Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adrian Lamo Surrenders

Posted by timothy on from the eh-well dept.

clafarge writes "Three days after Adrian Lamo was charged with hacking, he surrendered himself to marshals at the federal courthouse in Sacramento. This according to a story on the AP's LiveWire. He's accused of causing 'more than $25K damage to New York Times Co.,' and performing LexisNexis searches on his own name to the tune of $300K! I always find it interesting that so little tinkering can cause so much 'damage' (if you didn't get that wink, read the article about the nature of the 'damage'). He's in his parents' custody on $250K bail." webmaven adds links to the same AP article carried by Wired, InfoWorld, and C|Net, and points out that more coverage can be found via Google News. He writes: "Adrian negotiated the terms of his surrender, which included the charges in the warrant issued against him being disclosed."

9 of 639 comments (clear)

  1. Reasonable damage figures by JohnGrahamCumming · · Score: 5, Insightful

    more than $25K damage to New York Times Co.,' and performing LexisNexis searches on
    his own name to the tune of $300K! I always find it interesting that so little tinkering
    can cause so much 'damage' (if you didn't get that wink, read the article about the
    nature of the 'damage').

    No I don't get the 'wink'.

    These damage figures really don't seem very unreasonable, especially given what Kevin
    Mitnick was accused of. It's pretty easy to rack up $25,000 in damage (i.e. in the
    cost of the people of had to evaluate and repair his intrusion into the network). As for
    the LexisNexis searches that cost is probably easy to calculate because they charge for
    use of the service and he probably used $300,000 worth of the service without paying for it.

    If he'd been accussed of millions of dollars of damage for these intrusions then I might be concerned
    that the prosecutor was going overboard, but this seems pretty sane to me.

    John.

    1. Re:Reasonable damage figures by Trigun · · Score: 5, Insightful

      As long as they have to prove the damages, rather than having the judge readily accept them. In fact, who cares about how much damage is done, as long as it's over the $5,000. If he broke the law, he broke the law, he didn't break the law by $320,000. That would be essentially ridiculous, turning law from an ethical measure to a monetary one (well, more so).

    2. Re:Reasonable damage figures by InsaneGeek · · Score: 5, Insightful

      I never quite got this... would you really trust a hacker to tell you everything he did? Some anonymous person on the internet breaks into your system and you will just take his word for it? A security incident is a security incident you have to do the same work either way:

      offline the system
      investigate the system to find intrusion
      do a complete reload from scratch
      identify other systems on the network with same vulnerability accessable by compromised system
      make decision to roll dice and guess others were not compromised or rebuild those systems also

      number of steps left out but you get the drift, the entire network is compromised and I don't trust my job let alone hundreds of fellow employees jobs, on a completely unknown person telling me they really didn't leave any back doors and didn't do anything at all after they intentionally broke into a system

    3. Re:Reasonable damage figures by Anonymous Coward · · Score: 5, Insightful

      But if they had discovered this on their own, they would have still had to have gone to the same expense.

      Just because he's the only one that ever told them that he was able to do it doesn't mean that others weren't.

    4. Re:Reasonable damage figures by Morosoph · · Score: 5, Insightful

      It seems to me that engineers view security breaches very differently from most people; we're used to having to fix all bugs, and it becomes natural to think of someone who's managed to break a system as having done good; the clean-up costs are not the costs of the breach, but the costs of the bug, as yet unforseen.
      I get the impression that this is not how the average person thinks at all. When something fails, the most obvious culprit is the person that broke the system. There might be secondary concerns, but the first thing to do is to find blame.
      By contrast, the engineer is almost grateful, at least once the bug's been fixed!
      My thoughts are that people who break things without malice, although they might be in some sense "trespassing", deserve some protection, as egos do not deserve the protection of the law. The law should instead be structured so as to make secure systems more probably, ie. intelligent cost/benefit analysis is the order of the day, not ideological moaning about property and tresspass.

      --
      Wikileaks, no DNS
    5. Re:Reasonable damage figures by Evil+Adrian · · Score: 5, Insightful

      Look at it this way, if the lock on my house is faulty did someone who demonstrates this fact to me "damage" my property by "causing" me to have to buy a new lock?

      Now paying someone $25k to audit security is a perfectly legitimate business undertaking. So, how is providing that service for free necessarily "damage."

      Unless someone gives you PERMISSION to break into something of theirs, IT'S ILLEGAL TO DO SO.

      END OF STORY!

      Hacking is illegal, everyone knows it, why are you getting pissed about it? Leave other people's shit alone unless they specifically ask you to fuck with it, or you will get in trouble! That is NOT a difficult concept to grasp!

      --
      evil adrian
    6. Re:Reasonable damage figures by greenhide · · Score: 5, Insightful


      Now paying someone $25k to audit security is a perfectly legitimate business undertaking. So, how is providing that service for free necessarily "damage."

      Here's a harsh example: If I charged you for sex, I could easily get $100/hour. How about I have sex with you, without your consent, for free?

      As someone who oversees a few websites, I can tell you that there is plenty to do already without having to worry about some hacker breaking in to my system.

      The faulty lock isn't a good analogy. A better analogy is that you have a normal working lock, and the person is an extremely adept locksmith who also knows how to circumvent security systems. Don't think "This Old House", think "Mission Impossible".

      These servers weren't left totally out in the open, otherwise people would be hacking into the NY Times *all the time*. I mean, wouldn't it be tempting to be able to put any message you wanted, up for viewing to many millions of people?

      I'm sure the NY Times spends a whole lot on security, and does a pretty good job at it. This Adrian fellow is a really good hacker; that's all there is to it. Any system that must connect to the Internet is inherently insecure. The people at the NY Times have probably made a very careful balance between making their servers secure, and making it possible for employees to access it from the thousands of locations across the globe where they have staff, reporters, subscription offices, and distribution and printing centers.

      I think anyone who blames the NY Times in this case is expecting too much. I'd like to see how *your* computers handle a hacking attach from this guy.

      --
      Karma: Chevy Kavalierma.
    7. Re:Reasonable damage figures by _bug_ · · Score: 5, Insightful

      Unless someone gives you PERMISSION to break into something of theirs, IT'S ILLEGAL TO DO SO.

      Actually it may not be a clear cut illegal intrusion. If Llamo never encountered an "authorized use only" or "for NYT staff only" message then it can (as has been in the past) argued that Llamo had no reason to believe he was accessing an area of the NYT network he was not suppose to. Given that he was accessing it via the Internet which is a PUBLIC network.

      That may be why the NYT is trying to put a dollar figure to the "damage" Llamo caused. Then they can argue property damage.

  2. Adrian Lamo Surrenders by Morosoph · · Score: 5, Insightful
    This story makes me sad. The judge had a "last minute" idea, "Oh yeah, let's ban him from using computers", probably the only thing that really gave purpose to the life of a tramp. Getting a "real" job cannot be a substitute, and as The Register points out, Adrian wasn't exactly writing viruses. Quote:
    Following the recommendation of a federal pretrial services officer who interviewed the hacker in custody, Hollows ordered Lamo to obtain full-time employment or enroll in college pending trial. The ban on computer use was the judge's idea.
    "This whole business of computer hacking, viruses and so forth is getting very wearisome," said Hollows, explaining his thinking from the bench.
    There is something depressing about the whole "join society" ethos, that is, conform to everyday mediocrity.
    --
    Wikileaks, no DNS