Slashdot Mirror
Adrian Lamo Surrenders
clafarge writes "Three days after
Adrian Lamo was charged with hacking, he surrendered himself to marshals at the federal courthouse in Sacramento. This according to a story on the AP's LiveWire. He's accused of causing 'more than $25K damage to New York Times Co.,' and performing LexisNexis searches on his own name to the tune of $300K! I always find it interesting that so little tinkering can cause so much 'damage' (if you didn't get that wink, read the article about the nature of the 'damage'). He's in his parents' custody on $250K bail."
webmaven
adds links to the same AP article carried by Wired, InfoWorld, and C|Net, and points out that more coverage can be found via Google News.
He writes: "Adrian negotiated the terms of his surrender, which included the charges in the warrant issued against him being disclosed."
How good are the ones who keep their mouths shut and just steal shit?
This
I must have missed something. What the hell is that webmaven link for in the article?!
more than $25K damage to New York Times Co.,' and performing LexisNexis searches on
his own name to the tune of $300K! I always find it interesting that so little tinkering
can cause so much 'damage' (if you didn't get that wink, read the article about the
nature of the 'damage').
No I don't get the 'wink'.
These damage figures really don't seem very unreasonable, especially given what Kevin
Mitnick was accused of. It's pretty easy to rack up $25,000 in damage (i.e. in the
cost of the people of had to evaluate and repair his intrusion into the network). As for
the LexisNexis searches that cost is probably easy to calculate because they charge for
use of the service and he probably used $300,000 worth of the service without paying for it.
If he'd been accussed of millions of dollars of damage for these intrusions then I might be concerned
that the prosecutor was going overboard, but this seems pretty sane to me.
John.
Here's a few extra (useful) links: free lamo - adrian support site [run by kevin mitnick's girlfriend], the screen savers - shot video of adrian moments before his surrender, trigger street - running a documentary on hackers, currently they're following adrian's story..
"Adrian negotiated the terms of his surrender, which included the charges in the warrant issued against him being disclosed."
:-)
You have to negotiate for this now? So if they never tell him what he's charged with, can he get a reduced punishment?
If someone hacks a site, and it goes down for a day. That business loses thousands or hundreds of thousands of dollars, plus a hit to their reputation. That IS damage, and should be punished.
But I think they're being a little loose with the word damage here. Lost revenue cannot be revenue that you didn't get, that you never would have gotten.
Slashdot Syndrome: the sudden, extreme urge to correct someone in order to validate one's self.
Start printing stickers that say "Adrian" which you can apply over the word "Kevin"..
Trolling is a art,
What would you want to bet that Lexis/Nexis just winks and nods at their huge customer, The New York Times, Inc., and waives much of the actual charges that resulted from automated searches on Adrian Lamo. At their prices, there is probably still over $25K worth of manual labor involved... Lexis/Nexis is a premier service with some amazingly in-depth methods.
Plus, the scouring job that's required by NYT's IT department to ensure there aren't any new "easter eggs" in their system will go into significant coin too. I don't agree with the preposterous insurance-claim oriented figures that go into these 'cracking' news stories, but you can't just trust a superficial system cleanup after being cracked.
[
Such Hackers sould be acknoledged for finding security holes, posting them publicly, and in effect making the community more secure. In reality, they are prosecuted by government agencies and the institutional world... what a treuturus world.
Why was this a negotiating point and not automatic? Last time I checked, there were rights to know your accuser and the right to a speedy and public trial.
The New York Times is a fucking plagiarist rag. Just another example of those who need to litigate to shine the light away from their business going to the crapper.
Laws are for people with no friends.
read the article about the nature of the 'damage'
What article? How about a link?
Gawd.
Who cares about some Lamo. I'm sick of asshole kids and this uber-l337 hax0r crap. Stay out of other peoples computers, just like you stay off their property and out of their homes.
Who cares if he caused $X amount of actual damage? There's such a thing as punitive damages. If you smash up my car, I can get the value of the damage plus some, just to punish you for being a stupid dickhead.
AT LEAST WATCH AN EPISODE OF FUCKING JUDGE JUDY BEFORE YOU OPEN YOUR YAMMERING IANAL MOUTHS.
Here's hoping Lamo goes to a federal pound-me-in-the-ass prison, and a message is sent to the rest of you uber-hax0rz out there (read script kiddies).
I don't need no instructions to know how to rock!!!!
The man's name is Lamo. Hasn't he suffered enough?
Jail that obviously highly intelligent individual!
.. why jail him? Surely he can contribute in a positive way to society? It sure sounds like he doesn't have any malicious intentions other than prove what every engineer knows - you often need to experience failure before you address a weakness in your design. Better to have failure 'encouraged' by a guy who's willing to help you lock down your network after the fact than some dude who gets in the door and heads straight for client lists, credit info, etc ..
Yes, I'm joking. This kid sounds like a bright fish
"Old man yells at systemd"
Besides, I'm thinking that there was more than 300,000 dollars worth of damage to their reputaion after this.
They need look no further than their own offices to find fault.
Wikileaks, no DNS
Just because you catch me strolling across your yard doesn't mean I should pay for having it fenced.
Well in one of the comments I read the judge said that "This whole business of computer hacking, viruses and so forth is getting very wearisome,". First of all I hate how the word "hacking" is used. second tying the recent M$worms outbreak with Adrians exploits is rediculous. I wonder would if he would get a fair trial if the judge(s) are technically incompetent. I think its time cyber laws get more attention probably a separate division or something. Adrian may or may not have done something wrong. But treating him like a criminal is wrong. His methods may be vigilante type but I don't think he is criminal.
While guest editing BoingBoing's mini-blog, Macki posted his opinion.
"Marlowe" offers up some Timothy Leary on the message boards.
What are we really feeding into here?
Do you want to come home to your house, turn on the lights only to find someone sitting on your sofa waiting to explain to you how insecure your house is because he was easily able to pick the locks? Even if he does no damage to your house and steals nothing is that something you'd like to come home to?
Now imagine word spreads about this type of behaviour with no consequences (jail time). Now you'll come home every week or 2 or 3 times a week to some unauthorized person sitting in your living room? Is this what you want? Its just fine and dandy because the intent is good right? What? Road to hell? What? Paved with good intentions?
Mac OS X and Windows XP working side by side to fight back the night.
... on when nytimes.com gets defaced. How many times did it have "Free Kevin" plastered on it again?
Shut up, Michael Sims.
The fact of the matter is, Adrian did not crack these networks. Most, if not all of them, left gaping holes that amounted to revolving doors at the front end of their networks. His "access device" was a web browser... you know, most likely the same one you are using to read this right now. I think what the real issue comes down to (hold one moment while I find my tinfoil hat) is that in the course of scouring the NY Times intranet, Adrian was able to come across the personal details of some VERY influential people in this country. And that, I'm sure, had to make the Times looks like a bunch of asses. As if the Jason Blair fiasco wasnt enough.
From The Reg:
;^)
Under the terms of his release, Lamo's future wanderings will be confined to the northeastern half of California, and southern New York state, unless he gets prior approval of the court to travel elsewhere.
