Why I'm Sure Richard Hillyard is the Culprit

It's difficult to pin down just who committed a crime perpetrated via the Internet. Aside from the whole business of anonymous remailers and newsgroup posting, even when you can track an email or newsgroup post to a specific account at a specific ISP, and they know whose account that is, and can tell that someone was using that account at the time the message/post was sent—how do you prove who was actually at the keyboard? It isn't as though signing on to a net account requires a retinal scan!

You can, however, make reasonable guesses. The person whose account is being used has a contractual agreement with his ISP agreeing to be responsible for any use of his account—so whether he's at the keyboard or not, he's responsible for anything done by those to whom he gives access to the account.

Of course, the account might have been cracked—but honestly that just isn't so common. If the account holder did something stupid like leaving a login name and password written down on his desk at work or whatever, he's been irresponsible and has to deal with the consequences of his irresponsibility. That isn't a case of an account being "cracked" at all. To count as cracking the cracker has to have gotten the password without your help. If the password is obvious—same as the login name, the account holder's real name, birthdate, street, family names, etc.—again, it's simply a case of the account holder being irresponsible. There are programs that run through dictionaries of words trying to guess a password—but anyone using such programs would leave a trail of invalid login attempts on the server, which would be very obvious to the ISP. (Most systems are set up to lock an account out after a certain number of bad login attempts, anyway, to foil such programs.) And besides all of the above, there needs to be a reason for the cracker to target you—and I can see little motivation for any cracker to go to so much trouble just to access someone else's dial-up account.

So, discounting elaborate conspiracy theories, the account holder is where the buck stops.

This saga started with an odd post from a man I'd never heard of before. It was verified as being posted from Richard Hillyard's account at MindSpring.

Then I started receiving hostile email from someone using Richard Hillyard's MindSpring account.

After I replied telling him not to send me any further email, I started getting email with largely the same wording sent through anonymous remailers—not very anonymous, considering the timing (less than 10 minutes apart) and the shared content. The email got increasingly obscene, and sexually explicit email was sent to my child's email address, as well.

Hillyard later admitted, in both private email and a public post, that the attacks against us were done from his account, although he blamed his children.

Then Hillyard (or someone using his account) went utterly overboard in responding to a post I made about those emails in a newsgroup. He (or whoever was using his account) started forge-cancelling the posts of those who didn't agree with him. MindSpring verified all of the above and cancelled his account.

Right after Hillyard's account was cancelled, I received email from a GNN user who claimed to have gotten my name from a newsgroup post, saying I'd being hearing from lots of new admirers, and warning me to "Watch (my) back!" It was sent on Monday, July 15 at 9:19pm EST. On Tuesday, July 16 at 2:30am, the first of four anonymous posts were made to various newsgroups advertising me as a prostitute, and I started receiving the mail the GNN user predicted. Making such an accurate prediction didn't take any clairvoyance, since he'd obviously posted the ads himself. The GNN user name was "Duck4267." Hillyard's web site contained pictures of some of his family friends, "the Ducks of Greenville, SC." Mike Lanham (the "Ferris" referred to in some of the other posts) also received email from Ducky.

MindSpring and I were then repeatedly attacked in another newsgroup by someone pretending (poorly) to be several people, including that GNN user. The GNN user claimed, at first, that he was one of Hillyard's coworkers at the CDC. The posts all originated from GNN or from machines at the Atlanta offices of the CDC—Hillyard's employer at the time. In one of the posts from the GNN user he admitted that he was Hillyard.

According to Hillyard's manager there, the CDC reprimanded Hillyard for abuse of the CDC's internet gateway, and warned him that he'd be fired if it happened again. He was not told they'd put a packet sniffer on his network connection. He was later fired in connection with the investigation, as it had revealed that he had lied to conceal his criminal record when he applied for the job.

On August 16 I received threatening email from an interamp.com user saying he'd followed us home from our mailing address at a Mailboxes Etc. to our home. Hillyard had recently been using the address "ufgator@interamp.com." in his posts to several newsgroups, and those posts were made through interamp.com's news servers (he had, in fact, used it in other posts on that same day, which he later cancelled). That email was the main piece of evidence used to get a warrant for Hillyard's arrest on a simple assault charge, which was later changed to stalking.

Richard Turner, another MindSpring user who had also disagreed with Hillyard, received email from an interamp.com user that day, saying that the sender would ruin that person and had posted ads in his name all over the net. (Turner is not, as Dick Coward claims in that email and in the ads forged in his name, homosexual.)

