Adrian Lamo Charged With Hacking 527
retro128 writes "Drifting around the US from state-to-state, Adrian Lamo has been making news for some time with his 'White Hat' hacking exploits. His highest-profile hacking has included Excite@Home and Yahoo. After he would break into a network, he would call up those in charge of it and help them fix the holes. So far, it has earned him praise from the administrators of those systems, but now SecurityFocus is carrying the story that the FBI has filed charges against him, and currently has his parents' house staked out. The records are sealed, so nobody knows who is responsible, but Lamo suspects the New York Times initiated the investigation when they found out how deep into their system he got."
Fit? Stops. R (Score:2, Funny)
Re:Fit? Stops. R (Score:3, Funny)
Re:Fit? Stops. R (Score:4, Interesting)
People often make the assumption that morality dictates law. This is simply not true. In other words, if someone breaks into your system and tells you about it and helps you fix the holes instead of using your system for their own personal gain, then he's done you a favor by doing your job for you and saving your employers money if someone ever did exploit you maliciously.
Re:Fit? Stops. R (Score:3, Interesting)
You happen to figure out the combination for the lock of my safe. You open it up, look at all the nudie photos of my girlfriends (and maybe watch one of the videos). So then you tell me you figured out the combination to my safe and opened it. I know what you've seen.
So say a someone breaks in but doesn't appear to do anything malicious. How do you know he didn't look at anything? How do you know he didn't read everyones personal ma
Re:Fit? Stops. R (Score:3, Interesting)
There's another term for someone who breaks into systems illegally, but does not do anything malicious,
The Real Problem (Score:5, Funny)
Re:The Real Problem (Score:5, Funny)
Re:The Real Problem (Score:2, Funny)
Re:The Real Problem (Score:3, Funny)
Re:The Real Problem (Score:2)
Re:The Real Problem (Score:5, Informative)
1. Click on URL, you're redirected to registration/login page
2. Go to URL bar, replace "www" with "archive" in the URL, leaving the rest alone, and hit ENTER
3. The system will bounce you around a few erroneous URLs, before returning you to the homepage
4. All NYT links will now work without registration, thanks to a special cookie set by the bouncing process
Re:The Real Problem (Score:2, Funny)
Hack the NYTIMES?! (Score:3, Informative)
And good riddance. (Score:3, Insightful)
Re:And good riddance. (Score:5, Insightful)
Re:And good riddance. (Score:5, Insightful)
I know a lot of people look at it and say, "Oh, but he had good intentions, that makes it ok!" It's not really like that...we don't KNOW his real intentions at all, just what he SAYS his intentions are. But, if someone owned your network, would you just trust them when they say they didn't do anything more insidious than they told you about? I wouldn't, and the resulting cleanup to make sure that nothing more was done is an expensive and disruptive process. This is part of why the damages for relatively minor hacks end up being so enormous in many cases.
We're always pushing ourselves to question what we're being told by the media, by our leaders, by our educators, by big business...we should really question anyone who might have an ulterior motive.
Re: hacking and intentions.... (Score:3, Insightful)
Sorry, but I don't think I'd do anything different in those circumstances.
Re: hacking and intentions.... (Score:3, Informative)
It seems pretty obvious to me that hackers doing this sort of thing are simply trying to draw as much attention to themselves as possible, in order to boost their ego and enhance their career options.
Not at all like, say, teen athletes, who play sports for the sheer fun of it.
Besides, if he was so confident his activities were legal and ok, why is he running around from state to state, in hiding?
Well, according to the article, he's in California working on a documentary. Not exactly the kind of thin
Re: hacking and intentions.... (Score:4, Insightful)
1. He has repeatidly turned down anything from the companies he's helped.
2. He has always agreed to sign whatever NDA's are required of him. 3. That hardly fits the profile of somone trying to "bolster" his profile.
4. He has done this for *years*.
5. He has (A far back as I can remember hearing him speak) been aware that one day someone would not take too highly of his efforts.
6. He's hardly on the run, he's trying to get in touch with his Lawyer to setup the details of turning himself in.
7. He has NEVER released (as far as I can remember) the exact details of ANY of his corporate hacks.
Want proof? Go seach SecurityFocus, he hangs out on BugTraq and a few of the other lists. For heavens sakes man, quit trolling without at least reading about the guy.
Good intentions don't mean it is legal (Score:5, Insightful)
Look, there are ways to do security checks like this, without the security teams knowing that you are doing it. Get permission, make sure that no one is tipped off, and then test the systems.
If there is one thing I can't stand it is people doing illegal actions and then claiming they are doing it for the greater good. This type of action cannot be condoned. Sure, you might be doing help, but you also might not.
