Slashdot Mirror
Adrian Lamo Charged With Hacking
retro128 writes "Drifting around the US from state-to-state, Adrian Lamo has been making news for some time with his 'White Hat' hacking exploits. His highest-profile hacking has included Excite@Home and Yahoo. After he would break into a network, he would call up those in charge of it and help them fix the holes. So far, it has earned him praise from the administrators of those systems, but now SecurityFocus is carrying the story that the FBI has filed charges against him, and currently has his parents' house staked out. The records are sealed, so nobody knows who is responsible, but Lamo suspects the New York Times initiated the investigation when they found out how deep into their system he got."
Adrian : Rule #1 : If you seek credible, first hack your own personal details to requisition a new surname.
Maybe the real problem that the New York Times has with Lamo is that he was able to read stories without having to register for a free account. (Hell, that stupid registration requirement make me want to hack them too.)
Who needs more greyhats running around testing security without so much as permission?
Maybe I didn't install a deadbolt and an alarm system, but who made this guy the "helper" of my problems?
There are no white-hat, gray-hats or black-hats. Only criminals and law-abiding citizens.
SIG:Slashdot: indymedia for nerds.
He was violating the law. He did not have prior authorization when he hacked into these systems. While some companies may have been happy to be warned of the vulnerabilities they had, and were glad to have them fixed, what he did was still illegal. He should deserve to be arrested, but given his motives will hopefully be given some leniency when it comes to sentencing.
A slip of the foot you may soon recover, but a slip of the tongue you may never get over. -Benjamin Franklin
Here's a link to The Screen Savers (on Tech TV) that has some information about what Adrian had to say when he called in live to speak with Leo.
-- Never monkey with another Monkey's monkey
Well, zero tolerance. The thing here is that to an awful lot of people, and especially those who make the laws, hacking is hacking is hacking, who cares what someone says they were doing it for.
I can realy understand how someone could consider that they're doing a service for admins and all of that, but the point is that you are still breaking into a system and then turning around and saying, "hey, this is a security hole, you should fix it" is kind of like G. Guido coming down to your house, breaking in through a window with a golf-club and then saying, "Hey, I can break into your house, better listen to me or I'll do it again."
I'm sure that Adrian has some noble goals, but fundamentally when a company decides that they don't like people creeping into their system and then presses charages against those who do, it's their right to feel that their security was violated. Good luck to him really, but there are other ways you can help people protect their network security than by breaking into them.
Heheh... when the agents wanted to come into her home, she told them to get stuffed and come back with a warrant...
That's love, folks.
It would be ironic if this was set up by the NYtimes. I thought investigative/secret camera/sting operation reporting was supposed to be agressive journalism... couldn't his "hack" be considered the same sort of thing? "Unsporting" doesn't begin to describe it, particularly if he was up-front and honest about helping them out. If the NYtimes can investigate, blow the whistle on others, and embarass them into action, I'd say the same card can be played against the Times. "Sour Grapes" anyone?
Yes, he was likely technically in the wrong, no doubt about it, particularly if you adhere to the letter of the rule, rather than the spirit of the rule... even so, this seems a bit heavy-handed.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
If he's going to hack websites, even with the best intentions he's still breaking the law. It seems it would be better for him to work at a security firm (or open his own) and at least get paid for all his troubles. Then he'll be rich and he'll be praised for basically doing the same thing.
I am not sure what he did at the New York Times can even be considered hacking.
So far as I can tell he set his web proxy to the address of the company infranet, surfed around that, downloaded some documents and used the information contained in these to get some more.
Whilst I don't approve of hacking per-se, I'd have to say that here, this is very little more than exposing a badly designed web site.
Imagine that you go to you Gas company's online web site, look at the URL and see your account number in it. You think to yourself, I wonder what would happen if I changed one of the digits. You do and lo and behold up pops all the information to another customer.
Now you can go for your 15 minutes of fame and ring up SecurityFocus or you can have a quiet word with the Webmaster of the Gas company - either way, you are not a hacker.
He must have been living under a very large big rock for a long time, if he thought this kind of behaviour has ever been accepted by the authorities and most sysadmins.
And by the way, hacking systems without permission have never been white-hat. At best, I would call it grey-hat, although black-hat is certainly also fitting.
If we start judging people on intentions instead of what they do, I think most people will start complaining. "No, I was only trying to help the sysadmin, so I haven't done anything illegal", is about as stupid as "You thought about stealing that car, so you should go to jail for that".