Hrm. Wandering from NE Cali to south NY w/out going anywhere inbetween would seem about as easy a commute as getting from the West Bank to the Gaza Strip.
Then they tell the fellow he can't use a computer but has to get full-time employment! I imagine anyone savvy enough to Slashdot can see the irony there.
To completely switch gears, did anyone else find it weird that a paper would have SS#'s for people who have written op-ed pieces [for Lamo to find]? I suppose that implies they were *paid* for the pieces, but it still seems a bit strange.
It's all 0s and 1s. Or it's not.
had he only not bragged so much he would've been okay.
Just for once, I'd like to see slashdot not report on some "hacker" who got arrested. It's just not news, and it certainly doesn't matter that another two-bit criminal got picked up.
Sounds like a kid with an inflated ego and a bit of a Robin Hood complex.
I wouldn't feel like thanking someone who broke into my house while I was on vacation, nosed around in my papers, and then told me about my "security problem" when I returned home. Why would I, or any business, reward the same kind of behavior inside someone else's network? Both examples are, at minimum, illegal invasions of another's property.
Businesses that didn't press charges against this guy were negligent and only encourage the phony notion that crime on a network isn't serious.
-- Slashdot: When Public Access TV Says "No"
You get burned. Anyone who breaks the law and flaunts it is going to get caught, regardless of how honorable his intentions. Laws do not only exist to punish "bad guys;" they exist to make society an orderly place, and people who run around hacking others' servers willy-nilly are going to be causing chaos (ie the costs of the IT department figuring out wtf's going on with their network, as someone else mentioned). Awhile back the DoD conducted an authorized hacking of their system (with unpleasant conclusions). That is what needs to happen, because when dealing with gray areas there're shades of black. Remember the "good" anti-Blaster patching worm, and how it shut down systems in Canada because of its overly eager replication? It's foolish to presume that we should trust in the skills of a lone ranger. Get off yer high horse, cowboy.
You failed to snag anyone with this troll. Tsk, tsk.
This is again along the lines of "We dont really want to make sure were secure so we'll just sue/have arrested anyone who finds anything." These are also the same people who loby the gov to pass laws to do this. It's amazing how little people acutally care about how secure their network or computers are and instead care more about huge fines and sentences so they can keep their networks insecure.
None of this has ever made any sense to me. Why is it that leaving a network insecure is fine and dandy but someone comming along and finding out its insecure then entering it a bitter no no then breaking and entering into a house? Didn't we learn long ago to close and lock our doors at night and when we where away? Some of these security holes are equvilant to a wide open window with no screen in it while were on vacation for a month. Yes, its still illegal for someone to enter the house and steal someting but doenst common sense tell us "Hey dummy, close and lock the doors and windows!".
I'm also wondering if they have any case on this. Didn't the NY Times take his help originaly to secure the network? I know the statue of limitations hasnt paned out on this but at some point someone kinda has to say "Ahh well why are you taking him to court now after he helped out originally?". Just another "See what we do to these bad bad men!" cases.
TOP STORY : The Associated Press website is under attack. A flood of connection attempts beginning at 02:52PM Eastern time have rendered the website unavailable. Initial reports suggest that this attack originates from an organization known as "Slashdot", however it is unclear whether this is a terrorist organization or whether terrorism is involved.
In Soviet America the banks rob you!
Yes, I'd much rather have someone break in and tell me about it rather than rob me. I've been robbed. It sucks and I would much rather know what to fix before than after.
(Sponsored by cheeseSource for President 2012)
I've always been annoyed at how criminals cost law-abiding citizens indirectly. My question to your statement is "why not?"
If you can't somehow manage to not trespass on my private property, then maybe you *should* pay for the fence. After all, why should I be financially responsible because you can't keep yourself from trespassing?
Why should ordinary people have to pay for all the locks on their doors, security systems in their homes and cars? And, WRT computer systems, why whould we have to pay for antivirus and firewalls, the constant security updates because the criminals just keep on hacking? It'd be interesting to somehow place the burden on the people who commit the crimes, and in this case they can.
I'm not saying I realistically believe that it can be accomplished in any meaningful way, in general, but it is at least an interesting idea, IMO.
Stupid sexy Flanders.
He accesses somebody his network, tells them about it "oh but hey i didn't do anything bad".
If YOU were the sysadmin in question, would YOU believe him? No you'd have to check all your systems... And that costs money (=damages).
I am a viral sig. Please help me spread.
(Anonymous for obvous reasons)
I don't live in the US. In my early days on the university I was involved on a serious case of hacking. Being a nerd for network security I once told a university network administrator, that happened to be a good friend of mine and a student of one of the classes I gave at the time (on network security) on a institution unrelated to the university, that the university network was 'easy hackable', he challenged me for a proof and I responded. About four months later I found myself in deep trouble: my network account was surrendered and all my e-mail was analyzed by the network administrators. For some reason (only known to a 18 years old) I had sent an email to a friend telling him that I had cracked about 2000 passwords on the university network.
It turned out that since my 'friend' spoke with me he went with his superior and 'bought' a promotion for turning me in. The only proof they had was the email and a private conversation recorded without my permission (by a university student, not a government office) where I admitted to have cracked the university super-computer and a cluster to write, compile and run a distributed program that kept running for a little over two months (without anyone noticing it, it stopped running because I decided to stop it).
To get on-topic: They claimed that my actions had caused over US$ 100K. After 6 months of trial (where I has assisted by some great voluntary people) I walked out with a restraint to use any university computer for 4 years, and being unable to create accounts for any ISP in the state for 2 years.
The morale of the story is this: You fight. And fight hard. If you do so the people will support you, because you are fighting from the right side. Take it to the end, at some point justice will be served.
Wonder why he turned himself in? If I was in his shoes, I'd go on the run because:
* it seems like anything to do with hacking == terrorism. Justice won't be served, long prison sentence
* being obviously young, not particularly bad looking and probably not physically strong means almost certain prison rape.
* already leading a nomadic lifestyle so why not continue.
However, in his position, I'd probably no longer publicise what I was up to. I think he has made some grave tactical errors in letting his identity being so publically known (and this is why he probably decided not to stay on the run, because his photograph has already been so widely published).
I hope his punishment is in proportion to the crime though - not some arbitrary "war on terror" sentence.
Oolite: Elite-like game. For Mac, Linux and Windows
What I don't get is which planet the judge lives on. I hope he'll provide Adrian a reference.
Get a job - "I'm very interested in joining your company, as long as my court case goes well" - don't call us.
Go to college - parents house is up as bail, and I doubt he'll get state/federal assistance while the court case is pending.
http://customwire.ap.org/dynamic/stories/H/HACKER_ ARREST?SITE=NJASB&SECTION=HOME&TEMPLATE=DEFAUL T
The link in the story didn't have a site id, which directs you to a specific AP member newspaper
Just because you catch me strolling across your yard doesn't mean I should pay for having it fenced. No, but in certain parts of America you might end up paying in other ways when you found some shotgun toting guy taking offence to you trampling his lawn.
great response.
