The response of Little Geneva's Harry Seabrook was to mock me. On December 21, Harry wrote this of my MrsBinoculars web site:
Hilarious! Just as I suspected. The thought of that genius [Matt Chancey] registering a website and working late into the night on Photoshop to design his website will have me smiling all the way through Christmas. Absolutely hilarious. And he doesn't even have the good sense to take it down!
But later that day, the laughing began to subside when I responded to Ministry Watchman's Picasa photo gallery fraud with my “Mrs. Binoculars vs. Danny Boy” article and followed the next day with another article showing the fired anonymous web-master excuse and newly “found” Flickr site to be yet another hoax.
Since then, members of the Ministry Watchman team have been on the defensive, and Harry Seabrook—the self-described “Good-Natured Internet Assassin”—appears to be one of them.
Upon Discovery, Seabrook Panics, Lies, and Fakes His Own Hack
As part of my research, I tracked down the Kinist leader's place of employment—a “diversity-conscious” IT operation with a formal policy statement against the very type of race-baiting behavior which is the hallmark of Mr. Seabrook at Little Geneva. Not only do they have a policy statement against such behavior, but they require employees to make full disclosure for any possible conflicts of interest between their outside life and the objectives of the company.
On Friday, one of my team members independently called Harry at his office to obtain information on several lectures he gave recently. During the phone call, Seabrook panicked. He lied, denying his relation to Little Geneva.
Within six hours of this call, the Little Geneva web site went down.
The explanation? The site was “hacked,” and the message left by the purported hacker read as follows:
Note that the message on the Little Geneva home page “appeared” to be posted by someone critical of Harry's association with Mark and Jennifer Epstein.
But is this the real story? Was it some disgruntled party, tired of Harry's sycophantic praise of the Epsteins, who brought Little Geneva down?
Analysis of Yet Another Apparent Fraud
Unfortunately, Little Geneva's claim to have been “hacked” just doesn't pass the sniff test. Although the shock of seeing a long-standing site gone in an instant may convince some of a catastrophic cause, there are several problems which become obvious upon further analysis. (And for anyone who's followed my previous posts, they should also seem very familiar.)
Not Your Average Hack
In the first place, the way the alleged “hacker” defaced the site makes it immediately suspect. First, I have to give some background information (bear with me; this will get a little technical.) What allegedly happened to Little Geneva is a common hacker practice called “site defacement.” These hacks are usually attempts by hackers to trumpet their “hax0r skillz” and sometimes are efforts to annoy or injure their target. Wikipedia has an article on it here, and there are even sites dedicated to tracking such hacks. See these examples.
One thing is common about almost all these site defacements: the hacker simply replaces HTML code on the site's home page or modifies a key portion of that code. This is easy and fast to do. That's why the vast majority of site defacements are simply HTML mods: you're in and out, fast and easy. You can check some of them out here.
Bypassing the Easy Kill
Now, it's important to note that Little Geneva is powered by WordPress, a popular blogging software package. The content of Little Geneva consists of a long blog post, with comments at the end. On WordPress sites, these posts are not stored as HTML pages to be edited, but as entries in a separate MySQL database.
Administrative access (the ability to make changes) to this database is totally different from directory access to the files on that server. Not only are these WordPress databases stored in different locations on the computer, but they are protected by different passwords. So, our “hacker” had to get access to both the file system on the server and the WordPress database in another directory. This is like someone getting access to your home computer: he may be able to add or delete your Word files, but it's a different task altogether to be able to open up your password-protected Quicken accounts.
What Harry Seabrook is asking us to believe is that a “hacker” with hostile intent surreptitiously gained access to Little Geneva's site, and then, once in, bypassed the easiest and quickest ways to deface the site and instead spent the time to brute-force crack the WordPress database user account and password. Even though everything he wanted to do could have been done once he had file access (he could have posted a page with his ugly message, and he could have deleted all of Little Geneva's files), the “hacker” took this extra step.
Then, after going through all that, the “hacker” went back and made changes to the original HTML pages (removing the links, changing some coloring, and a few other things) he had previously bypassed. Why didn't he just do that in the first place, instead of bypassing the easy kill?
Sound believable to you? Me neither.
An Hour-Long Bank Robbery—In Broad Daylight
While most internet vandals are quick to take responsibility for their work, they are usually very careful not to touch any of the site's files, since this activity can be a serious crime. Unlike the average “script kiddie” internet vandal, however, the mysterious “hacker” of Little Geneva decided to destroy the site's actual data and leave behind a hard-core calling card. But did he really delete all the files, as claimed?
Not immediately.
When Seabrook panicked on the phone with us, we suspected that he might be up to something, so we carefully monitored his site late into the night. Consequently, we were able to observe and record the changes taking place on his website. This tipped us off to the fact that it was likely that Seabrook, not some anonymous “hacker,” was changing the site. Here is what we discovered.
Pay careful attention: only after his gloating announcement went up did this anonymous rascal begin deleting anything, and he started deep within the near-impenetrable SQL database of Wordpress posts. Rather than erasing or corrupting the index file (as mentioned, an easier and faster way to destroy the site), he went through methodically deleting individual posts but leaving the structure of the site intact (minus those incriminating links). Anyone who was online at the time, as we were, could have watched him manually changing Little Geneva, and he continued to edit his “gotcha” post as he went. Here's how it looked at different times:
At first the date is 1969, and the “hacker” is named “HLS (HNIC of Scurrility.com).” Next, the year is 2007, and our Hamlet-like “hacker” is simply named “X.” Twenty minutes later, the incriminating links are removed, and there is a small change made to the background of the site—nearly an hour after we first noticed the changes taking place.