That day, August 16, many sex-wanted ads were forged in my name to fifty (yes, that's 50) sex-related newsgroups, with pornographic pictures attached. Other posts were forged in the Turner's name, and included his personal fax number at work. The posts came through interamp.com's news servers, which could easily be accessed by a user at the CDC. One of the forged messages ended with the line "Long Live the Duck." All of the 8/16 forgeries included an oddity in the headers that nobody I know of has ever seen in anyone but Hillyard's posts around that period--the X-No-Archive: Yes line appears twice. It appears in posts Hillyard made as ufgator@interamp.com, lewis@freemark.com, acad@usa.net, and authority@ncaa.org. Those messages were posted through Hillyard's accounts at interamp.com, the CDC, and inetnow.net.

Hillyard's former boss at the CDC, Jim Seligman, testified under oath that in August 1996 other CDC employees observed Hillyard 1) at a particular machine; 2) accessing sex-related sites on the internet; and that 3) their packet sniffer showed a high volume of traffic from his area to the internet with the words "sex" and with one of my email addresses repeated many times.

As far as I'm concerned, that is very solid proof that Hillyard sent the threats, the forged posts and the pornography.

In September two calls to my home were traced to Hillyard's home number. Hillyard had already been arrested once, on the simple assault warrant. He had never had any legitimate reason to call me--and he had even less reason to call me when he'd already been arrested once. Hillyard was arrested again on a charge of harassing phone calls.

On December 20, in the midst of wreaking havoc on the atl.general newsgroup by flooding it with forged posts and cancellations, Hillyard goofed and sent some of his forgeries through the internet gateway of his new employer, Advanced Visual Systems, showing their domain name in the message IDs. When the individual whose identity was being used for the forgery made public mention of that fact on December 23, Hillyard cancelled that person's message, then turned around and cancelled the posts, but we'd already archived them as evidence. The machine name he had been using, brandy.avs.com, suddenly stopped resolving, and a new one, avsgator.avs.com, appeared.

In January 1997 Hillyard (or, again, someone with access to his account) created a new web page at afn.org. It was in his own web space, as verified by fingering the email address associated with it and by his use of the address in postings all over the net since January 1996. That web page contained hidden text attacking me, as revealed by multiple posters who responded to his post advertising the site, which was made from lavaca.com (another server to which he was known to have access).

Later that week, Hillyard contacted MindSpring's abuse department claiming that the person who publicly revealed his avs.com connection in December had sent him abusive email. Fortunately MindSpring was able to determine that the message was a forgery—Hillyard had access to PSI PoPs through his lavaca.com account, and was able to log in there, telnet to MindSpring's mail server, and forge email to himself from that person. Luckily that the target of Hillyard's attack had not been logged in to a PSI PoP, so MindSpring was able to determine that Hillyard was lying in an attempt to get his target's account cancelled. (All of this information comes to me via his target.)

In March I found that Hillyard was obtaining copies of all the posts I made to MindSpring-only newsgroups. He had a Word file with some of those posts in it in an unprotected directory on his web site at atlga.com. After I found it and other files, Hillyard added multiple web pages to the site attacking me—including altering the front page of the site (a site that supposedly exists for business purposes—how professional!) with a big blinking tag saying "HEY CYN!" He screamed loudly that I'd "hacked" his web site and presented web server logs showing that I'd visited his pages as "proof." (The logs proved I hadn't hacked anything—there were no passwords requested at any time.) Later in March Dick Coward posted to atl.general, quoting one of the posts from that Word file and adding a lame insult. He made another post quoting a post I'd made to mindspring.local.atlanta on March 27 seeking information about whether the Rob Redmond mentioned in a news story as having been shot during an altercation was the same person by that name who was a MindSpring customer and a regular participant in those newsgroups—and one of many people who'd butted heads with Hillyard (it wasn't him that was shot). His response was "Too bad it wasn't Cyn."

In April I got a strange bounce message from an email I didn't send—it was one Hillyard had forged in my name from an account at j3com.net. Hillyard's domain, atlga.com, still showed up in the headers. I got a similar bounce message on 10/27/97 after Hillyard apparently used his ibm.net dial-up account to send email to Netcom (probably in reference to the newsfeed avs.com gets from them), but mis-addressed the email and forgot to change his email program back to his own address after having forged other email messages with my address.

On August 23 a web page about me, entitled "1997 Bitch of the Year," was published at geocities.com and advertised with a series of anonymous posts. Hillyard claims he had nothing to do with the site, but the page was suddenly changed to simply say "Hi!" right after the prosecutor spoke to Hillyard's lawyer. When others responded to one of the anonymous posts in atl.general advertising the site, speaking in my defense, more attacks were posted using the names of Hillyard's wife and one of his sons, then using his own name.