Re:Good intentions don't mean it is legal (Score:5, Insightful)
While network admins are busy giving themselves kudos for integrating Microsoft's latest and greatest secure systems, he is busy looking for holes. Without these types of white hats, all the world would have is insecure networks remaining open to black hats until they discovered the holes the really hard way.
Screw all the evil, sinister things you think his 'true' intentions are. He and his counterparts have potentially saved your company millions in expenses when some black hat could have made off with gigabytes of confidential data. Think these white hats are bad? Wait until you have class actions out the wazoo because many of your customers are now facing the business end of your over confidence.
Screw modern hacking laws because they are stale and outdated. People always like to tack on new laws without even considering removing or revising obsolete sections. All it's going to do is alienate any potential allies. The bad guys won't get caught because they hide, the good guys don't hide because they think they don't have a reason to.
White hats are thrown in jail because they get bad attention and can cause a PR mess. Many times, the work of black hats can be covered up by the company or government. How many stories have we heard of hackers holding sensitive data ransom or extorting businesses in some way? You really don't think EVERY incident gets publicized, do you? These people want to make it look like they are tough on hackers, so they go after the easiest and most public targets.
You will be giving a powerful message to upcoming generations of hackers. If the end result is the same, what the hell do I need this white hat for?
Someone will come knocking at your door, it's inevitable. What color hat do you want him to be wearing?
Re:Good intentions don't mean it is legal (Score:4, Funny)
Re:And good riddance. (Score:3, Insightful)
Let's try a little analogy and see how you like tha argument.
If I ask you and tell you that I'm going to access your bank account, then you will just tighten security. This is exact
Re:And good riddance. (Score:4, Insightful)
Great Excuse (Score:3, Interesting)
Maybe I didn't install a deadbolt and an alarm system, but who made this guy the "helper" of my problems?
There are no white-hat, gray-hats or black-hats. Only criminals and law-abiding citizens.
Re:Great Excuse (Score:5, Interesting)
But he did commit a crime - he broke into and entered their systems without permission. Sure, he did it for a good reason in his own head, and wasn't going to be malicious
Re:Great Excuse (Score:5, Insightful)
Re:Great Excuse (Score:2)
Lamo did the electronic version of breaking and entering, he certainly should get less of a sentance than a bank robber, rapis
Re:Great Excuse (Score:5, Interesting)
Re:Great Excuse (Score:5, Insightful)
But if someone noticed that you can see into your bathroom and bedroom from the street, do you get them busted for being a peeping tom?
The guy's not threatening anyone, nor is he stealing or endangering anyone's life. The "Housebreaking" metaphor doesn't realy apply.
OTOH, your mention of the deadbolt and alarm does apply, but only in the sense that if I did buy/install a deadbolt and alarm, I'd be royally pissed if they didn't work.
Re:Great Excuse (Score:4, Insightful)
Re:Great Excuse (Score:2)
Where'd you read that? Must've been a different article.
Breaking & Entering doesn't mean anyone has to be home or their life directly threatened.
Yeah, but using a remote to erase the programs on your neighbor's VCR does not = "Breaking and Entering" as long as you stay out of the house when you do it.
Re:Great Excuse (Score:4, Insightful)
Re:Great Excuse (Score:5, Funny)
Break in (Score:2)
In order for your analogy to be complete, you have to remember that he entered and altered things.
So, it is not a peeping tom you can compare it to. It is someone who busts in, pees on the floor in the bathroom, and drops pizza slices on the bedspread in the bedroom.
"The guy's not threatening anyone, nor is he stealing or endangering anyone's life."
The same can be s
Re:Great Excuse (Score:3, Funny)
How bout if I just looked at your porn using that Windows fileshare you've got open to your cablemodem?
Was that "breaking and entering"
Re:Great Excuse (Score:2, Insightful)
As I have pointed out elsewhere, the open door analogy is basically lame because the problem here is not the crime but, society's response to the crime. A trespasser remains a trespasser. In computer crime, a trespasser can suddenly become an armed robber if the person whose property was invaded has enough political muscle.
Also there is a third party issue here too. One of the files he gained access to contained personal information of another person. Where is the New York Times' legal responsibility t
Re:Great Excuse (Score:5, Interesting)
After drinking heavily in a bar, a friend of mine and I bought some slices of pizza at a shop, and went outside to eat. Since we were too drunk to stand up, we sat down on the steps outside another shop, which was closed for the night. That is, it should have been. My friend was leaning his back on the door, which was open. He fell right in.
