But instead of cutting at this point to the seedy Hell's Kitchen walk-up of some aging, tough-as-nails gumshoe, we find ourselves in the bright, cheery offices of AntiOnline.com, an Internet security consultancy that tracks hackers and monitors their activities from smack-dab in the middle of Beaver, Pa. And the P.I. the feds are pinning their hopes on? Why he's no more than some fresh-faced kid in his early 20s named John Vranesevich, a guy who looks like he could just as easily be working the counter at Baskin-Robbins.

But that very same fresh face also graced "Wanted" posters circulating at last July's Defcon Convention in Las Vegas -- the most celebrated hacker gathering anywhere. And it's Vranesevich's AntiOnline.com Web site that hackers love to attack above all others. By Vranesevich's own count, hundreds of hack attacks daily are pretty much the norm.

Why? Vranesevich markets his services not just to the authorities but also to companies looking to protect their systems from hackers -- which hardly seems extraordinary. And the site itself simply contains news and information for security professionals, interspersed with ads from big technology players like Microsoft and Verisign. That, too, seems benign enough. But what's not immediately apparent is that this all represents quite a shift from the site's earlier roots -- stemming from its launch while Vranesevich was still in junior high. For years, the site chiefly trumpeted hacker exploits and provided a channel for hackers to explain their actions and voice their opinions.

All that changed a couple of years back, when Vranesevich stopped praising hackers and started pursuing them. Hackers say it's because he saw an opportunity to cash in on his inside knowledge. He says it's because he came to see most hack attacks not as the heroic challenges to authority their perpetrators purport them to be but, instead, as indulgent, self-serving acts of malice. Either way, he declared war on his former comrades in arms. And the skirmishes continue to this day.

Hackers mount assaults on your Web site so relentlessly that you've included a feature visitors can use to see who's attacking at that particular moment. Does all that enmity serve as one of your best security credentials?

Perhaps to some degree. It certainly removes any doubt about whether we're in cahoots with any of these individuals.

Has anybody ever managed to get through?

As a matter of fact, yes. Just a few weeks ago, somebody got into AntiCode.com, which is our security file library where we archive some 140,000 security sites. One part of that is a community area where people are encouraged to post security information. And the software enabling that is a third-party package. Now, we went through that pretty thoroughly and we did a lot of updates, but apparently we missed one file. And some guy found a way to exploit that to upload files to the home directory -- which is how he managed to deface the site.

Did he compromise any data?

No. It was just a matter of defacing, but it was a pretty creative attack. It looked like somebody invested a good deal of time.

What I find so curious is that after struggling so hard to get into your system, some guy chooses to do nothing more than leave his mark, which seems innocuous enough.

But just because I don't lock my door doesn't mean you can come into my house and leave a note that says: "Hi, I was here."

Still, you've got to admit these people have a sense of humor. And it seems they're primarily interested in demonstrating their technical prowess.

Well, that depends. One of the things we do here is break down hacker motivations. And what you're talking about is what we call the "social motivation," which almost always revolves around peer acceptance. Generally speaking, the guys we're talking about would be out tagging their initials on shiny buildings were it not for the fact that they're already essentially doing the same thing online.