========================================================================
Exposing Eric Loki Hines and Fate Labs.

I am an ex-member of Fate Labs, as such I feel I can give you some incites 
into the fraudulent activities of their founder Eric Loki Hines.

Eric Hines solicited a well known Web defacer who was a member of the 
defacement group known as the World of Hell to join Fate Labs; this member 
was known as [RaFa] whom was appointed to the position of the Senior 
Research Scientist for Fate Labs in 2001 by Eric Hines.
This is rather contradictory considering Fate Labs is a collection of 
Internet security professionals according to the Fate Labs Web page.

[RaFa] title as the Senior Research Scientist for Fate Labs can be seen 
in an article from ZDnet
http://news.zdnet.co.uk/story/0,,t269-s2094091,00.html

This relationship caused trouble for Fate Labs when [RaFa] defaced a 
companys website that lost employees in the attacks on the World Trade 
Center with a clueless speech about anti-terrorism this was done with his 
group known as The Dispatchers whose Mission was to target terrorists 
everywhere. Ironic

A news article was written about [RaFa]s mistake in defacing the Web site 
of a victim of terrorism.
http://www.intellnet.org/news/2001/09/17/6801-1.html

In order to distance him from the bad publicity now thrown at Fate Labs 
because of [RaFa] Mr. Hines immediately posted a press release on Fate 
Labs Web page saying [RaFa] had been dismissed from Fate Labs.
This was not the truth.
Mr. Hines introduced a new member to Fate Labs whom he claimed worked on 
the Peek-a-booty program with the cDc three days after the press 
release.
This in fact was [RaFa] using a different nickname!

Eric Hines also claims to work with NIPC and the F.B.I helping in the 
apprehension and convictions of computer hackers according to his profile 
listed at:
http://www.fatelabs.com/management.php

A log of a conversation between [RaFa] and Eric Loki Hines appeared on a 
Web site which occurred on the IRC Server at irc.fatelabs.com it can be seen 
at:
http://www.pasarelaip.com/hemeroteca/ITnews20011002.htm

<Loki> the FBI wanted me to setup a trap for you that I Wouldnt paricipate 
in
<[RaFa]> so feds were asking you about me?
<Loki> dood they wanted me to aid them in your arrest
<Loki> instead of getting upset with me for something you thought i did 
towards you was me actually helping you out
<Loki> well i could tell that it wasnt your environment, I wish you the 
best. I just see an enormous talent you in and dont want to see you make any 
mistakes
<Loki> I know, but you arent outside the jurrisdiction of INTERPOL
<Loki> Thats who has been hounding me about you
<Loki> That PR is what saved any agents requesting more information on you
<Loki> i dont know exactly whats going on but i urge you to remain low.. you 
have some problems right now that i think are bigger than you understand
<[RaFa]> uhmm ok..
<Loki> they are linking you with a bunch of shit.. all i can say is to 
really be careful, separate yourself from all that other bullshit
<Loki> i just worrya bout you like a brother
<[RaFa]> ok I will
<[RaFa]> Dispatcher = dead
<[RaFa]> don't worry
<[RaFa]> and
<[RaFa]> logos4u = dead
<Loki> anyways, i spoke to Jak.. so i know about that
<Loki> i was getting emails from their cybercrime division
<Loki> i trashed it immediately, i received a phone call from their 
Washington DC office as a followup
<Loki> i didnt want it in my inbox
<Loki> they dont know anything about you, their only link to you was Fate 
Labs
<Loki> thats the point for the PR

I wonder what Mr. Hines colleagues at the F.B.I and the NIPC would think 
about the fact he is telling a wanted computer criminal that he has received 
communication requesting assistance in his capture? Especially since he also 
appears to conspire to help [RaFa] elude them?


Fate Labs as a security research forum:

Eric Hines cannot write code in any programming language, therefore he 
relies on help from other programmers he has recruited into Fate Labs (See 
the new recruitment campaign listed on the front page of www.fatelabs.com ) 
in order to further boost his career as a Security Professional.


In his above mentioned profile on www.fatelabs.com the following snippet is 
listed:
He [Eric Hines] continues to be a driving force in continued advancements 
of new security technology and vulnerability research.

In March 2000 nearly all of the programmers left Fate Labs because of their 
frustrations with Eric. This affected Fate Labs operations severely, leaving 
an almost two year gap in Fate Labs research with no security advisories 
issued between 12/05/2000 through 08/05/2002.
If Eric is such a driving force why so long without any new advisories?

There is an advisory that is not listed on www.fatelabs.com which was 
released late into 2001, why doesnt Fate Labs mention this on their current 
advisory list? This advisory was released as F8-DLINK20010906.

The vulnerability was found by one of Fate Labs research team, when he 
tested his own D-Link Dl-704 Cable/DSL Internet Gateway, unfortunately he 
was not running the latest firmware for the device and to Fate Labs 
embarrassment found a denial of service vulnerability that had already been 
addressed and fixed in the latest vendor firmware.

As mentioned Eric Hines cannot write code, and he could not find anyone to 
write this code for his advisory so he claimed that Fate Labs did not write 
code for the advisory because it would be a waste of time, and suggested 
people use hping2 or Jolt.c to recreate the condition as seen in:
http://archives.neohapsis.com/archives/win2ksecadvice/2001-q3/0102.html

In that advisory he also attacks the people behind anti-security movement, 
these people in turn pointed out how useless his advisory was, and made fun 
of his claim that he would Squash their movement made in Fate Labs 
Advisory F8-DLINK20010906


How can someone who cannot write and therefore audit source code claim to be 
a vulnerability researcher, a penetration tester and an open disclosure 
contributor? Along with his claims of working with NIPC and the F.B.I he 
also lists himself as being a Department of Defense contractor and claims 
that Fate Labs has the Top Secret clearance required to audit DoD networks.
This is not true, they have no such clearance. Furthermore if he did, can we 
trust someone who has assisted a known script kiddie to escape justice to 
work with the U.S Military and the U.S government in securing their 
infrastructure?
Eric Hines also claims on his Fate Labs webpage to have worked in the 
Security Industry for Ten years, however he is only twenty three, are we to 
believe that not only in Ten years he has not been able to learn a 
programming language, but that he has been working with companies since the 
tender age of thirteen helping them secure their infrastructure?

His recent shoutcast advisory 
(http://www.fatelabs.com/advisories/shoutcast-advisory.txt) was a complete 
farce; even the vendors did not take it seriously.

However he was recently quoted by Wired Magazine telling them he was not 
afraid of Black Hat reprisals when he releases his exploits:

http://www.wired.com/news/culture/0,1284,54400,00.html

But Hines said the constant threats he receives from angry black hats will 
not frighten Fate Research Labs into sitting on vulnerabilities it 
discovers. 

Looking at the caliber of Eric Hines research and vulnerabilities since he 
lost his complete programming staff you have to ask if the Black Hats are 
intimidated by an already patched Denail of service attack vulnerability on 
a home Cable/DSL router and a retrieve password locally attack on 
ShoutCast multimedia daemon?


I apologize for the length of this rant; however the Internet Security 
frauds amongst us have to be exposed.