Finally, after making changes to both the WordPress database and the main index HTML pages, he made a mistake and exposed the hierarchy of his entire HTTP directory. As a result, we were able to actually watch the files disappear, just like the Hollywood hacking scene in Clear and Present Danger.
Does This Make Any Sense?
Now, here's my question: Wouldn't a real hacker (I mean a good one, capable of cracking access to both HTML files and the WordPress database) intent on the destruction of data and not merely some juvenile boasting, have done his work in the server before announcing to the world that he had gained entry (if he even planned to announce anything at all)? And he certainly wouldn't have gone about the business of erasing data in a way that would reveal his actions so clearly to casual observers after broadcasting his intentions on the front page.
It is unlikely that any “hacker” so inept could manage to break into a website's HTTP directory at all, much less obtain administrator privileges within the very secure Wordpress database. Could it be that this mystery vandal was none other than the actual administrator of the site, trying to cover his tracks?
Return of the “Danny Boy” Dating Problem
The last claim of our “hacker” was that he “charitably” left some porn behind. But the “hacker” merely directs us to do a Google search on a certain search string.
(Let me first stop right here and say that I do not recommend that you follow the links revealed by this search!!! I hope you believe what I'm about to say and don't feel compelled to research it on your own.)
The Google search reveals five hits. All these pages have titles for perverse pornographic sites. All the pages appear to be files hosted at Little Geneva. But what's interesting is that Google cached these pages a long time ago! Here's the Google cache page for one of them:
It it seems that this defiling pornography has been on the site since at least December 25 of last year. It was not left behind on January 12 by the “hacker” who took down Little Geneva.
Our research indicates that these pages were likely uploaded by a “spambot” program that preys on blog sites in order to insert files with Java redirects to their wicked sites. I'm not going to spend time describing that, except to say that it means that Harry Seabrook probably didn't put the files there himself.
But what is certain is that our "hacker," striking on January 12, did not leave the porn files on the server.
What actually may have happened is that Seabrook found these files and saw an opportunity to take his incriminating posts on Little Geneva out of the public eye and blame it on “hackers.”
Ironically, it seems that Seabrook, while attempting to destroy his own site, forgot that he, as the “hacker,” was supposed to leave the porn behind, and he, as the administrator, accidentally deleted everything. Oops.
Devastating Questions
But this doesn't answer the most obvious questions about the porn.
The hacker had administrative access to the website. He could have posted dozens of dirty pictures anywhere he wanted. So, why did he only direct people to search Google for it? If the “hacker” is the one responsible for the porn found in the Google search, why didn't he just post it outright?
If the “hacker” wanted people to see his “dirty work,” why did he merely post Google search terms pointing to this site instead of just linking the porn onto Little Geneva directly? So you're telling me the hacker was nasty enough to tell people how to find porn, but not nasty enough to show it to people?
Unthinkable. Unless the “hacker” had a conscience and couldn't bring himself to post porn on the website outright.
Motivation of a Yellow-Bellied Blogger
Harry Seabrook is a bully. For years he has spoon-fed hatred into the Internet in the form of cruel characterizations of blacks and Jews. He has bullied reformed pastors and ministries with whom he has a personal grudge. He has created a gossip forum for attacking Christian leaders. He thought he could libel and bully others with impunity.
But he went too far, even by his own standards.
He got caught in a scandal with Ministry Watchman that has exposed him to serious liability.
But like all bullies, Harry Seabrook is running when confronted.
I believe Seabrook panicked at (1) the fact that the Ministry Watchman team is starting to unravel and its members are being exposed; (2) his own potential exposure for his role in Ministry Watchman; and (3) his vulnerability working for a large “diversity-conscious” IT organization which would not look too kindly on one of their own running what they would simply see as a white supremacist website.
So, in his panic, he removed from public view as much evidence as possible, claiming that his site was hacked by people concerned about his support of Ministry Watchman.
Unfortunately for Seabrook, he did a very sloppy, unconvincing job of it. As it turns out, his last-ditch effort to cover up his race-baiting and anti-semitic postings was pointless, since almost all of them are still saved in Google's cache.
So, What's It Gonna Be?
If this is an accidental deletion or strange server glitch or even a genuine hack-attack, why is Harry Seabrook leaving his site in this state?
Why doesn't he contact his web host and get them to restore the server using a recent backup?
Why doesn't he at least replace the embarrassing evidence of being “hacked” with a holding page? (Unless the whole point is that he wants people to think he was hacked.)
On January 12, Harry Seabrook Destroyed the Movement He Created in Order to Cover Himself
On Friday, Harry Seabrook lied on the phone. Later that day, he appears to have faked the hack of his own website. I believe that further evidence will reveal that Seabrook has been working behind the scenes all along with “Frank Vance” and the Epsteins in their unethical activities—activities which include the very type of scams and frauds which I have already proven in my prior articles.
Harry Seabrook built a name for himself with his quick wit, his outrageous racial slurs, his faux Christian justifications for Kinism, and his tenacity at attacking Reformed pastors and ministries which don't agree with him. In my view, on January 12, Harry Seabrook proved that he is more concerned about his own hide than with the Kinist theology he espouses. On January 12, Kinism died—and not at the hands of a “hacker.”
Good riddance.
“The wicked flee when no man pursueth: but the righteous are bold as a lion.”
—Proverbs 28:1
