Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adrian Lamo Surrenders

Posted by timothy on from the eh-well dept.

clafarge writes "Three days after Adrian Lamo was charged with hacking, he surrendered himself to marshals at the federal courthouse in Sacramento. This according to a story on the AP's LiveWire. He's accused of causing 'more than $25K damage to New York Times Co.,' and performing LexisNexis searches on his own name to the tune of $300K! I always find it interesting that so little tinkering can cause so much 'damage' (if you didn't get that wink, read the article about the nature of the 'damage'). He's in his parents' custody on $250K bail." webmaven adds links to the same AP article carried by Wired, InfoWorld, and C|Net, and points out that more coverage can be found via Google News. He writes: "Adrian negotiated the terms of his surrender, which included the charges in the warrant issued against him being disclosed."

11 of 639 comments (clear)

  1. He boasted.... by ellem · · Score: 3, Interesting

    How good are the ones who keep their mouths shut and just steal shit?

    --
    This .sig is fake but accurate.
  2. Negotiated? by bobthemuse · · Score: 3, Interesting

    "Adrian negotiated the terms of his surrender, which included the charges in the warrant issued against him being disclosed."

    You have to negotiate for this now? So if they never tell him what he's charged with, can he get a reduced punishment? :-)

  3. Lexis/Nexis and NYT by Speare · · Score: 5, Interesting

    What would you want to bet that Lexis/Nexis just winks and nods at their huge customer, The New York Times, Inc., and waives much of the actual charges that resulted from automated searches on Adrian Lamo. At their prices, there is probably still over $25K worth of manual labor involved... Lexis/Nexis is a premier service with some amazingly in-depth methods.

    Plus, the scouring job that's required by NYT's IT department to ensure there aren't any new "easter eggs" in their system will go into significant coin too. I don't agree with the preposterous insurance-claim oriented figures that go into these 'cracking' news stories, but you can't just trust a superficial system cleanup after being cracked.

    --
    [ .sig file not found ]
  4. "damage" by TheSHAD0W · · Score: 3, Interesting

    Just because you catch me strolling across your yard doesn't mean I should pay for having it fenced.

  5. Re:How old are you? 5? by 91degrees · · Score: 3, Interesting

    Why are you comparing it to your home? He hacked corporate servers! It's more like finding an intruder has manged to get past your security and knocked on your office door.

  6. Re:Reasonable damage figures by nsandver-work · · Score: 3, Interesting

    The problem is, how do you trust someone who's just broken into your systems to tell the truth about how they did it? Or to tell you everything they did? You can't, so you must look over everything, and probably reinstall your systems.

  7. Guess he understands time-space warping too by mactari · · Score: 3, Interesting

    From The Reg:
    Under the terms of his release, Lamo's future wanderings will be confined to the northeastern half of California, and southern New York state, unless he gets prior approval of the court to travel elsewhere.

    Hrm. Wandering from NE Cali to south NY w/out going anywhere inbetween would seem about as easy a commute as getting from the West Bank to the Gaza Strip.

    Then they tell the fellow he can't use a computer but has to get full-time employment! I imagine anyone savvy enough to Slashdot can see the irony there. ;^)

    To completely switch gears, did anyone else find it weird that a paper would have SS#'s for people who have written op-ed pieces [for Lamo to find]? I suppose that implies they were *paid* for the pieces, but it still seems a bit strange.

    --

    It's all 0s and 1s. Or it's not.
  8. Personal case by Anonymous Coward · · Score: 5, Interesting

    (Anonymous for obvous reasons)

    I don't live in the US. In my early days on the university I was involved on a serious case of hacking. Being a nerd for network security I once told a university network administrator, that happened to be a good friend of mine and a student of one of the classes I gave at the time (on network security) on a institution unrelated to the university, that the university network was 'easy hackable', he challenged me for a proof and I responded. About four months later I found myself in deep trouble: my network account was surrendered and all my e-mail was analyzed by the network administrators. For some reason (only known to a 18 years old) I had sent an email to a friend telling him that I had cracked about 2000 passwords on the university network.