Now, the right thing to do, according to you, would be to go away, minding his own business. And what the hell was he doing, trespassing on the steps outside the shop and all. If this was in Texas, he would be rightfully shot. However, my friend, being both an imbecile and a crook with neither morals, nor respect for private property, went inside to look for a telephone and hopefully the phone number to the owner (we were both too tired to do any serious looting). And so the owner was noticed and the door was closed, and my friend got a serious hangover.
The moral of this story is: if you drink, you get a hangover, so alchohol is bad, 'mkay?
Re:Great Excuse (Score:5, Insightful)
A better analogy would be this one: Suppose that somebody is waiting in an airport's lobby. He has not gone through the security checks yet. While waiting, he notices airport personnel going through what seems to be an unlocked employee-only door. A thought flashes in his mind: "This doesn't seem very secure. I thought airports were supposed to be secure." So he goes to the door and lo and behold, it is unlocked! He goes through it and find a bunch or corridors and doors.
Naturally curious and a little adventurous, our guy wonders how far he can go. He goes forward and manages to get to the departure area WITHOUT going through security. He feels a little proud of having easily broken a system on which governements and airlines has spent millions.
Being a good citizen, our guy then goes to the security counter and shows his finding to the cop. But suddenly, the cop puts cuffs on him and charges him with trespassing and attempting to bypass security in an airport. Of course, the proper action would have been for the guy to go to security as soon as the unlocked door was found. Adrian Lamo should have stopped his investigation at the misconfigured proxy.
However, is it reasonable to charge somebody with a federal crime for having gone a little further in testing the security of a system? Whether is was an airport or NYT's intranet.
I don't think so. The FBI can claim that they don't know whether the guy smuggled dope during his attempt and the NYT can claim that they'll have to check every system for backdoors but I believe it's mostly bad faith from people lashing out because they felt humiliated. Get a grip... fix your stuff and move on. Destroying the life of somebody who tried to help you is just stupid and cruel.
Re:Great Excuse (Score:2, Insightful)
It seems like people don't quite understand that hacking someone's system and then "helping" them fix the holes is not a positive thing. If you steal my car, return it a month later, and then "helpfully" point out that I should get
Horrible analogy. (Score:5, Insightful)
Response (Score:4, Insightful)
Re:Horrible analogy. (Score:3, Insightful)
Physical or virtual, you need my permission to use my stuff. If you want to borrow something, get a login on my server, test my security, etc ASK ME. It is not yours to mess wit
Re:Great Excuse (Score:5, Insightful)
If someone steals your car they are doing you a serious disservice and actively depriving you of something you cannot easily do without.
To use your analogy in a way that actually makes sense:
He isn't stealing your car. He is walking up and seeing if the door is unlocked and the keys are in the ignition. At the very MOST he is starting the car to prove he COULD steal it if he wanted to. But he never actually steals the car or harms you in any way (except maybe making you feel really stupid for having such an easily stolen car). He doesn't deprive you of it "for a month".
Basically he's checking to see if he COULD steal your car, NOT stealing it. Then he tells you what to do to keep others from stealing it.
Doesn't sound like evil incarnate to me. If I was being a total idiot as regards security I think I'd appreciate it if someone pointed that out to me before someone else came along and took advantage of it and ended up doing real harm.
The shame would be worth it in the end, I think. Unless you happen to be the NY Times, which is probably pretty sick of being shamed at this point.
Re:Great Excuse (Score:5, Insightful)
It's like you getting to work one day and finding a note stating "the bathroom window opens from the outside, and the spare key for the filing cabinet where you keep customer data shouldn't be taped to the bottom of the counter." Then what do you do? Call in all the staff, and close up the store for a week while you hold meetings, followed by changing all the locks and buying a gun, and finally suing the person who left the note, charging him with the total costs of what you did?
Or you tell a farmer that you were hiking in his woods when you discovered that his game warden was poaching. The farmer's reaction is charging you with trespassing. While he may have a legal right to do so, he'd be a real jerk AND idiot to do so.
The above is, unforunately, the analog to what's happening in the electronic world.
I'm not saying that Lamos and other self-appointed white hat hackers are RIGHT in what they do (I believe they aren't), but even if the messenger isn't welcome, you don't shoot him or blame hime for all the problems he reports.
The main reason why you shouldn't do that isn't just because it's a petty thing to do, but because you HURT yourself and others in the long run.
See, if I were a hacker operating like Lamos, and saw companies doing that, instead of alerting the companies and risking facing their and the paranoid law makers full wrath, I would stop alerting the companies about their flaws -- instead, I would anonymously alert the PUBLIC.
Seen from the viewpoint of a company, what's better about that? Yet, that's what they're pushing hackers into.
The companies might argue that they would want people to stop rattling doors in the first place, and that's a valid argument. However, it's not going to happen until you have exterminated every potential criminal and curious kid on the planet.