Slashdot's first reaction to VMware
that he knew he did not have permission to access, by his own admission.
Any way you slice it, that breaks the letter of the law.
If you want to test the secrurity of my network without getting charged if you break in, then I suggest you obtain myh persmission to do so in the first place.
Analogy: You find a guy walked in your front door cause it was open, snooped around your house, your bedroom, your closet... then told you "You shouldn't leave that box of money in your closet, and you should leave your door locked".
Is he guilty of trespass / unlawful entry? Damn straight. Would you feel violated? Damn straight.
If you break into someone's house, telling him after the fact how yo got in does not automatically pardon you from the crime...
Had Adrian simply notified the New York Times in a timely manner about the open proxy servers, he would have been fine and probably accomplished his mission.
Instead, he took his time cracking the system, widening the holes so to speak, and then went to a reporter(!), of all people.
There is nothing inherently wrong with his desire to improve security. There is nothing wrong with him looking around the public spaces on the internet for chinks. What was wrong was that he failed to tell the people maintaining the chinks directly about them, widened them until he got at valuable data, didn't tell the affected people about the data he had received, but then went to a third party and told them about the wanging big hole he had made. I'm sure he views himself as a knight in shining armor, but in this matter he behaved like a publicity-seeking self-promoter.
Yes, shame on the NYT for misconfiguring their systems, but even more shame on Adrian for doing something so illegal and counterproductive.
It does not matter if a person thinks he's a good guy, he still does not have carte blanche to do whatever he wishes.
from the techtv site...
"Lamo hacked into the website of The New York Times in February 2002 and took the Social Security numbers of several people. He then added his name to the list of contributors to The New York Times and notified the paper of what he'd done."
kind of like this....
middle-aged man #1 (Lamo) - "hey, i screwed your 16 year old daughter. i took her virginity, but i have to tell you she wasn't very good."
Lamo expected this...
middle-aged man #2 (NYT) - "oh hey thanks! i'll get her some literature and make sure she's up to speed!"
But instead he got punched in the face and sent (pending) to jail.
do you really think he had the "good" in mind? "i'll just take a few socials cuz thats harmless." what a putz.
From the article:
"'I hope there will be a time when Adrian can do positive things that everyone agrees are positive,'"
This service analogy, or the positive light of the grey hacker's actions, does have some weight, as the hacker can inform the admins about the specific flaws of their system security.
But then again, any service should be prompted or invited. And a larger problem is this isn't just washing windows, these are problem areas, flaws, and security flaws at that. These might even give access to a company's dirty laundry. So not only is this service uninvited and not approved, it gives access to private company resources and information, and uses the security holes to get in.
Yes, I assume if security is the only dimension that your job entails, then this is all worth it. But to most people in charge, and arguably the general populace at large, this is an intrusion by illegal means.
I personally value my private virtual space. If you get on my computer and get into my root account, it's an intrusion. Yeah, I will listen to how you did it, but for your troubles you'll never use my computer again.
What if I just leave a signed note on the inside of your car that says "follow these three easy steps, and then no one else will be able to break into your car again"? Do you say "hey, thanks, buddy!", or "hey, someone broke into my car!"...
pb Reply or e-mail; don't vaguely moderate.
OK, white hat cracking someone is still cracking their system, no matter how benevolent the intent. But this part just makes my blood boil:
French did not know what the specific allegations were, because the charging document is sealed.
Especially in light of this part of another article that people need to spend more time reading:
In all criminal prosecutions, the accused shall enjoy the right to a speedy and public trial, by an impartial jury of the State and district wherein the crime shall have been committed, which district shall have been previously ascertained by law, and to be informed of the nature and cause of the accusation; to be confronted with the witnesses against him; to have compulsory process for obtaining witnesses in his favor, and to have the assistance of counsel for his defense.
Excuse me, what part of cracking the NY Times is a threat to national security? Why are so many court documents sealed these days? There is NO legitimate reason for securing this sort of charge. Even if the prosecutors were to go as far as claiming he were a terrorist, there's still no nuclear weapons secrets (which we all know by now anyway, despite being classified) in the NY Times payroll database.
He should use that in his defense; because the case was sealed, it's unconstitutional and therefore he can't be found guilty.
I don't support this sort of vigilante white hat hacking, but I oppose ignoring the constitution even more.
--GrouchoMarx
Card-carrying member of the EFF, FSF, and ACLU. Are you?
