Losing His Religion: Adrian Lamo Interview

digidave writes "Six months after the sit-down, TechFocus.org has published their interview with renowned hacker Adrian Lamo. Done before his arrest, TechFocus kept the interview secret so as not to influence the outcome of his trial. It remains his only interview since being arrested."

before arrest

[AyeFly]

wait, this doesnt make sense "Done before his arrest, TechFocus kept the interview secret so as not to influence the outcome of his trial. It remains his only interview since being arrested." How can it be both before his arrest, ... and then be the only interview after being arrested??

Re:before arrest

[VivianC]

Um... You are expecting the "editors" to edit? You must be new here.

IANAL, but...

[chachob]

it seems to me that unless the comanies specifically hired him as a security consultant, then he has no legal support in these matters.
However, he did not damage/alter any of the sites he hacked (excluding NYTimes, which was a minor addition to the list of "experts"). This does not help him in the courts though, because the act of breaking into the company's networks was illegal in itself.

Re:Cheese!

[dasmegabyte]

Well, they'll never be able to track you via your slashdot account.

Seriously, there's a rather supernatural school of thought that says we'll never hear interviews from the "best hackers," because they'll never get caught. I don't believe in superhackers -- but you have to wonder, with these guys catching interview with Lamo right before his latch, if an ego is REALLY the best thing for any criminal to possess. I mean, you need respect and renown to make it in a world without structure, but it seems having the blackhats known your name makes it easier for it to fall in the laps of the whitehats.

Homeless script kiddie?

[Vellmont]

I can't get to the interview, but the wired article seems to imply this guy is just a script kid. Basically it sounds like he's doing the modern day equivalant of war dialing.

He gets the press coverage because he's "homeless", but doesn't fit the alcoholic loser bum image of most homeless people. People like hearing such stories because it gives them hope that all the homeless (or more accurately, bums) might be able to pull themselves up by their bootstraps. Total bullshit of course, but it makes for good copy.

overrated.

[dan2550]

I dont mean to flame or anything, but im not to impressed by Lamo. he did some crazy things, but any lucky script kiddie could do the same. besides the fact that he was a meth addict, his "hacker skills" consist of using a web browser to snoop in unprotected directorys. In fact, he does not even know c++ or java.

Re:IANAL, but...

[cluckshot]

The United States Constitution holds that no warrant shall issue without probable cause. This means that no Arrest can take place without a Direct Connection to an Injury or the imminent liklihood of such. This NEGATES all this "Law" stuff. There has been no INJURY. For the minor addition line, That is not a material injury.

I love all the ILLEGAL stuff that goes around these days. If we followed the US Constitution such absurd thinking would be drummed out of town. There simply is no probable cause for this person's arrest.

Actually since he tends to encourage good things, there is genuine question if he is not doing a public service maritorious of a reward! I respect a Hacker who helps. I have no respect for the type who steals and damages. What he has done would be the equal to telling somebody that he found your door unlocked on your car and sent you a picture of him with the door open to prove it.

The issue of Network Security and locking data is a difficult one and most difficult for company types to get taken serously. He helps them see the need without damaging anything.

The reaction he gets from others is almost like I got when some years ago I suggested that the State where I live outlaw some farming practices that spread Mad Cow disease. The reaction was not that I was trying to help but that I was trying to hurt. Today one can see the damage of not doing what I suggested.

Enforcement of LAW without regards to the real damage and real merits of the situation is absolutely INSANE. It assumes that we must follow the law even when it is absurd to do so. I see nowhere in law or common law where we are required to do so.

Re:overrated.

[pimpin apollo]

I agree. I think it's a wired article that portrays him in less than favorable terms. The spin, on both sides, of this case is remarkable. It would be more so if it wasn't so common in these kinds of cases. We should be more careful however about making these guys into martyrs. IMHO there haven't been very honest accounts of this case outside of basic facts.

or maybe the guy just rubs people the wrong way

Re:It Figures the Times would do him in

[Anonymous Coward]

the Times publishes a bunch of made up stories, about life and death stuff, and considers an apology to be good enough for us.

Lamo tells truth and they want to send him to jail.

Luckily, the Times gets more irrelevant every day.

Does anyone really....