In a Utopia, you don't even need a door lock, because no-one would ever walk through the door without a right to do so. However, companies can't argue that as a defense -- not installing a lock would be seen as gross negligence, because it's expected that criminals and curious people will trespass unless minimal safety measures are taken. That's how our society is.
Charging Lamos is a signal, all right. Unfortunately the signal isn't "don't test our security uninvited", but "once you've tested our security uninvited, don't tell us -- stay anonymous and tell it to everyone else".
Regards,
--
*Art
Re:Great Excuse (Score:5, Funny)
I would bust his skull open with my tire iron, then call the cops.
Okay, so busting this guys skull open is breaking the law for:
a) A good reason.
b) A bad reason.
c) No reason at all.
d) None of the above.
BTW, the thief will sue you from here to eternity. Maybe if you make it out of jail alive some day, you might be able to find a job to pay off that lifetime of debt to him.
; )
You can't just go around breaking open skulls because someone pisses you off. YOU CANNOT BREAK THE LAW, EVEN FOR GOOD REASONS! IF YOU DO, EXPECT TO GO TO JAIL!
Re:Great Excuse (Score:4, Insightful)
Re:Great Excuse (Score:3, Informative)
Get permission, get paid. (Score:2, Insightful)
He wouldn't be in any trouble at all. Most responsible CIO/CFOs regularly contract with third parties to test their security. These usually involve full on intrusion attempts including social engineering attempts. They pay a hefty sum for such services and usually feel a little better if something(preferrably minor) is actually found. That way they have something to fix and feel even more secure than
Re:Great Excuse (Score:3, Funny)
Damn straight he should be arrested (Score:3, Interesting)
He got what he deserved (Score:2)
He did something wrong.
He might be able to prove or suggest no criminal intent, which would give the lenient sentence.
But really why was he doing this? it was dumb.
Call to "The Screen Savers" (Score:5, Informative)
hacking... (Score:4, Insightful)
I can realy understand how someone could consider that they're doing a service for admins and all of that, but the point is that you are still breaking into a system and then turning around and saying, "hey, this is a security hole, you should fix it" is kind of like G. Guido coming down to your house, breaking in through a window with a golf-club and then saying, "Hey, I can break into your house, better listen to me or I'll do it again."
I'm sure that Adrian has some noble goals, but fundamentally when a company decides that they don't like people creeping into their system and then presses charages against those who do, it's their right to feel that their security was violated. Good luck to him really, but there are other ways you can help people protect their network security than by breaking into them.
Re:hacking...a service (Score:4, Interesting)
"'I hope there will be a time when Adrian can do positive things that everyone agrees are positive,'"
This service analogy, or the positive light of the grey hacker's actions, does have some weight, as the hacker can inform the admins about the specific flaws of their system security.
But then again, any service should be prompted or invited. And a larger problem is this isn't just washing windows, these are problem areas, flaws, and security flaws at that. These might even give access to a company's dirty laundry. So not only is this service uninvited and not approved, it gives access to private company resources and information, and uses the security holes to get in.
Yes, I assume if security is the only dimension that your job entails, then this is all worth it. But to most people in charge, and arguably the general populace at large, this is an intrusion by illegal means.
I personally value my private virtual space. If you get on my computer and get into my root account, it's an intrusion. Yeah, I will listen to how you did it, but for your troubles you'll never use my computer again.
Wish I had mod points for once (Score:2)
Re:hacking... (Score:5, Insightful)
I can realy understand how someone could consider that they're doing a service for admins and all of that, but the point is that you are still breaking into a system and then turning around and saying, "hey, this is a security hole, you should fix it" is kind of like G. Guido coming down to your house, breaking in through a window with a golf-club and then saying, "Hey, I can break into your house, better listen to me or I'll do it again."
I'm sure that Adrian has some noble goals, but fundamentally when a company decides that they don't like people creeping into their system and then presses charages against those who do, it's their right to feel that their security was violated. Good luck to him really, but there are other ways you can help people protect their network security than by breaking into them.
I can see your point, but what he was doing was exposing flaws in the security of "public" places on the net. How is this any different than when the local news where I live broke into the nearby international airport's restricted area and did a report from there (this was about a year after 9/11) to show how lax security had become again.
When the journalists do it, it is a public service. When a private citizen does it, it is a crime. WTF? Personally, if I am going to be utilizing the services of these sites, I want to know that they have good security (and not just because they say so).
There is no way anyone can convince me that what he was doing was wrong. He was providing a public service, and if the public is too ungrateful to realize that, then it is really sad.
It's not like he extorted money from the comapnies, or demanded some compensation, heck he even helped them fix the holes. It is just sickening that you can't even be a good Samaritan without someone wanting to take your head off.