    It turned out that since my 'friend' spoke with me he went with his superior and 'bought' a promotion for turning me in. The only proof they had was the email and a private conversation recorded without my permission (by a university student, not a government office) where I admitted to have cracked the university super-computer and a cluster to write, compile and run a distributed program that kept running for a little over two months (without anyone noticing it, it stopped running because I decided to stop it).

    To get on-topic: They claimed that my actions had caused over US$ 100K. After 6 months of trial (where I has assisted by some great voluntary people) I walked out with a restraint to use any university computer for 4 years, and being unable to create accounts for any ISP in the state for 2 years.

    The morale of the story is this: You fight. And fight hard. If you do so the people will support you, because you are fighting from the right side. Take it to the end, at some point justice will be served.

  9. Re:Reasonable damage figures by kfg · · Score: 5, Interesting

    One of the first things you learn when you begin working in computer security, especially as an outside contractor, is that your customers don't trust you as far as they could throw the Empire State Building.

    In fact, you will be reviled. You will have a hard time convincing many people to hire you because they're scared to death of you in the first place. Once they do hire you you will be assumed at some lizard brain level to be doing something nefarious.

    This is one of the reasons why network security is so poor. Companies are loath to allow outside security experts anywhere near the place.

    This is one of the reasons white hat hackers like Lamo do what they do. The companies aren't doing what they should, out of fear, thus leaving all the doors wide open. It's a deriliction of duty that the white hats expose to the public.

    The companies don't always take kindly to the fact that their customers then know how poorly their personal data is being protected.

    Obviously the way to handle the matter is to attack the white hat. Go figure.

    Now these same companies don't hesitate a second to call in a locksmith to handle their physical security. They don't worry that when a lock gets changed the locksmith is secretly making a copy of the key so he can break in at night and clean them out, even though this occasionally actually happens.

    Why not? Because physical locks aren't black magic beyond their understanding.

    Rather than gain that understanding they'd rather fear. Again, go figure.

    Computer security experts are like people who treat lepers. We aknowledge that they are needed, but we don't want them around our house.

    God forbid they should marry our daughter or something. We'll never sleep at night.

    KFG

  10. You got it by DesScorp · · Score: 4, Interesting

    We'll never know who the best are. Because they're SMART ENOUGH NOT TO BRAG ABOUT IT IN PUBLIC.

    All sarcasm aside, I once heard Prof. Gene Spafford of CERIUS say that some of his best students had simply dissapeared from the face of the Earth. He suspected that they were either recruited by Government organizations, or major corporations; and he was afraid that some even went to work for organized crime.

    THESE people are the real pros. They get the job done, get paid, and quietly move on. They could live next door to you, and you'd have no clue that they crack heavily guarded systems for a living. For every Adrian Lamo or Kevin Mitnick, or even Peter Shipley for that matter, there are a half dozen guys way better that you'll never hear about.

    --
    Life is hard, and the world is cruel
  11. Re:Reasonable damage figures by Merk · · Score: 3, Interesting

    Who defines "breaking into"?

    If someone misconfigures their web server so it points at "C:\My Finances" and you surf to their site, are you breaking into their system? What if they configure it so it points to "C:\" and you click on the "My Finances" link? What if they have a default "Welcome to XXX" page but you type in the url: "http://www.icantconfigureiis.com/My%20Finances/"? What if you do a portscan on them and try to connect to a nonstandard port? What if you run a rootkit on them?

    Obviously the latter examples are reasonably defined as "breaking in", and the former ones are not, but where do you draw the line? Is it a judgement call about what someone reasonably expects you to be able to see?

    From what I have read, it is pretty obvious that this guy saw some things that he reasonably couldn't believe he was supposed to see. On the other hand, he did it all through a web browser. It's not like he was running rootkits. He was simply poking around and being nosy. The onus should be on the NY Times to have some reasonable standard of security in place that can't be compromised by Mozilla.