Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adrian Lamo Charged With Hacking

Posted by CowboyNeal on from the high-profile-hacking dept.

retro128 writes "Drifting around the US from state-to-state, Adrian Lamo has been making news for some time with his 'White Hat' hacking exploits. His highest-profile hacking has included Excite@Home and Yahoo. After he would break into a network, he would call up those in charge of it and help them fix the holes. So far, it has earned him praise from the administrators of those systems, but now SecurityFocus is carrying the story that the FBI has filed charges against him, and currently has his parents' house staked out. The records are sealed, so nobody knows who is responsible, but Lamo suspects the New York Times initiated the investigation when they found out how deep into their system he got."

9 of 527 comments (clear)

  1. Great Excuse by Pave+Low · · Score: 3, Interesting
    So if someone had broken into my house without permission, then told me about it afterwards, am I supposed to feel better about it?

    Maybe I didn't install a deadbolt and an alarm system, but who made this guy the "helper" of my problems?

    There are no white-hat, gray-hats or black-hats. Only criminals and law-abiding citizens.

    --
    SIG:Slashdot: indymedia for nerds.
    1. Re:Great Excuse by hattig · · Score: 5, Interesting

      Agreed. If he wanted to perform white hat hacking, he should have approached the companies involved and asked for a job to test their security. Hell, he'd have earned money that way as well.

      But he did commit a crime - he broke into and entered their systems without permission. Sure, he did it for a good reason in his own head, and wasn't going to be malicious ... but it isn't as if he was doing the internet equivalent of rescuing the baby in a house fire.

    2. Re:Great Excuse by moonbender · · Score: 4, Interesting
      So if someone had broken into my house without permission, then told me about it afterwards, am I supposed to feel better about it?
      That analogy doesn't have a lot of merit. You're a private person, he didn't break into private computers. If a bank has a door to their vault which they don't know of and which is never locked, then yeah, they should be grateful for being told about it. Obviously, there's no bank so stupid, but that just goes to show that banks have a lot more experience dealing with real-world break-ins - another reason why this guy should be acknowledged for his deeds, he's making people aware of problems which they are not experienced in dealing with.
      --
      Switch back to Slashdot's D1 system.
    3. Re:Great Excuse by MrHanky · · Score: 5, Interesting

      An interesting analogy.

      After drinking heavily in a bar, a friend of mine and I bought some slices of pizza at a shop, and went outside to eat. Since we were too drunk to stand up, we sat down on the steps outside another shop, which was closed for the night. That is, it should have been. My friend was leaning his back on the door, which was open. He fell right in.

      Now, the right thing to do, according to you, would be to go away, minding his own business. And what the hell was he doing, trespassing on the steps outside the shop and all. If this was in Texas, he would be rightfully shot. However, my friend, being both an imbecile and a crook with neither morals, nor respect for private property, went inside to look for a telephone and hopefully the phone number to the owner (we were both too tired to do any serious looting). And so the owner was noticed and the door was closed, and my friend got a serious hangover.

      The moral of this story is: if you drink, you get a hangover, so alchohol is bad, 'mkay?

  2. Re:hacking...a service by globalar · · Score: 3, Interesting

    From the article:
    "'I hope there will be a time when Adrian can do positive things that everyone agrees are positive,'"

    This service analogy, or the positive light of the grey hacker's actions, does have some weight, as the hacker can inform the admins about the specific flaws of their system security.

    But then again, any service should be prompted or invited. And a larger problem is this isn't just washing windows, these are problem areas, flaws, and security flaws at that. These might even give access to a company's dirty laundry. So not only is this service uninvited and not approved, it gives access to private company resources and information, and uses the security holes to get in.

    Yes, I assume if security is the only dimension that your job entails, then this is all worth it. But to most people in charge, and arguably the general populace at large, this is an intrusion by illegal means.

    I personally value my private virtual space. If you get on my computer and get into my root account, it's an intrusion. Yeah, I will listen to how you did it, but for your troubles you'll never use my computer again.

  3. Um, what?? by GrouchoMarx · · Score: 5, Interesting

    OK, white hat cracking someone is still cracking their system, no matter how benevolent the intent. But this part just makes my blood boil:

    French did not know what the specific allegations were, because the charging document is sealed.

    Especially in light of this part of another article that people need to spend more time reading:

    In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assistance of counsel for his defense.

    Excuse me, what part of cracking the NY Times is a threat to national security? Why are so many court documents sealed these days? There is NO legitimate reason for securing this sort of charge. Even if the prosecutors were to go as far as claiming he were a terrorist, there's still no nuclear weapons secrets (which we all know by now anyway, despite being classified) in the NY Times payroll database.

    He should use that in his defense; because the case was sealed, it's unconstitutional and therefore he can't be found guilty.

    I don't support this sort of vigilante white hat hacking, but I oppose ignoring the constitution even more.

    --

    --GrouchoMarx
    Card-carrying member of the EFF, FSF, and ACLU. Are you?

  4. Re:Fit? Stops. R by krymsin01 · · Score: 4, Interesting

    I'm sorry, but I think your analogy is unsound. A true white hat hacker doesn't drink the beer, try on the underpants, eat the pizza. More like someone you would drive by with your trunk door open, and they tell you that it's open so that all your stuff, which might be your private underclothes, doesn't end up in the middle of the road for everyone to see.

    People often make the assumption that morality dictates law. This is simply not true. In other words, if someone breaks into your system and tells you about it and helps you fix the holes instead of using your system for their own personal gain, then he's done you a favor by doing your job for you and saving your employers money if someone ever did exploit you maliciously.

    --
    stuff
  5. Re:Fit? Stops. R by zootread · · Score: 3, Interesting

    I agree that the analogy does not work. I think a better analogy is:

    You happen to figure out the combination for the lock of my safe. You open it up, look at all the nudie photos of my girlfriends (and maybe watch one of the videos). So then you tell me you figured out the combination to my safe and opened it. I know what you've seen.

    So say a someone breaks in but doesn't appear to do anything malicious. How do you know he didn't look at anything? How do you know he didn't read everyones personal mail, or log any credit card numbers or passwords? You don't. Sure, a true white hat should not be doing these things, but do you really trust someone to be a true white hat?

    When I was a teenager, I used to gain unauthorized access to systems for fun, but never did anything malicious. I was a bit of a white hat, and got rid of other people who had cracked the systems. However, I was keenly aware of the fact that I could be arrested and charged heavilly for what I was doing. If you do something illegal, you can be charged for it. Sometimes the law isn't right, but I'm finding it hard to side on Adrian Lamo's case here.

    I would love to go around cracking systems for fun and telling the admins how to fix the problems without having to worry about getting arrested. But this is simply not the case.

    --
    Zoot!
  6. Re:Fit? Stops. R by zootread · · Score: 3, Interesting

    I'd also like to add, I don't think the term "white hat" can apply to people who illegally break into systems. A white hat would be someone who sets up his own systems and tests security on them, or has permission to work on a system. He would announce vulnerabilities when he finds them, usually contacting the author of the vulnerable software first. He's the true "good guy" who has done nothing wrong.

    There's another term for someone who breaks into systems illegally, but does not do anything malicious, who may or may not do anything to help fix the problems. I believe they are called "grey hats." Hence the grey area here.

    Of course the black hats are the true criminals, who are doing other illegal activities besides the break-in (stealing credit card numbers, desctruction/defacing of the systems, etc).

    --
    Zoot!