Go Mom! (Score:5, Insightful)
That's love, folks.
It would be ironic if this was set up by the NYtimes. I thought investigative/secret camera/sting operation reporting was supposed to be agressive journalism... couldn't his "hack" be considered the same sort of thing? "Unsporting" doesn't begin to describe it, particularly if he was up-front and honest about helping them out. If the NYtimes can investigate, blow the whistle on others, and embarass them into action, I'd say the same card can be played against the Times. "Sour Grapes" anyone?
Yes, he was likely technically in the wrong, no doubt about it, particularly if you adhere to the letter of the rule, rather than the spirit of the rule... even so, this seems a bit heavy-handed.
Re:Go Mom! (Score:3, Interesting)
Lamo didn't down the company, or commit credit card fraud with Rush Limbaugh's SSN. There are much worse hackers out there, but the FBI's just looking for somebody to make an example of because they can't quite figure out where the firs
It brings up another issue (Score:4, Insightful)
Journalists are supposed to operate by an ethical code, and the vast majority do so. Journalistic ethics would say that you cannot break the law in order to get a story... though that's not say it hasn't been done. Check out this link. [state.gov] It would seem that ethical standards in journalism are quite flexible, and that there is no set rulebook. Instead, as in ethical dilemmas in many disciplines, one must weigh competing evils. The evil of impersonating someone, or operating under a false identity, veruse letting a politician go on with corrupt, harmful actions... which weighs more, and who decides?
By the same token, one might make the same argument for Adrian's actions. He intended no harm (as an investigative reporter might intend no harm in impersonating someone else to get a story), so the Mens Rea AKA "guilty mind" did not exist. Reporters often argue, when investigating and digging into the lives of public figures and officials, that those officials have less of an expectation of privacy than regular citizens... and to some extent they're right. Yet, how does the watchdog presume to waive the privacy of others in the pursuit of a story, while immediately running to the FBI? The media also argue that they have the right to dig, based on the fact that they are defending the public's "right to know." (how many times have we heard that?) The media assumes that power as society's watchdog... but who's watching them? Apparently, Adrian was, and they are NOT happy about it.
It's doubly ironic that an organization dedicated to exposing the truth (ostensibly in a transparent, above-board, and for-the-greater-good fashion), is getting their panties in a bunch over someone showing them some truth in a like manner. Apparently the old grey lady doesn't have a problem airing the dirty laundry of others, but is awfully sensitive about her own problems... and from an ethical standpoint, Adrian's actions are probably arguable either way.
I'm sorry, but I find this whole thing incredibly funny.
Re:Go Mom! (Score:3, Interesting)
Freedom of the Press belongs only to those that own a press. Everyone else will be raped when the system feels like doing so.
Seems fair (Score:3, Insightful)
This seems unfair (Score:5, Insightful)
I am not sure what he did at the New York Times can even be considered hacking.
So far as I can tell he set his web proxy to the address of the company infranet, surfed around that, downloaded some documents and used the information contained in these to get some more.
Whilst I don't approve of hacking per-se, I'd have to say that here, this is very little more than exposing a badly designed web site.
Imagine that you go to you Gas company's online web site, look at the URL and see your account number in it. You think to yourself, I wonder what would happen if I changed one of the digits. You do and lo and behold up pops all the information to another customer.
Now you can go for your 15 minutes of fame and ring up SecurityFocus or you can have a quiet word with the Webmaster of the Gas company - either way, you are not a hacker.
He accessed an internal network (Score:2, Insightful)
Any way you slice it, that breaks the letter of the law.
If you want to test the secrurity of my network without getting charged if you break in, then I suggest you obtain myh persmission to do so in the first place.
Analogy: You find a guy walked in your front door cause it was open, snooped around your house, your bedroom, your closet... then told you "You shouldn't leave that box of money in your closet, and you should leave your do
Re:He accessed an internal network (Score:5, Insightful)
The law make distinctions between trespass, breaking and entry, armed robbery and so on.
The guy who wanders around your house is a trespasser not an armed robber. It seems here that a better analogy would be :
A guy walks in to your unlocked house, boasts about it and you insist that he prosecuted for the worst possible crime he *may* have committed, not the crime he did commit (to walk through an unlocked door).
Re:He accessed an internal network (Score:3, Informative)
Excuse my ignorance, but is this really a crime in the USA? AFAIK local laws, in Germany anyone can walk into any open (as in "not closed", not "not locked") area as it pleases him/her, until and only until, you say him he is not welcome. Then you can call the police if he stays or reenters.
