By Netta Gilboa
* The WELL was sold and is no longer owned by the good folks who publish Whole Earth Review.
* Cliff Figallo told us that root had been obtained on the WELL once before in the late 1980's
* Both WELL crackers interviewed last issue read the article and got word to us that they were happy with it.
* Two other WELL crackers got in touch to say they liked the article as well and to tell me additional details in confidence. A third got in touch to say I missed the whole point. He declined to elaborate.
* Yet another of the WELL crackers got in touch with me and we met to talk. He taught me a life lesson that one should never say never. There is always a chance that if people make the effort to communicate they will see another viewpoint. I had misjudged him.
* An excellent article called "Non-malicious Hacking In The United States" by Sarah Gordon appeared on the Internet break-ins (including the WELL) in the February 1994 issue of Secure Computing. It included extensive quotes from several other WELL crackers. It is worth tracking down.
* A system administrator got in touch to say that the WELL forwarded copies if our stolen mail to him (!!!) and to other sites in an effort to alert them to other intrusions. This is unconscionable on the WELL's part and seems to violate our privacy more than the crackers did. It reminds us of rape victims who get raped once by the assailant and then again by the court system.
* Two weeks after the article appeared in stores someone on IRC was bragging about another WELL break-in. We continue to hear about hundreds of sites being penetrated. Again, there is nothing particularly unusual about the WELL.
* In late May 1994, I went to visit a hacker and logged into my WELL account from his home in the presence of two other hackers. I saw him cat my files to his account and type something else. I knew he had done something but did not have the technical knowledge to understand he had placed a file in my account (.rhosts) which allowed anyone from any site to access my WELL account without use of a password. After he went to sleep I called the WELL and left a message on their answering machine saying that I had logged into my account in the presence of three hackers and thought they had done something to it and to please change my password and snail me a new password. The WELL ignored the phone message because it is their policy to talk to users voice (as if they know the voices of 7000+ users). They did try to reach me but as I explained on their answering machine I was away on the road for eleven days. I finally returned home eleven days later and heard the message that nothing had been done. I called them immediately and the person who answered the phone informed me that the WELL had a policy against snail mailing passwords to people even when the user informed them their phone is being tapped by a hacker (!). The same employee also told me he saw no need to look at my account. Over the next few days I noticed my WELL mail from certain people (involving the most "elite" hackers and things that would potentially bring us articles or revenue) was being deleted before I saw it. Something made me look at my files. I noticed the .rhosts file by the date attached to its creation. I deleted the file and changed my password. I then called the WELL and they acknowledged there was suspicious activity in my account visible with Super User status. The WELL did nothing to stop the mail from being deleted and sent me mail saying they guessed I was going to be a target. I hope that if I am going to be a target they will help me keep an eye on my account if I ever have to call them from the road again.
* In mid-July 1994 a post was made to alt.2600 by Kevin Mitnick which appeared to be made from a WELL account owned by computer security expert Winn Schwartau. We asked Winn about this post and his comment was "I don't even have a WELL account, so my opinion of their security... do I need say it?"