If I leave the keys in my car, that still doesn't give someone the "right" to steal it.
I hate this nonsense that person X didn't do enough to prevent person Y from doing something illegal - so the blame goes to person X.
Now, in some cases, (X being a parent or close friend of Y, and knowing what was going on), the guilt may apply. But in most cases it's quite absurd.
Stupid sexy Flanders.
Good luck at your FBI job interview... er I mean hearing on Thursday.
Why the hell would he do that when he could just go the closest university library and use it there?
If you see the map of the US on the AP website you need to specify a newspaper.
Try this link that says you read the headline on New Jersey Online:
http://customwire.ap.org/dynamic/stories/H/HACKERThis is one of the big problems when trying to create programs that charge for information related products on the Internet. It is very easy to make things that increment counters and add rows to databases. When these activities involve an exchange of cash, there is often an incentive to create false impressions and transactions.
The dot coms discovered quickly that they were paying millions to programs that simply created false ad impressions and false ad clicks.
The telecom industry has similar situations where shady business people do things to create 1-900 calls, or phone calls to Albania just to rack up expenses.
The popup industry is fed largely by people who want to increment counters for various reasons.
By racking up an absurd charge, this case shows what a large number of "business people" are doing every day in smaller ways...ie trying to find clever ways to get the counters to increment.
The Times called the FBI after Lamo browsed sensitive data on its computers, including Social Security numbers for celebrities and government officials who are among the 3,000 contributors to its op-ed page.
Sensative data, sounds like he got more than cc numbers. Also sounds like he has a political ageda, which is ok by my book. You can get lotsa info off of the Nyt's internal system; memo's, drafts, omitted papers, letters from people with political agenda's....
In any case, this is akin to breaking into a musieum to steal stuff, and instead of stealing he took pictures (very exact ones) and left a how-to note. He didn't damage anything, he showed them security holes in exchange for internal data. They don't like the internal data getting out...
BTW, any good company will resecure their systems after any consultancy and scour it for software; some firms can't be trusted.
Candy-Coated Knowledge
It seems that the downfall of a fair few hackers is boasting about their antics. Many seem to have an inborne need to actually make someone aware of their 'l33t sk1llz'. I'd surprised if your average hacker didn't let at least one person in on what they were doing.
Yep, all the mindless NYT wonks on this site that repeatedly post stories that link to "Join our Site" NYT will glefully run to the site this morning to read all about it. Worldcom has a sense of humor. Yahoo has a sense of humor. Apparently the NYT can only hire plagerizing writers and prosecute a minor break-in of their DB.
"Curiosity killed the cat, but for a while I was a suspect."- Steven Wright
He's in his parents custody on $250K bail
Man, his codename must be "Zero Cool"
We'll never know who the best are. Because they're SMART ENOUGH NOT TO BRAG ABOUT IT IN PUBLIC.
All sarcasm aside, I once heard Prof. Gene Spafford of CERIUS say that some of his best students had simply dissapeared from the face of the Earth. He suspected that they were either recruited by Government organizations, or major corporations; and he was afraid that some even went to work for organized crime.
THESE people are the real pros. They get the job done, get paid, and quietly move on. They could live next door to you, and you'd have no clue that they crack heavily guarded systems for a living. For every Adrian Lamo or Kevin Mitnick, or even Peter Shipley for that matter, there are a half dozen guys way better that you'll never hear about.
Life is hard, and the world is cruel
"Lamo frequently trespassed on the networks of prominent companies, uncovering security holes and accessing sensitive information. He then informed the companies of his exploits and often worked with them, as a consultant, to close the holes."
On an enormous salary, no doubt. I expect he could pretty much name his price. It doesn't surprise me then that they can make out they are victims, because, essentially, they are victims, of extortion.
The approach needed now is to approach them first, before hacking them, and if they don't want your skills then leave them alone. If they do want your skills, then they can recruit you at a fair price, on mutually agreeable terms, and nobody has anyone over a barrel.
The other benefit of this approach is that they'll be able to tell the difference between malicious hackers and hackers who are only doing it for the good of the community, which I have absolutely no doubt is going to be Lamo's defence ("I'm breaking into your house for your own good, can't you see that?"). The former will hack without a contract; the latter will hack with one.
But this guy was using a Times account to order outside services from LexisNexis and those guys ain't cheap. I suspect the victims will also be able to quantify how much it took to repair their system. However, I hope they're not counting the cost of closing the security holes since Lamo only exploited the holes -- he didn't make them.
===== Murphy's Law is recursive. =====
How about no more stories on Slashdot with NYT (FRR) links
Insurers aren't concerned with the cause of the damage if it was external, because from their standpoint it doesn't really matter - they're not there to punish, just to repay you. On the other hand, if you share blame for it due to passivity, then you should be compensated less. That doesn't make the perpetrator any less culpable.
it's all denial of service, and it does cost companies money. I have absolutely no sympathy for this guy and hope he gets the book thrown at him.
I'm assuming you're at work as well? Costing your company money?
1099s require ss numbers ...
Don't Tread on OpenSource
At least he's not anymore on the lam-o.
Ok, so you just have to clean it up. That takes time. In business, time costs money, salaries, resources used, etc. So it does cost money. Just because you are so pathetic that your time is worthless, doesn't mine, or anyone else's is.
Obviously its a case of no bad intent, but went about it the wrong way. Obviously, if he'd formed a company, hired a few salesmen, and went about contacting large companies as a security specialist, then no one would bat an eye.
...
... "No, we'll just sue anyone who gets in". Good security policy!
The real question is, if he did this, and then hacked people as market research to determine who the salesmen should contact
"You should tighten your security"
Private individuals using LexisNexis for viewing court doduments will be charged $9 per document (not by search). I'm sure the NYT gets some kind of volume discount. This means Lamo would have had to fetch over 30,000 documents to rack up such a sum. Now assuming your average legal document is ten pages long (many are shorter, some are way longer) that makes 300,000 pages worth of legal documents. A full bookshelf of legal reference material. Why am I not buying this?
How much are you willing to bet the NYT took their monthly (yearly?) bill from LN and claimed that since Lamo had illegally benefitted from access to that material, he should pick up the whole tab?
Hmmm, he posted his cell # and email on their site??
Ok take the other scenario they don't break in.
No one tells you about the holes in your computer system. You machine sits there as it has always done. Are you secure???? Are those holes still there waiting for someone to exploit??? Or is it only this one person that can do it. Chances are they don't do it and tell you, when you do get hit you are going to be looking at data recovery not a security analysis of your system. And which costs a lot more than that. The thing is this person is doing you a favour take their word or not you have just found holes in your system and you still have your data. It is only a matter of time if you have a high profile site like NY Times before those holes are exploited at the cost of your data. And having SS numbers and employee records involved the risk is in more than money.
Anyway you look at it this guy isn't to blame for telling the people he hacked their security problems. Just look from the situations he told people about as if he didn't and think of those sites as targets as servers to launch attacks from, as political hits in other attacks or in the case of the NY Times case as a trolling place for ID theft. If I were an employee of NY Times I would be thanking this guy for making my bosses look into the integrity of how the stored my personal data.