If he was hired to test security it would be a different matter. But he allegedly broke into those systems without permission. That puts him in violation of Cybercrime laws.
I feel sorry for him, because he did allegedly report the weaknesses to the admins and he could have just read the data and not told anyone and used the information for his on purposes. So his intentions were good, to plug security holes by finding them and telling the admins about it. But he is doing it the wrong way, without permission.
He may want to think about pleading guilty and making a deal to get reduced charges. This will make him famous and when he gets out of jail and ends probation, he can become a security consultant. Otherwise they may try to make an example out of him and charge him with a full pentalty and any other charges they can think of.
But then the places he broke into didn't use good security practices and didn't apply the latest updates. Personally, I wouldn't put a machine on the Internet that contains sensitive data on it that only my company should have access to like contact information, credit card numbers, etc.
Remember, Slashdot does not have a -1 disagree moderation, and no, troll, flamebait, and overrated are not substitutes.
"but Lamo suspects the New York Times initiated the investigation when they found out how deep into their system he got.""
Ah. This will lead to the perfect explanation of the Jayson Blair problem and other NYT prattfalls:
"It wasn't us. Lamo hacked our personnel files to make sure Blair was hired and employed. He also altered our articles so they were not longer factually pristine."
Don't blame Durga. I voted for Centauri.
I know what many of you are thinking. Why not tell these companies BEFORE you break in?
Because IT'S NOT FUN, that's why. Or perhaps more accurately, it's not stimulating.
Hacking these sites takes time, and the payoff is getting inside and saying, "WOO-HOO! I DID IT!" The fact that he does nothing malicious afterwards and even calls and helps the sysadmins unfuck their systems is a testament to his character.
For those who would compare his antics to breaking into your home, but not stealing anything, it's a poor analogy. Why? Because your house is your personal meatspace. And if he went inside, he would see many things personal to you, such as family pictures, your kid's toys, or if he was REALLY unlucky, your fat, naked ass sitting in a Lazy Boy with a bowl of chips balanced on your ponderous belly, flipping through the channels.
"Uhhh... hey dude. Your lock is vulnerable."
See? Just not the same.
Getting past a computer's defenses is not the same as physically entering a home or bank vault, though I would find the latter far less intrusive than home invasion, especially if he never even touched the money.
Now, if he LOOKED at personal/confidential files once inside, that is a different story. But beating a system's defenses, with the only ambition of proving you can do it, then calling the responsible party and helping them fix the security flaw SHOULD NOT be punished.
Misdemeanor, at most.
It doesn't matter what he could have done while inside, it matters what he did, or more specifically did not do while inside the system.
"That bastard! He saw my FILE NAMING SCHEME!"
Yeah, he should fry for that...
Knunov
Why do users with IDs under 100,000 or over 700,000 usually have the most worthwhile comments?
So he's a gray hat hacker who has fallen into shadow. Will he come back as a white hat hacker, more powerful than before?
Everyone enjoys comparing hacking to breaking into someone's house or trespassing on private property. It is not. You cannot be 'inside' someone else's server. (It is doubly impossible given the girth of most hackers.) The physical definitions fall apart. And the metaphorical analogies do not mesh physical property and Turing machines so well.
We can begin with what we do know for sure about hacking. A hacking incident is when someone sends packets of information (in some form and by some medium) from a computer or computers to someone else's computer or computers. Which packets are illegal and which are not? Any exact definition raises problems. You can say that any packets that change the functioning of the target system in an unintended way is hacking. So the ignorance of the owner becomes the limit of what is or is not hacking. Faking an email address on a badly designed sign up page (or using mailinator) might be hacking under that definition. Other definitions are similarly problematic. Currently our legal system tends to default (once it actually gets to jury trial) to the above definition, but (in effect) adds that the act must be highly technical and use specialized tools. (Other definitions exist, and I am of course willing to bust holes in any particular one you care to suggest--so go ahead and suggest them.)