That's probably why most estates have garden fences. Most of them don't stop anyone, but they declare the garden a "closed" area (presumed that the fence
It's about time. (Score:2)
Sheesh! (Score:3, Insightful)
He must have been living under a very large big rock for a long time, if he thought this kind of behaviour has ever been accepted by the authorities and most sysadmins.
And by the way, hacking systems without permission have never been white-hat. At best, I would call it grey-hat, although black-hat is certainly also fitting.
If we start judging people on intentions instead of what they do, I think most people will start complaining. "No, I was only trying to help the sysadmin, so I haven't done anything illegal", is about as stupid as "You thought about stealing that car, so you should go to jail for that".
How lame... (Score:4, Funny)
another scapegoat (Score:2)
Wow so I'm not alone in this world. (for those who know me) Anyway, I wrote up an article about the Blaster scapegoat [politrix.org], guess I'll do another one. The ONE THING TO NOTE (I will not rant on about this too much) is how supposedly he accessed information on federal agents. Not to start a conspiracy theory thread or flame war, but shouldn't this be the obvious reason why they are going after this guy. Think about that for a bit. Sure he accessed their site, but they should also go after the vendor if they're sin
He did nothing wront, because... (Score:2)
What was he thinking? (Score:4, Insightful)
Had Adrian simply notified the New York Times in a timely manner about the open proxy servers, he would have been fine and probably accomplished his mission.
Instead, he took his time cracking the system, widening the holes so to speak, and then went to a reporter(!), of all people.
There is nothing inherently wrong with his desire to improve security. There is nothing wrong with him looking around the public spaces on the internet for chinks. What was wrong was that he failed to tell the people maintaining the chinks directly about them, widened them until he got at valuable data, didn't tell the affected people about the data he had received, but then went to a third party and told them about the wanging big hole he had made. I'm sure he views himself as a knight in shining armor, but in this matter he behaved like a publicity-seeking self-promoter.
Yes, shame on the NYT for misconfiguring their systems, but even more shame on Adrian for doing something so illegal and counterproductive.
It does not matter if a person thinks he's a good guy, he still does not have carte blanche to do whatever he wishes.
Re:What was he thinking? (Score:2)
finaly a good analogy (Score:2, Funny)
"Lamo hacked into the website of The New York Times in February 2002 and took the Social Security numbers of several people. He then added his name to the list of contributors to The New York Times and notified the paper of what he'd done."
kind of like this....
middle-aged man #1 (Lamo) - "hey, i screwed your 16 year old daughter. i took her virginity, but i have to tell you she wasn't very good."
Lamo expected this...
middle-aged man #2 (NYT) - "oh hey thanks! i'll get her some li
Um, what?? (Score:5, Interesting)
French did not know what the specific allegations were, because the charging document is sealed.
Especially in light of this part of another article that people need to spend more time reading:
In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assistance of counsel for his defense.
Excuse me, what part of cracking the NY Times is a threat to national security? Why are so many court documents sealed these days? There is NO legitimate reason for securing this sort of charge. Even if the prosecutors were to go as far as claiming he were a terrorist, there's still no nuclear weapons secrets (which we all know by now anyway, despite being classified) in the NY Times payroll database.
He should use that in his defense; because the case was sealed, it's unconstitutional and therefore he can't be found guilty.
I don't support this sort of vigilante white hat hacking, but I oppose ignoring the constitution even more.
Re:Um, what?? (Score:3, Funny)
Well, if the New York Times is compromised by hackers, how can we ever trust the accuracy of the stories published by this hallowed national treasure...oh wait...never mind....
Mixed feelings on this issue (Score:5, Insightful)
I feel sorry for him, because he did allegedly report the weaknesses to the admins and he could have just read the data and not told anyone and used the information for his on purposes. So his intentions were good, to plug security holes by finding them and telling the admins about it. But he is doing it the wrong way, without permission.
He may want to think about pleading guilty and making a deal to get reduced charges. This will make him famous and when he gets out of jail and ends probation, he can become a security consultant. Otherwise they may try to make an example out of him and charge him with a full pentalty and any other charges they can think of.
But then the places he broke into didn't use good security practices and didn't apply the latest updates. Personally, I wouldn't put a machine on the Internet that contains sensitive data on it that only my company should have access to like contact information, credit card numbers, etc.
Jayson Blair? Ah. (Score:3, Funny)
Ah. This will lead to the perfect explanation of the Jayson Blair problem and other NYT prattfalls:
"It wasn't us. Lamo hacked our personnel files to make sure Blair was hired and employed. He also altered our articles so they were not longer factually pristine."
Why they're after him (Score:2)
More likely... (Score:2)
It would be more likely that Lamo found evidence that the NYT really is run by former Soviet "useful idiots". We are talking about a paper that has its own Pulitzer prizewinning apologist for Stalin [guardian.co.uk].