I was thinking of the immortal words of Socrates, who said: "I drank what?" - Chris Knight (Val Kilmer)- Real Genius
Excellent rebuttal!
- Despite popular opinion, I am not perfect.
.. I'm supposed to know who that is. Because you guys are such crack "in the know" nerd journalists that you don't need to add the word "Hacker" to the headline
You know, there is NO excuse for this criminal activity. There is a great expense to keep computers/networks/homes/cars/people secure. The reason for this expense is the criminal, the criminal should be made to pay.
I know it's a non-existent utopia to think that criminals should pay for security systems, but think of all the waste that goes into security because of people doing illegal things. Stop blaming the victems, they were NOT "asking for it" anymore than anyone "asks" to get raped or robbed.
Are you going to blame rape victems for not wearing chasity belts? Where does it end? If you absolutely want to prevent yourself from being raped, you'd have to wear one, wouldn't you? But that's a pretty rediculous extreme, isn't it? And you'd probably get beaten anyway.
Do not tell me they didn't have ANY protection on their website - someone went looking for specific exploits, they didn't stumble upon them randomly, it was a conscious choice to do something illegal. Where does it end? The fact of the matter is people should just respect other people and their property.
Do not stand up for this guy just because he's a hacker like us against a big stupid company. What he did was wrong! The blame goes to the criminal, not the victem.
Stupid sexy Flanders.
"On the other hand, if you share blame for it due to passivity, then you should be compensated less"
That is the point that I was trying to make. Thank you 8?)
Unfortunately a measured response doesn't seem likely given the technical ignorance of most judges and legislators. Penalties for cracking are formulated with the end result of the worst attacks in mind, but those who are caught are generally not the ones behind such attacks. Yet because the type of crime is new, frightening to business, and the limits of damages are often hard to delineate, the book is thrown at these kids.
Just look at that dope who got caught for writing a Blaster variant. Just one guy -- but do you really think the judge and/or jury will be able to understand that he was not the original author, and that his work only caused a subset of total Blaster damages? My money's on No.
And neither does the F.B.I..
happy i have SLASHDOT. here i get news from MY perspective! articles from nerds/hacker/crackers for nerds/hackers/crackers.
...
really, some articles on other web-sites sound like this "hacker" made a oil-ship sink *wink*wink*.
"desperately trying to sell news"-mentality
I keep wondering how "news" ended up simply being a mouthpiece for whomever wants to create a press release or make a legal claim in court. The old unbiased reporting where balance was applied to issues has turned into todays lazy equivilant where hevily spun news items are repeated verbatum by thousands of news channels. When the RIAA sues someone for billions of dollars the number is never followed by "which is obviously a rediculously inflated value" which in the end gives the appearance that this person stole billions of dollars from music companies. The news has more or less stopped reporting and insead just acts as a mouthpiece for all kinds of powerful organizations.
The $300,000 figure is rediculous. If this guy could break in then someone else could also so any review process that needed to happen based on his intrusion should have been made anyway. The use of the LexusNexus service is a greyer area but in reality he didn't steal anything, he didn't hurt anyone, he didn't make a single person lift a finger. He made some machines work a little bit more instead of doing nothing. The Times won't have to pay the bill sine they didn't actually use the services they are being asked to pay for. $300,000 is a *huge* ammount of money and unless someone died, it is obviously rediculous.
It's sad that we live in a time where practically the only critical analysis of the crud that passes as news is on a fake comedy news program simply because in order to make fun of the news you need to criticise it.
set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination
While Slashdetters hyperventilate about the hacker arrests, in other news, unreported at Slashdot, Edward Teller died.
I'm tired of the house metaphor. Maybe if this was someone's PERSONAL computer then that would hold some water. But take it to the scale of what these places really are. He made it into a secured building with security guards, and went into a locked room and broke into the safe while avoiding a camera watching the safe. THAT is not someone's house with a dead-bolt, that is a business and how they would physically secure these things. So would everybody please drop the house metaphor unless we are referring to someone's personal computer. Everyone he has hacked thus far have been business, and if they go to the above extremes to secure things physically then why not on the internet?
TANSTAAFL
Scientists restrict study to entire physical universe; creationist
I was writing a long explanation about how this is morally wrong, but I'm getting tired of stupid people.
So, go on, put half the geniuses in jail and let the other half "voluntarily" go to another country. You've got a bright future, for sure, my neighbour citizens of the U.S. Very brilliant!
(Since you're stupid, let me hint you that this note is sarcastic.)
In their respective reactions to Lamo (L4M30) worldcome is the nice guy, saying thanks - we're glad you pointed it out and the NYT is the bad guy, getting the FBI involved and having him arrested. I didn't expect such a scenario.
If someone pointed out to me that my windows were really easy to open and I should get some window locks (which they are and I did) I would be glad that he told me. If he opened one and went in and left a note in my wife's panties drawer telling me this I'd be a little pissed off and scared.
I guess he crossed the line.
because I have been enjoined by this Holy Office to abandon the false opinion which maintains that the Sun is the centre
Permalink from BoingBoing Guest Blog Among other things, Macki also points out that that the lead link you gave, FreeAdrian.com, was registered over a year ago.
is here
300 grand?? how??
I see all those analogies of breaking into your house and walk around to what Lamo did, I think it's a bad analogy.
My home is not a trusted public institution / company to which many people trust their private info. Remember all those investigative reports into airport security? How reporters demonstrate how poor they are ? This is the proper analogy.
Only difference is that his "motivation" is less trusted (c'mon, people don't believe in altruism), and hence, feared. Whereas we know that reporters are doing it for the job and $$, tho I'm sure airport security never asked for this kind of investigation.
psxndc
The emacs religion: to be saved, control excess.
I get tired of this stupid argument. I know security holes in most businesses (i.e. cut the phone line and throw a bring throw the windows). I can then steal any credit card information they have on site. But somehow some people think its different when you do basically the same thing to a computer. No, breaking and entry is breaking and entry, no matter how you justify it.
It appears that this guy has been trying to get arrested for the last year, so that he can be the next world-famous hacker martyr, like Kevin Mitnick was. A close friend of his registered FreeAdrian.com over a year ago, though it now forwards to freelamo.com.
Read all about it and beware of giving publicity to publicity hounds. This guy's ambition in life appears to be that hackers everywhere will deface web sites and put his name on them, like people did for Kevin. If he hadn't been busted by the New York Times, he would have kept on going until he did get busted.
I was an Excite@home customer. I'm glad someone closed the holes.
I was a NYTimes customer. I'm glad someone closed the holes.
I was a Yahoo member. I'm glad someone closed the holes.
The fact that these holes existed and the companies weren't doing anything about them (because their admins misconfigured proxies and who knows what else) says to me that they didn't know the holes existed. Look at his targets. Were these 50-employee small businesses that got their IIS web-server hacked? No. They weren't. They were all very large corporations with substantial customer bases that had gaping holes in their security.