But there is such a thing as computer hacking. Everyone knows that. Even if we cannot have an exact legal definition, we know that some things are clearly computer hacking. What is the best way of creating law (which is now inexact) to deal with this behavior? I would suggest making the motive of the hacker one of the main considerations of law. It is always hard to for legal systems to judge guilt based on motive--and they should not if they can avoid it--but in this case, they must either judge the motive of the victim or the perpetrator. If the motive is vandalism or theft, then the act should be punished. Adrian Lamo's motive appears to have been an act that should not have been punished--though it is highly important to state that we do not yet know the facts.
you
Come on. This guy has been breaking computer laws for years. Entering a system without prior authorization is against the law, period. Two things amuse me about Adrian Lamo: 1) He has never demonstrated significant or diverse knowledge of computer networks. The methods he uses to enter systems are trivial and repetitive. His ego is the only thing that can't be replaced by a simple script. 2) He brags about not accepting or extorting money. It's just as sickening that Adrian Lamo is all about fame. As the article points out "In February, 2002, Lamo told the Times of their vulnerability through a SecurityFocus reporter." As usual, Mr. Lamo talks to the cameras before talking to his victims. This is how this guy gets paid: national press coverage. To any security professional, this guy is a complete joke. Let him slide back into obscurity.
Here in the US we do not tolerate these activities. He knows too much which makes him a potential terrorist. Using his skills without a license, without the authorization of the government, without legal protection, will land his ass in prison.
Drago - you are a fool. If you are hacking people's systems without their permission, YOU ARE BREAKING THE LAW. PERIOD. END OF STORY. If people were allowed to say "Well, I was doing it so I could help their security", then you would have all sorts of Blackhats hacking systems, and then claiming, "I was going to help, but you arrested me first." No.
Look, there are ways to do security checks like this, without the security teams knowing that you are doing it. Get permission, make sure that no one is tipped off, and then test the systems.
If there is one thing I can't stand it is people doing illegal actions and then claiming they are doing it for the greater good. This type of action cannot be condoned. Sure, you might be doing help, but you also might not.
It is human nature to take shortcuts in thinking.
and that's ethical vs not, whether it's hacking, or journalism.
Journalists are supposed to operate by an ethical code, and the vast majority do so. Journalistic ethics would say that you cannot break the law in order to get a story... though that's not say it hasn't been done. Check out this link. It would seem that ethical standards in journalism are quite flexible, and that there is no set rulebook. Instead, as in ethical dilemmas in many disciplines, one must weigh competing evils. The evil of impersonating someone, or operating under a false identity, veruse letting a politician go on with corrupt, harmful actions... which weighs more, and who decides?
By the same token, one might make the same argument for Adrian's actions. He intended no harm (as an investigative reporter might intend no harm in impersonating someone else to get a story), so the Mens Rea AKA "guilty mind" did not exist. Reporters often argue, when investigating and digging into the lives of public figures and officials, that those officials have less of an expectation of privacy than regular citizens... and to some extent they're right. Yet, how does the watchdog presume to waive the privacy of others in the pursuit of a story, while immediately running to the FBI? The media also argue that they have the right to dig, based on the fact that they are defending the public's "right to know." (how many times have we heard that?) The media assumes that power as society's watchdog... but who's watching them? Apparently, Adrian was, and they are NOT happy about it.
It's doubly ironic that an organization dedicated to exposing the truth (ostensibly in a transparent, above-board, and for-the-greater-good fashion), is getting their panties in a bunch over someone showing them some truth in a like manner. Apparently the old grey lady doesn't have a problem airing the dirty laundry of others, but is awfully sensitive about her own problems... and from an ethical standpoint, Adrian's actions are probably arguable either way.
I'm sorry, but I find this whole thing incredibly funny.
Even if a man chops off your hand with a sword, you still have two nice, sharp bones to stick in his eyes.
I understand most of the arguments against what Lamo did, but there are a few points I want to get off my chest:
1. To all those saying, 'Its like he broke in your house': No it isn't. The machines were connected to the internet, which is a public medium. A house is a physically closed space where courts have rules one can have an expectation of privacy. Nobody can claim that the internet should provide an expectation of privacy - by its very nature of using shared resources it flies in the face of such an argument.
2. I don't know how it needs to be done, but truthfully do you (the collective Slashdot you) trust companies to secure their networks, perform audits and be upfront and honest about their failures? If I were a NYT partner I would be furious that my information may have been publicly accessible, yet I would never have known about its vulnerability without Lamo. How many companies have been hacked, had credit card or other info stolen, and just not said anything about it? When Acxiom was hacked, personal information on individuals was stolen over 8 months before they "discovered" the hack - and the hack was found by Hamilton County, Ohio Prosecutor's office when investigating another case that had come forward. What are the chances that Acxiom KNEW they had been hacked, compromised personal information, and said nothing? I am guessing with the current climate of corporate ethics, a pretty high chance exists that a lot of information is being disseminated by people who stole it and consumers have no idea because the company in question is sweeping it under the rug.