[Anonymous Coward]

Give a shit?

Seriously, this guy is just craving attention. Homeless hacker my ass. Maybe if he actually tried to make something of his life or contribute to society I could give a shit. But he has done nothing for the real 'hacker' community.. stop giving hackers a bad name and refer to him as homeless 'criminal' please.

Moral of the Adrian Lamo story

[twigles]

If you break the law shut up about it. Seriously, people bend and break laws all the time. Good, honest people. They cheat a little on their taxes, they don't stop all the way at stop signs, maybe they visit a prostitute occasionally.

No one really cares until:
1) The problem becomes extreme - instead of going 5 miles/hour over the speed limit you go 25 over.
2) You trumpet your illegalities all over the place.

If a sysadmin at the NY Times had received a discreet phone call from Lamo they would have had the option to ignore the whole situation and just quietly fix the problem. Instead they got a phone call from a reporter who was about to write a news piece on how this guy broke into their network.

I'm not saying that they were right, just that it's understandable and Lamo shot himself in the foot with his lack of discretion. I learned this same lesson in high school when I wrote a creative writing paper that was so bloody offensive that I had to have a conference with my parents, the principle, the teacher and the school psychologist. My teacher told me in private that he wouldn't have done anything but make me re-write the paper but since I showed it to a bunch of people (whose parents called in) he had no choice.

Re:It Figures the Times would do him in

[Anonymous Coward]

Please. I don't condone any of his actions, but he didn't exactly "run up a $300K bill" for the Times. I'm sure the Times has something like unlimited access to Lexis-Nexis for a fixed price. They just decided to "charge" him with full "retail" price.

It'd be like a 7-11 saying they sell bags of ice for $2, but individual ice cubes for $100 a piece, then accusing someone of Grand Larceny for stealing two bags of ice "worth over $80,000."

It's joke.

Re:overrated.

[adamruck]

The fact that he wasn't trained and isn't skilled impresses me all that much more. Instead of relying on highly technical methods to gain access to things... he relyed on his sharp perception to notice security holes. The plain fact is that most people including me and you cant do that. He sees things in completely different ways than we do, thats what makes him smart.

Wether you like lamo or what he did is up to you, but I think it would be foolish to not understand that what he did was impressive.

Re:overrated.

[Anonymous Coward]

how does one story about doing meth equate to meth addiction? dont lie and you say you didnt mean to flame...

Re:IANAL, but...

[3terrabyte]

I consider your lack of RTFA pretty injurious.

The FBI calculated the maximum cost of using Lexus Nexus to be $300k. An unlimited 3 month account COULD HAVE BEEN purchased by Mr. Lamo for $1500.

inflated damages

[David Jao]

I personally consider $300k pretty injurious.

From Wired's interview [wired.com]:

Although the Times doesn't pay retail for the service, the FBI calculated Lamo's damages using the full Lexis-Nexis rate, which added up to a shocking $300,000. It was clearly a punitive figure. Had Lamo simply bought an unlimited three-month account with Lexis-Nexis rather than piggybacking off the Times, it would have cost him just $1,500.

Re:IANAL, but...

[stephanruby]

An unlimited 3 month account COULD HAVE BEEN purchased by Mr. Lamo for $1500.

And even $1,500 is a bit much. If he had not stolen this access, would he have actually bothered to buy it from them? I doubt it, the kid is semi-homeless. Those are not actual damages. NY Times didn't lose any money and Lexis didn't lose any money. At the most they lost a couple of pennies on bandwidth.

Re:overrated.

[Vellmont]

The fact that he wasn't trained and isn't skilled impresses me all that much more.


Are you also impressed when people are able to try a hundred differed different doors and find one that's open? He's not a genious, he's not overly impressive, it's just that security in big corps sucks. It almost has to when you have to let in hordes of people. There's tons of people that "aren't trained" that figure out how to do things. They aren't geniouses, they just don't require hand-holding.


The plain fact is that most people including me and you cant do that


Most people can't find their ass unless they're told where it is. The comparison with "most people" doesn't raise someone far beyond the ass finding level.