The targets were carefully selected and the publicity was purposeful. I doubt he made it public on purpose and I'd hardly call it bragging. This isn't someone getting on EFnet and joining #warez and saying (while holding down the shift-key instead of using caps lock)
# Appears as ADRIAN
ADRIAN: OMG I HAXORED NYTIMES AND PWN3D THEIR PROXZ!
This was someone being professional about what he was doing, or so it would appear, calling up the system administrators and offering to help fix the problem. Not to mention making it publicly known that large American corporations don't care about safe-guarding data like your SSID or credit card numbers. But everyone already knew that, right? I guess nobody cares.
Damage? They owe him their thanks. If you didn't bother reading some of the other articles about his past experience you would have learned that most of the companies were grateful (WorldCom and @Home just to name a couple). The fact that the people at NYTimes are whiny asshats was simply something that was bound to happen sooner or later. Read some more articles and you'll see that some of the SSIDs he got were of some pretty important figures in world politics. I'm sure plenty of powerful people were pissed and expected, if not demanded, that NYTimes go after Adrian.
Greg Poirier -- Magic Fairy Bunny Princesses, Inc.
I dunno, that is like asking the surviving member of a murdered family if the death penalty is wrong....
I didn't think you'd have to negotiate just for them to say what you're arrested for.
"You're under arrest."
"For what?"
"Um, we're not saying, it's, um. Classified. Yeah."
"Oh, really..."
"Yeah, telling you why we're arresting you would, um, threaten national security, um. Yeah."
"And do I get a lawyer?"
"Sure, if you can find one in Gitmo."
They say the first thing to go is your penis. Well, it's either that or your brain. I forget which...
Are you SURE he's dead? Put another bullet in him.
you stated: Why not? Because physical locks aren't black magic beyond their understanding. No, the reason is that locksmiths are bonded. You want to be a white hat hacker that people trust and that people will hire to do security work? Get bonded.
What the hell have you accomplished with your life, besides moaning on /.?
So how much damage did Jayson Blair do to the NYT? Maybe Adrian and Jayson could get together to write a book or something.
--
"Open source is good." - Steve Jobs
"Open source is evil." - Microsoft
Get a slashdot interview with this guy.
A Multiplayer Strategy Game for Mac OS X, Windows, and Linux
"If I charged you for sex, I could easily get $100/hour. How about I have sex with you, without your consent, for free?"
No, let's say you have cancer, but you don't know it, and you are not getting proper check-ups so you aren't going to find out. Some self-proclaimed doctor rigs the urinal you are about to use so that he can get a sample of your urine. He then takes the sample to his lab in the basement (without your knowledge) and performs a urinalysis. When he discovers you have cancer, he fully discloses to the world (without your permission 'cause he knows doctor-phobes, like yourself, would never give him permission) that you have cancer saying, "See how screwed up it is not to get regular check-ups at the doctor's office. This guy had CANCER, and he was going to DIE just because he refused to get check-ups." In other words, the social issue takes priority to the individual's rights.
Now, regardless of whether you agree with this or not, you have to admit that this is more accurate than the "sex" analogy. If you can come up with a more accurate analogy to what actually happened, by all means post it, but arguments supported by poor ananologies are poor arguments, regardless of the core ideas behind them.
Sdelat' Ameriku velikoy Snova!
I don't understand, please explain. If there is a warrant against him, isn't he entitled to know what he's accused of?
I apologize for the lack of a signature.
This is not a rapist where talking about. He wasn't trying to kidnap your daughter.
Just happens the kid had an idea about how to do things you don't like (probably not his best idea). I agree with the parent poster that this type of crime doesn't justify jail time and I also agree with you that his 'crime' shouldn't be without consequences, but jail just isn't the answer (and probably not for most non-voilent crimes).
Quack, quack.
Hear hear! Lets bring that spirit offline!
Burglars, murderers, rapists all make the offline community more secure by pointing out weaknesses in our physical security. We should honor them for their service rather than imprison and execute them. The pain and difficulty they cause their small number of victims is a small price to pay for the greater security the rest of us enjoy.
I remember a classic episode of The Screen Savers in which Mitnick and Woz were hosting the show. One part Mitnick interviews Lamo...and he asked rather simple questions like "Now I use to hacker b/c I was curious why do you do it?"
All of Lamo's responses were rather "crackhead" like...I'm not trying to knock the guy, but it didn't really seem he had an answer for why he hacks...not because he's curious or because he's trying to help companies...he just kept saying that he considered himself "at the right place at the right time".
It's possible he was just camera shy.
Some aim to please, I aim to tease.
Many, many students "disappear". It's called graduation. They don't keep in touch with their old school, and folks at the school (outside alumni associations) don't exactly spend much time tracking the students. Spaf tends to embelish his descriptions; that's a useful skill when you head a large group.
Moron! You're just suppose to break in and steal stuff, not unlock the door, announce yourself to the occupants, then offer to buy them much better locks!
my karma will be here long after I'm gone
>> If you're not smart enough to go for C in the first place, you better be thankful to get A and not B. And if you're not, B might be just waiting to happen.
Well, sure, if you want to argue that any network that this guy broke into has left the keys in the door. I don't agree with that analogy.
How about this: You put a lock for your door, lock it, and go away. While you're gone, some smart kid picks the lock, sits down in your living room, looks through the family album, checks out your bank accounts, helps himself to pizza and a beer, and then leaves you a note reminding you not to brings charges but, instead, to buy an ad in the local paper praising him.
Yeah, I'm sure going to do that.
Following your logic, we'd absolve all criminal behavior due to the presumed failure of the victims to protect themselves.
-- Slashdot: When Public Access TV Says "No"
TechTV has video of Lamo before his arrest
w .techtv.com/screensavers/story/0,24330,3520394,00. html
http://www.techtv.com/chkpt/240hp091003/http://ww
He did an interview in the hotel room beforehand and talks about his attitude towards the charges and what he did. Then there's some video of him with the fed at Starbuck's that doesn't have any inofrmational value but is interesting from a documentary standpoint.
Seems like Lamo's willig to pay for his crime as long as he agrees that he's being accused of something he consciously did.
Why is it so many here on Slashdot complain about their privacy being invaded, yet turn around and applaud someone who invades the privacy of a corporation or individual by hacking into a computer system or network?
If the roles were reversed you can bet there would be an outcry for the maximum penalty for the perpetrator.
There is no "-1 offended" or "-1 you don't agree with me" mod options for a reason.
WTF!?? How can anyone afford that amount of money?! That's ludicrous!
Un-news
If a locksmith walked up to your house and saw the window was broken, looked inside and told you your window was broken what would you do??
Sue him for breaking and entering? all he did was tell you your window was broken, he didnt go inside he just verifies the window is broken by sticking an arm inside.
If this happens in the computer world what happens you scan a network and see that they didnt patch up xyz... verified they didnt patch xyz... then told them... what would you do now?
Well, Twitch Boy has landed. But of course, he's back on the outside world and he'll probably come after my balls now.
My bet is he'll enjoy the federal pen since he swings that way anyway.
It's interesting to see that there's actually someone out there less socially functional than kevin Mitnick.
