If You Hack NBC, You Don't Get to Meet Tom Brokaw

subgeek writes "Security Focus Online is carrying this story about the spot that Adrian Lamo almost had on the NBC Nightly News with Tom Brokaw. NBC changed their mind after they realized the possible legal implications of filming someone hack corporate systems. NBC also seemed a bit touchy that Lamo had gotten into their system so handily. According to the article, it took him about five minutes and one guessed password to get inside NBC's intranet from a computer at a Kinko's. Lamo's comment: "It was a very full service system.""

In the immortal words...

[swordboy]

of homer...

Proof

[chill]

Demonstrating OTHER corporations are security dumb-asses is one thing, but demonstrating THEY are security dumb-asses on nationwide television must've triggered someone's clue meter.

Legal Implications?

[LinuxWoman]

Sounds to me like they're more embarassed that he did it so easily and from such a public location. After all, he was invited by an NBC employee to attempt to hack their system.

This kind of thing happens all the time

[DigitalSorceress]

I used to work for a television news department... this kind of thing happens all the time:

Reporter and Vidiographer are assigned some fluff or FUD piece, but come back with a story that lands a little too close for the news director's comfort... the piece gets pulled.

Lamo's lucky... with the way lawsuits and "terrorist hacker" charges are flung about nowadays, he should be thankful he's not roomin with some lifer named Bubba right about now.

Unfortunate Last Name

[Ratfactor]

Perhaps they just didn't want to admit that they'd been cracked by somebody with the last name of "Lame-O".

Reminds me of the great SNL skit with Nicholas Cage:
"The name is Dumass, Dumass!"

Re:Unfortunate Last Name

[Wind_Walker]

Actually, the SNL skit you're referring to had the punchline of "Azwipe".

The "Dumass" you're referring to is either the "Thick-Headed" commercial for A&W Root Beer, or from The Shawshank Redemption tring to pronounce Alexandre Dumas.

Not that I'm anal or anything.

So... what was the password?

[taeric]

So, if this guy was able to guess someones password, I am VERY curious as to what it was. If you know anything about the person, it makes guessing easier. However, if you don't know even the owner of the account, how do you guess a good password?

My only hunch is that the password was something like 'abc123'. It cracks me up how many people have passwords such as that and are supposedly worried about security.

It is also funny to hear what some of my friends think are secure passwords. Among them being obscure Anime characters.

Re:So... what was the password?

[American+AC+in+Paris]

My only hunch is that the password was something like 'abc123'.

...or perhaps 'ABCNewsAnchorsAreWeenies'...

Re:So... what was the password?

[NanoGator]

"I am VERY curious as to what it was."

I got a chance to see the video. It was just five asterisks.

Re:So... what was the password?

[Anonvmous+Coward]

"I'm guessing he tried 'god'."

No, that only happens in the movies. Here are some other notable characteristics of fictional computers:

- They always use fonts that are at least an inch high

- Windows does not exist, nor does Mac, or anything else we've ever seen

- Computer displays are extremely animated. (They're also very noisy...) Fortunately, they have plenty of hard drive space (even in the early nineties) to play back pre-rendered animations.

- Despite the benefits of using a mouse, using a movie computer requires bursts of constant typing. The space bar and backspace keys are never used.

- Movie computers are not capable of multitasking. All you get is the exact interface you need to advance the plot.

... and so on.

The password was probably: 'password'.

Maybe they pulled his interview

[Jedi+Paramedic]

because he found out the great secret of TV anchors...

...No pants under the desk!

This remind me of similar case in Finland

[jukal]

one guy (I worked with him in same company for some time) broke to a governmental system in Finland in a TV show, don't remember the year, maybe it was around 1985, anyway he was maybe 16 then - just old enough to be prosecuted properly.

His identity was kept secret in the TV show, but a few days after, the TV station was forced by police to reveal the identity of the guy to get him convicted. The incident got a lot of media coverage, because before that many or most had thought press has the right to protect their "sources" and do not need to reveal details about individuals.