I can't do what he does because I don't have 8 hours a day spent trying to get into every website on the planet. I also have no motivation to do so, and for me prison is something to avoid. I suppose if I were homeless, a nice federal white collar prison would be an upgrade. I'm not a genious, and there's plenty of people that could quite easily do what he did, they just lack the motivation, time, etc to do it.

Technically Disabled News Paper Company

[EconomicRat]

I find it baffling how anyone can consider Lamo's non-malicious acts of security audits grounds for incarceration. If I were responsible for the New York Times data network during Lamo's breach, in addition to being embarrassed, I most likely would have written him a check and engaged with him to tighten up the security holes (Obviously including the necessary agreements required to protect against the sale or use of the data he had access to).

Had Lamo intended to act maliciously or engage without notice, he could have. So, the New York Times should be thankful that it was Lamo, walk-off the embarrassment, and throw this frivolous suit in the garbage can. The dollars allocated to the damage as a result of Lamo's activities are most likely "soft" costs. Specifically, the 300k associated to the LexisNexis activity, which is, most likely, an overvalued retail transaction price related to database queries, which fundamentally costs nothing. And, the 25k associated to the investigation efforts of the New York Times networking personnel, was really just a bad business decision. They could have just asked Lamo once he disclosed that he breached the network. I'm sure he would have provided the details. Additionally, those are, most likely, soft costs, as those resources used to perform the investigation were, most likely, New York Times network administration personnel doing what they do every day, well aside from reading Slashdot, and handling ID-10-T user errors.

The "real" cash that was wasted on all the blood-sucking lawyers to file suit against Lamo, should have been used to tighten up the security on that New York Times network. But, maybe it's not too late. Maybe, the charges can be dropped, prior to sentencing, and Lamo is good-natured enough to still help the New York Times out. Because the possibility of being on the receiving end of hacker community retaliation is certainly not a place I would ever want to be!

ER

Company Accountability

[caffeineHacker]

Correct me if I'm wrong, but it sounds like he simply tweaked his browser settings a tad and got in, no cracking(I.E. A cracking program, overflow attack, etc.) involved. To me this is the NY-Times' fault more than anyone. Lamo doesn't have the skills or knowledge to actually crack a system...he trolls for people that don't know how to configure there settings properly. And it's not like the sites he gets into are small personal sites. MSN, NYTimes, etc..should all be ashamed that someone who has no real knowledge of how a computer network operates can get in that easy. Of course what he did was wrong, similar to entering an unlocked store at night, but the NYTimes is just as much at fault for either having a braindead security team, or not funding security appropriately.

Does it really matter?

[jedi_odin]

whether or not he could code? so what he didn't know java or c++, he did understand how networking worked, and how to use network components and the networks themselves against itself. I think that the fact that he couldn't code yet still showed the world that networks were vulnerable to persistant attacks of such intimate nature is important and should not be taken lightly. If he was a coder, just think about what he could have done. Was he a script kiddie? that all depends on the definition I guess, but some people want to call him b/c he used a webbrowser for his explorations. Wait, I use a webbrowser when I explore the internet, does that make me a script kiddie, does that make any and all browser users a script kiddie? Seriously, a coder could have done a lot more breakins, and bunch more "spectacular" and prolly would have been respected more, but who cares, the guy found a way in without needing to code; and that should be addressed. Also, obiviously the guy had a talent for understanding networks and the perserverance to get the job done. There are many other "crackers/hackers" like that, both convicted and not yet caught. People with such talent and perserverance should be learned from, not convicted and jailed to be sitting beside murderers and rapists. I think that picking the brains of such people would be a benefit to society, not locking them up in some shitty jailcell. I heard that Robert T. Morris was an assistant professor at MIT, damn I'd love to learn from him, I'd love to chit chat with Mitnick, Poulsen, and many others who have show us the weaknesses in comp and network security. These are the people to learn from, not those 3 week long IT boot-camps and mindnumbing professors who are so far up their own ass its pathetic. My former CS professor is a genius, very intelligent and inventive like these people were, and the humbleness he had and the willingness to teach rivals Yoda himself. If it wasn't for my former CS prof, I'd be dead in the water clueless. So we should accept the fact that we need to learn from hackers/crackers not just after the attack, but by conversing with them, working with them hand in hand, instead of sending some of our most inventive minds off to jail.