Don't Crease the Weasel!
You'd pretty much have to be a lamo to brag about your 1337ness and get caught by the feds. That would make the Baby Jesus cry!
Wow. Yea. Now that I look at it that wasn't ridiculous.
Where's the edit previous post button when I need it.
set softtabstop=4 shiftwidth=4 expandtab nocp worlddomination
Unless someone gives you PERMISSION to break into something of theirs, IT'S ILLEGAL TO DO SO.
What if a Fireman breaks into your house to rescue your cat?
What if a neighbor breaks in to turn off the water that's overflowing?
What's reasonable and legal in a given situation is determined, in our legal system, by what a "reasonable man" might be expected to do in a given situation. I don't think Mr. Lamo can claim to have acted as a "reasonable man" would act -- but that's the acid test. Ideas that laws are absolute end of story blah blah blah are just windbagging.
now we're going to see "Free Adrian" stickers on every phone booth in the universe.
/* oops I accidentally made a comment, sorry */
The difference between my house and a company is that the company is responsible for the saftey (information-wise) of thousands of customers and employees. If their security is bad then there are problems. On the other hand, if the security of my home is bad and I don't care then there is no problem; nobody is depending on me and I haven't sold my home to anyone as being a secure haven of any sort.
"Never, never suspect the dreams within the dreams of dreaming children." ~The Amazon Quartet
He got caught doing something illegal. No matter how much you rationalize it, the point remains he's doing something that 99% of the US public disapproves of.
Furthermore, he wasn't hacking in the name of freedom of speech, civil liberties violations, sweatshop workers, or anything remotely noble. He's doing this for his own gratification. I hope he gets locked up.
End of story.
I went to news.google.com as per the link in the story, clicked blindly on a link, and ended up right back at /.
nice.
so, if they find during their audit that there is another black hat (or more than one) in their network that they didnt know about, does the total cost of damages they avoided by finding that guy mitigate the damages claimed against Lamo?
somehow, i'm betting they only count damages in one direction.
Darth --
Nil Mortifi, Sine Lucre
Breaking into a computer and breakign into a house are not the same thing whatsoever, dispite the similar wording. When you "hack in", the target machine and you are having a conversation. If you just had to find a house analogy, it's more like having your house and the target house merged together through spacial dimension warp...
So, if you want to find a good analogy like this, think of this:
You are on a train, heading to work. There is a man sitting next to you, bumping up against you everytime the train lurches on the track, nothing abnormal, nothing that you really notice. The before you get off, he tells you, "Hi, I'm a doctor. While I was bumping up against you, I was secretly feeling your chest for lumps. I have found a massive tumor in your left breast. You are free to leave it there, but one of these days, it's going to kill you. I am an excellent cancer surgeon, and I will perform the operation (or show your regular doctors how to) for free."
Now, what is your response? Assuming the cancer really *is* there, is your first thought to have him arresed for sexual molestation? Do you curse him for trying to save your life? Would you rathar have found out this way, or would you have preferred to find out after the cancer has spread and it's too late?
If the NYT didn't have this good samartian helping them, then they would eventually have been in serious jeapordy. Considering how fickle the economy is these days, he may have saved thier lives (how much would it have cost them if they ran a ficticious, slanderous story, of if someone subtly re-wrote all the ads to make them look bad, or if their servers were used to host mountians of RIAA goodies, or if al-queda decided to use them as thier cyber commad post)?
It appears to me that he is seeking some sort of computing martyrdom status. The action taken to register a website FreeAdrian.com etc. appears to me to be the work of someone who is seeking to make a point using the judicial system. With regards to the lexisNexis (whatever) search. It might not make sense to some, however, shouldn't one have a right to view any material where they are a part of the subject matter (articles, etc). If the searches were simply on his own name (which I'm not sure if they were or not) etc?
Don't put words in my mouth.
Imagine if court worked the way you think it should?
Judge: Should this man go to jail?
Prosecutor: He committed a crime. Here's the statutes under which he was charged, here's his own testimony affirming what he did, here's a stack of earlier cases that establish precedent.
Defense attorney: But... but he's INTELLIGENT! It would be wasteful to put him in jail!
Judge: Well, we certainly don't people to face the consequences of their actions unless they're stupid! Case dismissed!
What he did here wasn't breaking into a house.
It was going on a tour of a house, that's arranged by the owner, noticing where it's not roped off, and taking a look.
Later, the owner notices, goes "Jesus Christ, your not supposed to be there," after the fact, and then makes it their point to make your life a living hell.
He's didn't go break into a building and get onto the network. He used a publicly available connection, and looked around. He saw somehwere people wouldn't normally go, and went.
Your use of "breaking into someone's house" analogy is flawed.
The truth is that we are concidered something close to what Wizzards and Witches where during the Dark Ages. They where close to the King, he had to trust them, he actually needed them but then again they where hunting them down and burning them.
My wife once said that in her eyes I'm something like a Sorcerer, I do things that no-one can understand, and in most people's eyes look unbelievable; "But you are there and I'm here how on earth did you manage to change my IE homepage?"
Magnetism was considered "magic" 100 years ago, then a guy came along studied it and explained it to the rest of the human kind. The weird thing is that we are not using black boxes, or unsolved riddles, the answers are there for anyone who is willing to ask, but how many people can understand them? Computer Security is something like advanced mathematics; you can't just start solving a problem if you don't have the proper foundations to do so! We do! Our only difference is that Mathematics where here since the Start of Time, the Universe and Everything, but we are a new breed and as history has proven numerous times, Humans as a kind just don't like anything new and they always fail to accept it without first condemning it as Evil and Bad.
High Leader of the Dark Legion of ZeroOne,
Lord Kussic
-- Free Kevin (Buy one get one Kevin for FREE!)
He presented the program and the password list to the school administrator. Instead of persecuting him, they contacted HP, who fixed the problem, and HP hired him with a college scholarship as soon as he graduated.
How times change.
CAn'T CompreHend SARcaSm?
Lamo did a dumb thing.
His intentions were good. But could he have done this with the permission of the NYT instead?
Say what you want about "they'd shore up the system before he went in" -- isn't the entire point of white-hattery to get people to shore up their system?
Now, *considering* Lamo's intentions and reputation, the NYT would be, well, assholes for not trying to allow some sort of light sentence. But this isn't, like, say the RIAA, where they go after 12 year olds that don't know what they're doing is wrong. Lamo's been in this business long enough to know that what he was doing was illegal.
There needs to be a significant revision of the code of ethics of White Hat Hackers - specifically, it needs to be written down.
One of the rules that should be in there is:
1) I will notify and seek permission from any public or private individual, corporation or institution that will explain what I am about to do and seek permission to do so. I will make it clear that whatever I find, I will be publishing my findings.
Number two should be something along the lines of "not working within the U.S. whenever possible" or something like that.
-- Funksaw
reprint of
:) Thank you for giving your readers an opportunity to voice their views. I always appreciate any forum that stimulates people to think and arrive at their own conclusions. I generally don't participate in discussions about me, something I feel would be inappropriate, but I would like to clarify an issue that searchWebManagement.com mentioned.