Hacking into someone else's system is bad. Nobody can disagree there, but the bottom line is a tradeoff of negative impacts - for what Lamo did I see a lot fewer negative consequences than today's corporate irresponsibility with personal information and computer security.
I say, "Why did you have to break into my car to write me a note?"
"Sufferin' succotash."
So you maintain physical lines for people to send packets of information to your server, without requiring any specific agreement from them before use. You have no contract they must first agree to, and no posted rules that they must first read before sending packets to your computer. Someone uses one of those physical lines to send information to your server. Your server sends information back to him that is not acceptable to you. After the fact, you feel that the information he sent went against some permission that you never explictly stated. Therefore you wish him punished as a tresspasser?
I would really like to see a slashdot interview with this guy.
A Multiplayer Strategy Game for Mac OS X, Windows, and Linux
I personally am of two minds about this whole thing. I understand that if he really was meaning to be honest and helpful with his exploit of their shoddy system, that he was doing a good thing in helping them correct it. Better someone who would be nice about it than someone who would not tell. but, at the same time, regardless of the intent, he did do something illegal. And regardless of your intention afterwards, it was a violation to their system and property to do so in the first place. So, in all fairness to his intentions, he should be prosecuted after due process. **What IS wrong, however, is that he has not been allowed to see the charges against him. He has said that as soon as he sees the charges against him, as is his Constitutional right, that he will turn himself in, so long as those charges are reasonable. Remember that Kevin Mitnick reportedly had inflated wild charges brought against him in a hacker hysteria and had reportedly had a lot of his rights violated in captivity. If I were him and pending jail time, I would be very nervous in light of this and other previous cracker captures.
Consider this:
You see an open door at your neighbors house. You know the guy is on vacation.
Do you call the cops? Probably not, you just go over and check out the place for him. Most of the time the door was not securely latched, or the kids watering the plants forgot to close it.
But what if you discover that the place has been trashed and stuff presumably stolen. I would call the cops, and my neighbor. Would they be suspicious of me? Yes probably at first, but in the long run they'll more likely be grateful.
Obvisously, there are good reason for laws, tresspassing is one of the fundemental laws throughout history. But, I'm willing to give up a little privacy if and when someone goes out of their way to HELP me protect my property. I'd much rather a neighbor walk through my house in my absence if they think something is wrong.
I also happen to own a tiny hosting company, and I would definately rather have a white hat let me in on specific exploits my system is vulnerable to rather than leave it alone and let the script kiddies do their thing, if I have screwed up.
Unfortunately for Mr. Lamo a law is a law, and with the overzealous (at least on high profile cases) FBI on the case, they'll probably try to make him into another Mitnick.
It is a sad world, everywhere we go policies, principles, and even laws try to dissuade people from working together and co-operating. Capitalism, democracy are great in principle, and can be in practice, but even the best ideals can be bastardized by people in power.
Free software is said to be communism by its critics, sharing code in a CS course is bound to get you expelled, make a backup copy of a CD and face the rather of the RIAA, the world will probably end if the same DVD Can be played in europe, japan and the USA.
This is in my opinion another example of moral decay. We have all these rules and laws that do not promote morals, but rather promote some arbitrary standard of "rightness".
It is the principles of openess, and co-operation that have drawn me to Linux, and free speech software. I'm trying to raise my children right, to teach them to help others for the sake of helping. When something needs to be done, if you can do it, do it. I try to instill them with team values, that together they can accomplish more than they can by themselves.
Its just ashame that the way things are going I'll likely end up looking like a bad parent...
The NYT is one of the most hypocritical organizations today. They sue to get 9/11 tapes of people dieing - all in the name of "openess" and "public information", yet they have a network connected to the public network - which is open and transparent through their own doing - and thats bad/illegal? PLEASE - The NYT's proxy servers were so misconfigured that it was akin to them posting information in the window of the downtown offices and then getting pissed if people read what they posted.
You can bet your rear quarters that if our hacker had been a reporter on a story for the NYT that they would be vigorously defending his actions. Like most large corporate entities the NYT has no moral basis for anything it does, in the end it's about money, not honesty, truth or enlightenment. It sure as hell isn't about the times mission statement which is "The Company's core purpose is to enhance society by creating, collecting and distributing high-quality news, information and entertainment."
Perhaps our hacker should have "enhanced society" by distrubiting the inromation he found to the world. It would have been high quality news to see how one of the most influtential papers is really run.