Though in all fairness the NYT is likely just another bunch of leftist hypocrits. They complain about high prision populations, police "brutality", the Patriot Act,
Why do they do it? (Score:5, Insightful)
Because IT'S NOT FUN, that's why. Or perhaps more accurately, it's not stimulating.
Hacking these sites takes time, and the payoff is getting inside and saying, "WOO-HOO! I DID IT!" The fact that he does nothing malicious afterwards and even calls and helps the sysadmins unfuck their systems is a testament to his character.
For those who would compare his antics to breaking into your home, but not stealing anything, it's a poor analogy. Why? Because your house is your personal meatspace. And if he went inside, he would see many things personal to you, such as family pictures, your kid's toys, or if he was REALLY unlucky, your fat, naked ass sitting in a Lazy Boy with a bowl of chips balanced on your ponderous belly, flipping through the channels.
"Uhhh... hey dude. Your lock is vulnerable."
See? Just not the same.
Getting past a computer's defenses is not the same as physically entering a home or bank vault, though I would find the latter far less intrusive than home invasion, especially if he never even touched the money.
Now, if he LOOKED at personal/confidential files once inside, that is a different story. But beating a system's defenses, with the only ambition of proving you can do it, then calling the responsible party and helping them fix the security flaw SHOULD NOT be punished.
Misdemeanor, at most.
It doesn't matter what he could have done while inside, it matters what he did, or more specifically did not do while inside the system.
"That bastard! He saw my FILE NAMING SCHEME!"
Yeah, he should fry for that...
Knunov
No more bullshitting. (Score:2)
I realize that it's "chic to be geek" here with the whole "white hat" hacking stuff, but be realistic. After all, you don't see people doing the physical analogue of white hat hacking. That's B&E.
Hacker the Gray (Score:5, Funny)
Dialectic (Score:5, Insightful)
We can begin with what we do know for sure about hacking. A hacking incident is when someone sends packets of information (in some form and by some medium) from a computer or computers to someone else's computer or computers. Which packets are illegal and which are not? Any exact definition raises problems. You can say that any packets that change the functioning of the target system in an unintended way is hacking. So the ignorance of the owner becomes the limit of what is or is not hacking. Faking an email address on a badly designed sign up page (or using mailinator) might be hacking under that definition. Other definitions are similarly problematic. Currently our legal system tends to default (once it actually gets to jury trial) to the above definition, but (in effect) adds that the act must be highly technical and use specialized tools. (Other definitions exist, and I am of course willing to bust holes in any particular one you care to suggest--so go ahead and suggest them.)
But there is such a thing as computer hacking. Everyone knows that. Even if we cannot have an exact legal definition, we know that some things are clearly computer hacking. What is the best way of creating law (which is now inexact) to deal with this behavior? I would suggest making the motive of the hacker one of the main considerations of law. It is always hard to for legal systems to judge guilt based on motive--and they should not if they can avoid it--but in this case, they must either judge the motive of the victim or the perpetrator. If the motive is vandalism or theft, then the act should be punished. Adrian Lamo's motive appears to have been an act that should not have been punished--though it is highly important to state that we do not yet know the facts.
Re:My house, my property (Score:3, Interesting)
Further evidence of our retarded society (Score:3, Insightful)
This is just another example of why our world is going to shit. Too many retarded people that think I have to make you sign something before you can't damage something I own.
Didn't sign an agreement that you can't egg my house on holloween? Guess you can then huh? What are you, stupid?
Our society has become so braindead that unless you tell someone specifically not to do some specific act, they assume they can regardless of the fact genera
Adrian we're here to help (Score:4, Funny)
Ethical but illegal (Score:2)
But anyway he clearly violated the law, so it is mostly fair (albeit pathetic) that he gets prosecuted. He must be either very brave or stupid (or both) to do such things knowingly. Once I want to blame the law, but anyway there is already plenty of ethical ways to break the law badly.
Maybe the
What a joke (Score:2, Interesting)
Re:What a joke (Score:3, Insightful)
Reportedly, his access to the NYT systems was by using publically accessible proxy servers. Saying he needs prior authorization to do that is naive -- do you need prior authorization to access arbitrary mail or web servers on the Internet? Leaving the systems open is prima facie authorization. There would have to be some indication that only NYT employees (or whomever) were authorized to use the system.
You are amused that he uses the same tactics to access
What country does he think he lives in? (Score:3, Funny)
You're all just mad... (Score:2)
Am I supposed to cry now? (Score:2)
If you can't do the time, don't do the crime. Its that simple.