/0,289139,sid27_gci785232, 00.html indicates that I consider myself benign. Other sites have gone considerably further in tacking views and motives onto me. I do what I do as an extension of how I live my life. Curiosity, trying to look at issues and entities from all angles while being beholden to none, not letting myself be prejudiced by views or methods more commonly applied, but not rejecting them offhandedly either -- these and other .. I hesitate to say principles, but can't think of a better word .. these and other principles get applied equally through my life in the physical world and my time as a network citizen.
http://web.archive.org/web/20020603035051/adri an.a drian.org/whynot.htm
Letter to Deb Cote 1/28/02
---
Hello Deb,
I noticed your post on comp.security.unix
It's difficult for me to communicate this effectively to media, as story structure frequently requires the protagonist to have a clearly identifiable motive and goal, but I do try to straighten the record a bit here and there as applicable.
The editor's summary at http://searchwebmanagement.techtarget.com/newsItem
The important distinctions are -- I don't see myself as having a right to do this. I don't think that just because it happens to help people, I'm above the law in doing it. Nobody has granted me a right to be on anyone elses network without their approval, and I don't think that the rules somehow will not apply to me if someone wants to send the feds looking for me. Life is gradiations of risk. However -- this behavior will occur for as long as there are networks and electronic resources. Rights having been granted or not, the history of law enforcement in America [and elsewhere] shows that you cannot ever exterminate a pattern of human behavior altogether. People are people, and though we can make them react to us, we cannot change them fundamentally -- and if we ever find that we can, we may be taking on a role that is not ours to take on in this world.
If this behavior is an irrevocable part of human nature, legislation and electronic countermeasures can only mitigate it so much. Law-enforcement and industry can, if they deem appropriate, engage this behavior in a no-surrender no-retreat many-prisoners struggle indefinitely. I don't know who this would help. As long as unauthorized exploration is going to happen on some level, what makes the most sense to me is to have it harm the fewest people as possible.
If I'm trying to push any idea for people to evaluate here, that's it -- if you can't eliminate it, and possibly aren't sure you want to, is harm reduction so unreasonable? A computer isn't a house or a car or whatever analogy people want to draw for intrusion scenarios. I've never seen an analogy that works without a hitch. A computer is a computer, the situation is unique, there are no perfect parallels in 'real life', and not wanting people to be hurt if it can be avoided doesn't seem like such a bad thing. Just because it's a central feature of human nature doesn't make it unquestionably 'right', doesn't give me any right, but it does, to me, mean that we should deal with it realistically as a part of the human condition rather than a new problematic situation to be legislated into the ground. In my humble opinion.
On a more personal and less [more?] central tangent, I have to think that laws and legal conditions which generate harm where none previously existed should be questioned by all those party to them, on either side of the thin technicolor line. Complex systems such as the internet
... so they're taking it out on the guy who's trying to show them how to fix their own abysmal lack of security.
I realize this is a matter of laws and such; but really... if it hadn't been him it would have been someone else, and they'd STILL have the same expenses once anyone who knew what they were doing got into the system, even if it was only a new head of IT Security. All Adrian did was to save them from hiring a headhunter.
Those fraudulent charges to LexisNexis will be refunded as a courtesy to such a large customer as the Times, and probably along with them will be refunded a reasonable number of legitimate searches for Adrian Lamo. This will net them a profit in the long run.
So the ultimate end here is that The Times looks like a bunch of jerkoffs, and even if Adrian goes to jail all it will do is boost his street crit thereby improving his saleability as a consultant, perhaps even leading to a job with our own government.
It's really a win/win situation for Adrian, and if the Times weren't such a bunch of weenies, they'd realize it was for them too.
Mnem
The problem here is that people who like to break into computer networks don't see the harm in their actions. They view it like a little kid, it's theirs and no one has a right to take it away - it's their game/toy/fantasy.
In the case of Adrian Lame-o, the neeping lemmings put him up on an altar and bow down before his mighty web browser. They cannot see anything else but his brilliance.
They do not see the network as property. They can't comprehend the concept of breaking and entering because the net is free!
But here is the truth of it. The NYTimes paid for the servers, routers, firewalls, wiring, fiber, storage devices. This is property. They collect subscription fees from people who want to use this property. That is their right.
They paid people to collect information, stories, lists and data. This is property. They sell this property. That is their right.
They built a store front to allow people to enter their property and conduct business with them. That is their right.
They have security in this building to prevent people from going beyond the ground floor where normal business is conducted. That is their right.
They have paid for all of this.
Now, along comes Lame-o. He sneaks/walks into the storefront, looks around and notices that one of the security devices is not turned on.
Does he notify anyone? No. When no one is looking he makes his way past security and away from the first floor.
(The security people have their hands full with people trying to get past the first floor and their budget is cut, not enough people to patrol, not enough in the budget to repair, new devices for circumventing security coming out everyday. Can't keep up with training.)
Lame-o is now on the second floor. Does he notify security? NO. Is he supposed to be there? NO. Does he know that he is not supposed to be there? YES
He rifles some desks, file cabinets, scans lists, checks out credit card numbers. Does he stop and notify security? NO
At this point we know that he alters some data, effectively using resources that the NYTimes has paid for (Property!!) without authorization or permission.
Now he sneaks back out of the building. Does he notify security? NO
What does he do? He notifies the press!
Does he pay the NYTimes for the resources that he pilfered? NO
But that is okay, the public opinion of a bunch of sheep/lemmings will bouy you out of troubled water. Lame-o will be a god unto them!
You haven't done anything wrong!?!?! YOU WEAR THE MANTLE OF THE WHITE HAT!!! Your press clippings say so! Your adoring admirers don't care about property! They want a free and open system where they can gambol and despoil the landscape making it impossible for the average user to get anything done.
Bullsh*t
Oh yeah, and about those sys admins that are always getting bashed, the ones who missed that one hole out of a gazillion. The lemmings/sheep will heap steaming trash on their heads too. After all, new exploits happen all of the time. There are so many fingers in the web pie that it's difficult to find all of the openings that vermin can come in through. A few sys admin. A few thousand lemming/sheep.
Let's see these white/black hat lemmings/sheep set up web servers that cannot be broken into while conducting a business similar to the NYTimes. Oh yeah, and with very little money. And let's see them keep it running for a year without anyone breaking into it. And if someone does break in then these same lemmings can get their asses canned.
White hat. Black hat. It's all bullsh*t.
Criminals. (Yeah, this stuff pisses me off!)
Do any of them set up a security business and try this stuff legitimately? The ones who stop being neeping sheep do. But white/black hat dittos don't. They can't. They don't have the strength. They just want to be dittos who aren't responsible for their actions. They just want to have fun. Or see their faces in the press clippings like Lame-o.