Since July 1996, any public mention of Hillyard has resulted in new sex-wanted and prostitution ads being forged in my name. It doesn't have to be me who mentions him at all—I'm just his obsessive target when he's angry. For instance, release of the first version of this web site in early September occasioned 17 more forged posts to sex-related newsgroups and atl.general, as well as not just one but two more unwelcome emails sent through anonymous remailers. Just knowing that it would be released seems to be the motivation behind the "1997 Bitch of the Year," web site. I made no public announcements and no public response to Hillyard's taunts, yet he attacked me in his own name and those of his wife and one of his children. Many of the anonymous posts promised "free sex pics" in an obvious attempt to drive the number of hits on my site beyond the bandwidth limitations imposed by my ISP, so that I'd have to take the site down again (it didn't work). On October 9, 1997 Hillyard (according to Miller) agreed to speak to reporter Edward Miller of Hard Copy. Less than an hour after Miller left Hillyard's homes, more anonymous posts were made from someone claiming to be my husband, moaning that I was having an affair and directing people to my web site. Another was made to alt.sex.prostitution advertising "Body on Body Massage. See my web page for info." Mention of Hillyard's name in a post to mindspring.discussion.general on 10/25/97 provoked 21 more messages and another forged email on 10/27/97 (I thought the delay was due to him waiting for his "friends" to forward the posts to him, but now he says he still has access to MindSpring through his employer's account). The cause and effect for these events and other events is so obvious that I find it surprising that even someone as dense as Hillyard could have escaped seeing how obvious it would be that he, personally, posted the messages—why even bother to use an anonymous remailer?

In early December 1997, the "1997 Bitch of the Year," web site was back. Complaints to GeoCities had it shut down in a matter of days, but it reappeared at a new URL (http://www.geocities.com/SouthBeach/Pier/5138/) by December 10. Again, GeoCities pulled it within a couple of days—and, in fact, they found another before I could even report it to them and pulled it, as well. By December 26 Dick Coward was back with yet another site at http://www.geocities.com/FashionAvenue/5617/. GeoCities removed the page on December 30—and on that same date, the content that was on the site was published on a page at Hillyard's own domain, and registered in search engines.

I've only listed the most significant events here, those that are very solidly tied to Hillyard. I believe you can see, though, that I am not out of line in believing that Hillyard is responsible for all the harassment we've experienced in the past 14 months, and that he is indeed the person who is harassing me and Katie.

  1. Prior to July 7, 1996, I'd never had any significant disputes with anyone on the internet. I had engaged in minor flame wars, but nothing that wasn't left in the newsgroups where they started. In fact, I have had no significant dispute since that time with anyone except one Hillyard-like individual.
  2. The harassment began with messages from Richard Hillyard's MindSpring account, as verified by MindSpring.
  3. It continued with messages from Hillyard's place of employment, with eyewitnesses testifying that they saw Hillyard using a computer there "inappropriately" and with technical proof from that employer that he was sending out a great deal of data with my email address and sex-related terms in it.
  4. Many of Hillyard's posts had a distinguishing characteristic seen nowhere except in the forgeries and pornography posts made from a system on which he had an account at the time.
  5. Calls to my home were traced to Hillyard's phone number.
  6. Further harassment came from the internet gateway of Hillyard's new employer.
  7. At least five times Hillyard has openly published web pages attacking me.
  8. A fourth web site attacking me disappeared after a complaint to Hillyard's defense attorney.
  9. The same day another of Dick Coward's web sites was axed by its hosts, the material from that site appeared in pages on Hillyard's own domain.
  10. I have proof of Hillyard forging email in my name at least twice.
  11. Those who have openly helped or defended me have repeatedly been attacked by Hillyard as well.
  12. Any time anyone has reminded Hillyard of this case, new anonymous posts attacking me have appeared almost immediately—when no one but Hillyard or a member of his immediate family would have known of the timing that provoked the posts, in some instances.

So even without considering all of the other evidence, without knowing Hillyard's history of harassing other people on the internet, and without considering Hillyard's past criminal convictions, I fail to see how anyone could look at these events and claim Hillyard could possibly be innocent—or even that he could have been framed. Someone who had access to his personal Internet accounts (many of them), his work accounts at two different employers, his home telephone, his web directories on at least two, and more likely three, different servers? It would have to be a family member, and even that is incredibly far-fetched. Hillyard has repeatedly claimed that his son, Ricky, and his daughter Christy's boyfriend sent the original email to me from his MindSpring account. If that were the case, it would have been incredibly simple for his defense attorney to call them as witnesses at Hillyard's trial, but there has never been any mention of an apology or public admission of guilt from Ricky or the other fellow. If it were them, why didn't it stop after Hillyard caught them, and why did they also have access to his employers' computer systems?

When you slice it with Occam's Razor, you find that Hillyard is the only plausible culprit.