"Science is about ego as much as it is about discovery and truth " - I said it, so sue me.
They were worried he knew just how much of their news was faked.
----- LoboSoft specializes in Digital Language Lab
As far as I know, John Ashcroft has not yet been able to completely eliminate the distinction between these two distict components of the administration of justice.
Most of the arguments that I've seen here are the sort that Mr. Lamo can make in court. If the court finds that his actions were justified, it has the opportunity to acquit, or to give some other form of discharge.
In my neighbourhood, I would like the police to arrest people they find in jewellery stores late at night, or in my home while I'm on vacation, or on my computer without permission. If the prosecutor or the judge decides that no charge should be made, or that the charge should be dropped, fine.
While I feel some sympathy for this self-appointed security checker, I can't immediately fault the police. Especially without access to the facts of the case, which will be exposed in the judicial process.
One might argue that Mr. Lamo is being punished by having to go to court. I think not. He must have been well aware that his actions were provocative and that this was a likely outcome. Now he will have the opportunity to justify his actions.
If you leave your front door open and I take a look inside your house, what crime have I committed? At most, I am told, trespass. If you left the keys under the mat and I opened the door, it's breaking and entering.
Similarly, if I take your car with the clearly stated intention to return it when I am done (e.g. if I desperately needed to drive someone to the hospital), I haven't stolen it, I've borrowed it -- with or without your permission.
Theft, burglary, etc. are crimes defined in part by the intention of the alleged perpetrator and the damages suffered by the alleged victim.
OTOH we live in a world where one of the first "terrorist" groups targeted by the government after 9/11 were Environmental Activists who destroy machinery but have been careful never to hurt anyone.
But I'm no lawyer.
Well, the big reason he was taking his sweet time was that the federal prosecutor sealed the charges. When you see sealed charges today, you know that's the thing that goes hand-in-hand with being disappeared and threatened with charges of terrorism if you don't plead guilty.
Sorry, but I don't think I'd do anything different in those circumstances.
"You're never ready, just less unprepared."
"without requiring any specific agreement from them before use"
This is just another example of why our world is going to shit. Too many retarded people that think I have to make you sign something before you can't damage something I own.
Didn't sign an agreement that you can't egg my house on holloween? Guess you can then huh? What are you, stupid?
Our society has become so braindead that unless you tell someone specifically not to do some specific act, they assume they can regardless of the fact general laws exist.
Property laws exist that say you can't damage other people's property. Why? Because common decency has gone out the windows thanks to an abundance of retards that have engulfed our society.
"Therefore you wish him punished as a tresspasser?"
Listen, idiot. You don't need to sign an agreement that you won't damage my property before you're not allowed to.
Unf-in believable. Do the Slashdot community a favor. Pack up your computer and send it back to HP where you got it from.
Ben
Work Safe Porn
It seems pretty obvious to me that hackers doing this sort of thing are simply trying to draw as much attention to themselves as possible, in order to boost their ego and enhance their career options.
Not at all like, say, teen athletes, who play sports for the sheer fun of it.
Besides, if he was so confident his activities were legal and ok, why is he running around from state to state, in hiding?
Well, according to the article, he's in California working on a documentary. Not exactly the kind of thing you'd do if you were "in hiding".
If he felt he had a strong case in his favor, you'd think he'd just turn himself in to the FBI right away, so he could show their folly in court and walk away righteous.
This just tells me he's not an idiot. Talking to a lawyer before the cops is good sense, and perfectly legal. Nothing in the law requires him to turn himself in, so he can take his own sweet time and make sure his rights are protected.
You got some kinda grudge against this guy, or did you just not read the article?
King TJ, you should read a bit on Mr. Lamo before you go casting stones.
1. He has repeatidly turned down anything from the companies he's helped.
2. He has always agreed to sign whatever NDA's are required of him. 3. That hardly fits the profile of somone trying to "bolster" his profile.
4. He has done this for *years*.
5. He has (A far back as I can remember hearing him speak) been aware that one day someone would not take too highly of his efforts.
6. He's hardly on the run, he's trying to get in touch with his Lawyer to setup the details of turning himself in.
7. He has NEVER released (as far as I can remember) the exact details of ANY of his corporate hacks.
Want proof? Go seach SecurityFocus, he hangs out on BugTraq and a few of the other lists. For heavens sakes man, quit trolling without at least reading about the guy.
Bugs Bunny was right.
Why bother when others have done all the the hard work for you?
Yeah, right.