Anyway, maybe in this Lamo case, it is more about "agitating someone to do a crime", the court might see for example that part of the motivation for breaking in some system could be the fact that he would get press coverage and fame because of it - and NBC would be to blame for agitating.... or something totally different :)

Obligitory Space Balls Reference

[JohnDenver]

NBC Executive: What a coicidence! That's the exact code I use on my matched luggage!

What's the world coming to when life immitates parodies immitating life?

Maybe he's just a Geek

[gelfling]

I mean this is television. Maybe they took one look at him and found out he was not the buff trim hunky reality TV piece of meat that gets on TV nowadays. Maybe he has Tourette's, who knows. Why would you want to watch his interview.

Lamo: "Uh I haXord their shit in about 5 minutes it was Leet! they left a service password called PASSWORD on this gateway node and once I was there I forged an IP address or two...."

Brokaw: "ZZZZZZZZZZZZZZZZZzzzzzzzzzzzzzzzzzzzz........"

Yeah, it is funny.

[FallLine]

It's ok to publicize the flaws of airport security, how easy it is to build a bomb, and numerous other cases where some psycho can be encouraged to kill hundreds of people. They do so nominally under the justification that exposing the flaws helps society (as if government can and will simply just put a stopper in the hole). However, when it comes to exposing the flaws in their own computer network they get philosophical all of the sudden. Funny how that works.

Lamo is my hero

[zaren]

He got into Worldcom's systems while I was working there, and it threw the entire company for a loop - out of the blue, passwords were expired en mass on various portions of the network, and a weak VPN software package was crammed down the throats of the Windows users. Thousands of people had to get it installed, and ALL of the registration and training and configurations had to be handled through a VERY small pipe. That was an interesting time... good thing I wasn't one of the people that had to rely on the VPN software to do my job.

Behind the scenes

[Ilan+Volow]

Teenage intruder: See? I run nmap 234.34.53.5 and I get a list of all the ports that are open on their machine. I can then do some other stuff with libpcap...

Brokaw: Wardrobe!....dammit, get this kid a large sleek trenchcoat, combat boots, and a pair of those $300 designer sunglasses. They're expecting neo, not urkel. Audio!...cue that "techno" music they listen to. (to "hacker")Okay, kid, your motivation is to disrupt The System, bring down The Corporate Machine that runs the government, and then make it with Carrie Ann Moss in a hovercraft.

Teenage intruder: But I just thought I would show you how I learned about this network vulnerability in my quest for knowl....

Brokaw: (to cameraman) Start rolling in five, four, three, two...

teleprompter

[Bowling+Moses]

It would have been great if he would have gotten into the NBC Nightly News teleprompter and put at the end of Tom Brokaw's lines "...and in other news, while visiting a low-income daycare center Dick Cheney bit the head off an infant. Additionally, I am a turnip, vroom vroom."

I bet he'd say it.

Okay...

[Orne]

So, maybe he doesn't get his exposé on NBC about cracking NBC's networks...

But I'll bet that ABC would be happy do do a report on cracking NBC's networks...

Where are you, Mr. Jennings...

Re:As an ex-genius, I can tell you (all facts)

[alienmole]

Easy:

The entire premise of "secure Mac OS" web servers is based on two factors:

1. Reduced functionality tends to improve security. Mac OS web servers have extremely limited functionality, therefore are more secure by default.
2. Mac OS web servers are not widely used (a serious understatement, hardly anyone uses them), and are thus not targets for attacks. There was a time when it was quite safe to put an unprotected Windows web server on the Internet, for the same reasons, and we all know how secure they turned out to be.

It would thus be accurate to say "The Mac OS web server may be a good choice if you are clueless, do not know how to administer secure servers, and want to run an OS that is now officially obsolete."

"Based on historical evidence..."

[volpe]

The MacOS running WebStar and other webservers as has never been exploited or defaced, and are are unbreakable based on historical evidence.


Based on historical evidence, my backyard shed is burglar-proof.