Regardless of if you agree with it or not, the law is the law, and it is currently illegal to hack in to a system without permission. If you don't like it, then work to get the law changed. And in the meantime, don't expect sympathy if you get busted for breaking it while knowing full well you could be prosecuted. Any man with brains enough to hack in to a sys
Oh, because corporations are always trustworthy (Score:5, Insightful)
1. To all those saying, 'Its like he broke in your house': No it isn't. The machines were connected to the internet, which is a public medium. A house is a physically closed space where courts have rules one can have an expectation of privacy. Nobody can claim that the internet should provide an expectation of privacy - by its very nature of using shared resources it flies in the face of such an argument.
2. I don't know how it needs to be done, but truthfully do you (the collective Slashdot you) trust companies to secure their networks, perform audits and be upfront and honest about their failures? If I were a NYT partner I would be furious that my information may have been publicly accessible, yet I would never have known about its vulnerability without Lamo. How many companies have been hacked, had credit card or other info stolen, and just not said anything about it? When Acxiom was hacked, personal information on individuals was stolen over 8 months before they "discovered" the hack - and the hack was found by Hamilton County, Ohio Prosecutor's office when investigating another case that had come forward. What are the chances that Acxiom KNEW they had been hacked, compromised personal information, and said nothing? I am guessing with the current climate of corporate ethics, a pretty high chance exists that a lot of information is being disseminated by people who stole it and consumers have no idea because the company in question is sweeping it under the rug.
Hacking into someone else's system is bad. Nobody can disagree there, but the bottom line is a tradeoff of negative impacts - for what Lamo did I see a lot fewer negative consequences than today's corporate irresponsibility with personal information and computer security.
Interview him (Score:3, Insightful)
Its a sad world (Score:3, Interesting)
You see an open door at your neighbors house. You know the guy is on vacation.
Do you call the cops? Probably not, you just go over and check out the place for him. Most of the time the door was not securely latched, or the kids watering the plants forgot to close it.
But what if you discover that the place has been trashed and stuff presumably stolen. I would call the cops, and my neighbor. Would they be suspicious of me? Yes probably at first, but in the long run they'll more likely be grateful.
Obvisously, there are good reason for laws, tresspassing is one of the fundemental laws throughout history. But, I'm willing to give up a little privacy if and when someone goes out of their way to HELP me protect my property. I'd much rather a neighbor walk through my house in my absence if they think something is wrong.
I also happen to own a tiny hosting company, and I would definately rather have a white hat let me in on specific exploits my system is vulnerable to rather than leave it alone and let the script kiddies do their thing, if I have screwed up.
Unfortunately for Mr. Lamo a law is a law, and with the overzealous (at least on high profile cases) FBI on the case, they'll probably try to make him into another Mitnick.
It is a sad world, everywhere we go policies, principles, and even laws try to dissuade people from working together and co-operating. Capitalism, democracy are great in principle, and can be in practice, but even the best ideals can be bastardized by people in power.
Free software is said to be communism by its critics, sharing code in a CS course is bound to get you expelled, make a backup copy of a CD and face the rather of the RIAA, the world will probably end if the same DVD Can be played in europe, japan and the USA.
This is in my opinion another example of moral decay. We have all these rules and laws that do not promote morals, but rather promote some arbitrary standard of "rightness".
It is the principles of openess, and co-operation that have drawn me to Linux, and free speech software. I'm trying to raise my children right, to teach them to help others for the sake of helping. When something needs to be done, if you can do it, do it. I try to instill them with team values, that together they can accomplish more than they can by themselves.
Its just ashame that the way things are going I'll likely end up looking like a bad parent...
All the news thats is fitted to print (Score:5, Insightful)
You can bet your rear quarters that if our hacker had been a reporter on a story for the NYT that they would be vigorously defending his actions. Like most large corporate entities the NYT has no moral basis for anything it does, in the end it's about money, not honesty, truth or enlightenment. It sure as hell isn't about the times mission statement which is "The Company's core purpose is to enhance society by creating, collecting and distributing high-quality news, information and entertainment."
Perhaps our hacker should have "enhanced society" by distrubiting the inromation he found to the world. It would have been high quality news to see how one of the most influtential papers is really run.
NYT? (Score:4, Funny)
Entering via an open door... (Score:4, Insightful)
Similarly, if I take your car with the clearly stated intention to return it when I am done (e.g. if I desperately needed to drive someone to the hospital), I haven't stolen it, I've borrowed it -- with or without your permission.
Theft, burglary, etc. are crimes defined in part by the intention of the alleged perpetrator and the damages suffered by the alleged victim.
OTOH we live in a world where one of the first "terrorist" groups targeted by the government after 9/11 were Environmental Activists who destroy machinery but have been careful never to hurt anyone.
But I'm no lawyer.
Re:you got beat (Score:2)