There was a hacker who got busted
and Lamo was his Name-o
(CLAP!) L A M O
(CLAP!) L A M O
(CLAP!) L A M O
and Lamo was his Name-o
He's out on $250 Thousand Bail
and Lamo was his Name-o
(CLAP! CLAP!) A M O
(CLAP! CLAP!) A M O
(CLAP! CLAP!) A M O
and Lamo was his Name-o
He's not as cool as Kevin was
and Lamo was his Name-o
(CLAP! CLAP! CLAP!) M O
(CLAP! CLAP! CLAP!) M O
(CLAP! CLAP! CLAP!) M O
and Lamo was his Name-o
He found his name in Nexus
and Lamo was his Name-o
(CLAP! CLAP! CLAP! CLAP!) O
(CLAP! CLAP! CLAP! CLAP!) O
(CLAP! CLAP! CLAP! CLAP!) O
and Lamo was his Name-o
So if you are a computer guy
and Lamo is your Name-o
Don't get busted, or you'll fry!
Hacking is no Game-o
(CLAP! CLAP! CLAP! CLAP! CLAP!)
(CLAP! CLAP! CLAP! CLAP! CLAP!)
(CLAP! CLAP! CLAP! CLAP! CLAP!)
and Lamo was his Name-o
Best Buy can have you arrested
"His parents have also put up their house to guarantee his appearance in New York."
Jeez what next, strap a parent into a letheal injection machine to guarrentee appearance in court?
I'll own up.. It's me.
He wasn't arrested. I would have just left the country. It's not that hard to get out. Beats the hell out of jail.
"It's like this, you communist!"
"No, it isn't, you fascist. It's like this!"
I have heard n analogies from each side, and everyone knows n^2 time is inefficient.
The fact that he did it in order to tell them they had security problems in the first place, very vocally, indicates he DID know he was not supposed to be there.. that was the whole point of what he did.
You're missing the point of the sex analogy. It doesn't apply to the situation as a whole, it merely establishes that there are cases (this may or may not be one of them) where the normal price for something (sex or an audit) may not be adequate when that is forced upon you without consent.
Mod this guy up! He hit the nail on the head!
This is the way security is supposed to work. You buy system insurance. They inspect your systems before they agree to take the risc. If they find weaknesses you can't sue them and say that they caused huge damages. Just like the guy who pointed out that you can't blame the building inspector for causing the problems that he finds.
I still think Lamo went about it wrong. If you know you are dealing with bastards who prosecute white-hats, don't be so damned surprised! And if you didn't know...
OK, I'LL SPELL IT OUT: Most corporate MIS hacks are litigous bastards who will prosecute white-hats. Save yourself the trouble. They're not worth it. Let the black-hats take 'em down. They WON'T learn this lesson any other way!
My other car is a 1984 Nark Avenger.
Apparently nobody else noticed the fact that his parents can afford $250,000 bail. Wow!
I think it was Thomas Anderson. I heard he was pretty good.
Let me get this straight. He illegally made a search using his own name? His real name?? And with a last name like 'Lamo'?
Now that's a good way to avoid getting caught...
Hey asshole, a guy who breaks into your house poses a real, physical threat to you. He can kill you, rape your wife or murder your kids. A guy who leaves an "ownz joo!" message on your website doesn't do any of that.
fucking cockgobbler
Nice idea, but let's Do the Math(TM) --
Possible, I suppose, as we don't know how long he had access before alerting the NYTimes. But 100 hours is a long time.
And for that matter, you'd have to be one hell of a fruitcake to run 600 searches on your own name. Which makes me think the $300,000 figure itself is crap, as the rest of the account suggests Lamo isn't entirely out of his gourd, just misguided or naive depending on your point of view.
--------
If I can own an idea, does that mean I can legally claim some portion of your soul once I tell you that idea? Or even if you just come up with it on your own? Heck, who needs contracts written in blood...
"What in the name of Fats Waller is that?"
"A four-foot prune."
White hat my ass. Lamo posing as a security expert is ludicrous. He simply rationalizes his break-ins with a lame "I did it for your own good" claim after the fact. He DID run up $300,000 in Lexus/Nexus costs. Those were real supplied services involving real money that generated a real invoice that has to be paid by the Times.
The NYT made an excellent analogy: "It is like someone breaking into your house, writing his name on your walls, racking up $300,000 in long-distance charges and then claiming he did it to show you that your deadbolts weren't adequate." Lamo is no different than any other thief on the planet, he just uses a pathetic "security" rationalization to try to get away with it.
Two hours over three months is entirely conceivable, especially if he was looking for updates and to see if the Feds were on his trail.
Just my two $.02
psxndc
The emacs religion: to be saved, control excess.
Another 'victim as criminal' argument I see.
Victim: "But officer, I was RAPED by this guy!"
Officer: Well that's YOUR FAULT ma'am.
You should have put better locks on your doors. You see, this guy is a WHITE HAT rapist.
Rapist: Hey! I'm a security expert! i was just doing the bi*ch a favor by showing her deadbolts weren't any good.
From ComputerWorld: "It's like a guy who sees the keys in the car in a parking lot, opens the door, takes the keys out and hides them under a mat and leaves a note," he [Mark Rasch, former head of the computer crime unit at the U.S. Department of Justice] said. "It's not a valid defense." What a horrible comparison- personally, I'd thank any such Good Samaritan
I just finished my first book. Maybe tomorrow I'll read another.
<loudforeheadslap/> Doh!
Can I beg off that I was stuck using the New Math? Sheesh. Just call me Chuckles the Clown. :P
One thing I may just be confused about though, but how is his access to Yahoo's info directly related to the NYTimes' claims of damages?
--------
If I can own an idea, does that mean I can legally claim some portion of your soul once I tell you that idea? Or even if you just come up with it on your own? Heck, who needs contracts written in blood...
"What in the name of Fats Waller is that?"
"A four-foot prune."
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
psxndc
The emacs religion: to be saved, control excess.
Comment removed based on user account deletion
Comment removed based on user account deletion
Comment removed based on user account deletion
No way. If you were, you would have pointed out that I started a sentence with the word 'and'. Nice try though, but you fail it.
Don't be silly. It's obvious that bugs and security lapses should be repaired, however they are discovered.
But, then, I didn't say anything at all like that.
Here's what I've said: This Llamo character seems to have admitted to engaging in illegal actions, i.e., breaking into a corporation's private and internal network. Of course, that corporation should learn from that and fix those shortcomings. But, that fact does not erase Llamo's behavior. Whatever the motivation, whatever actions are taken afterwards, breaking the law remains breaking the law, and anyone who does that is a criminal.
To believe otherwise is to believe that anyone has the right to act as a network security vigilante, and that any criminal action vis-a-vis a network is excusable if the criminal simply tells someone abou the security gaps he found. OF course, that's utter nonsense.
-- Slashdot: When Public Access TV Says "No"
It is very easy to run up very large charges on the services. there are many different classes of search and database access levels, and you can have a $3,000 bill in under an hour.
What do I want to bet the NYTimes is asking for their entire monthly charges for Lexis/Nexis? How much do you have?
Pedophiles == sick bastards
1337 hax0rz == marketable skillz
To take away his [assumedly] one most marketable skill and then tell him to get a job is a bit ironic.
Comment removed based on user account deletion