchelp
was-salaam,
abujamal