Slashdot Mirror
Losing His Religion: Adrian Lamo Interview
digidave writes "Six months after the sit-down, TechFocus.org has published their interview with renowned hacker Adrian Lamo. Done before his arrest, TechFocus kept the interview secret so as not to influence the outcome of his trial. It remains his only interview since being arrested."
wait, this doesnt make sense "Done before his arrest, TechFocus kept the interview secret so as not to influence the outcome of his trial. It remains his only interview since being arrested." How can it be both before his arrest, ... and then be the only interview after being arrested??
Sig- http://www.dreamhost.com/rewards.cgi?ayefly
it seems to me that unless the comanies specifically hired him as a security consultant, then he has no legal support in these matters.
However, he did not damage/alter any of the sites he hacked (excluding NYTimes, which was a minor addition to the list of "experts"). This does not help him in the courts though, because the act of breaking into the company's networks was illegal in itself.
Well, they'll never be able to track you via your slashdot account.
Seriously, there's a rather supernatural school of thought that says we'll never hear interviews from the "best hackers," because they'll never get caught. I don't believe in superhackers -- but you have to wonder, with these guys catching interview with Lamo right before his latch, if an ego is REALLY the best thing for any criminal to possess. I mean, you need respect and renown to make it in a world without structure, but it seems having the blackhats known your name makes it easier for it to fall in the laps of the whitehats.
Hey freaks: now you're ju
I can't get to the interview, but the wired article seems to imply this guy is just a script kid. Basically it sounds like he's doing the modern day equivalant of war dialing.
He gets the press coverage because he's "homeless", but doesn't fit the alcoholic loser bum image of most homeless people. People like hearing such stories because it gives them hope that all the homeless (or more accurately, bums) might be able to pull themselves up by their bootstraps. Total bullshit of course, but it makes for good copy.
AccountKiller
I dont mean to flame or anything, but im not to impressed by Lamo. he did some crazy things, but any lucky script kiddie could do the same. besides the fact that he was a meth addict, his "hacker skills" consist of using a web browser to snoop in unprotected directorys. In fact, he does not even know c++ or java.
Lamo tells truth and they want to send him to jail.
Luckily, the Times gets more irrelevant every day.
Give a shit?
Seriously, this guy is just craving attention. Homeless hacker my ass. Maybe if he actually tried to make something of his life or contribute to society I could give a shit. But he has done nothing for the real 'hacker' community.. stop giving hackers a bad name and refer to him as homeless 'criminal' please.
If you break the law shut up about it. Seriously, people bend and break laws all the time. Good, honest people. They cheat a little on their taxes, they don't stop all the way at stop signs, maybe they visit a prostitute occasionally.
No one really cares until:
1) The problem becomes extreme - instead of going 5 miles/hour over the speed limit you go 25 over.
2) You trumpet your illegalities all over the place.
If a sysadmin at the NY Times had received a discreet phone call from Lamo they would have had the option to ignore the whole situation and just quietly fix the problem. Instead they got a phone call from a reporter who was about to write a news piece on how this guy broke into their network.
I'm not saying that they were right, just that it's understandable and Lamo shot himself in the foot with his lack of discretion. I learned this same lesson in high school when I wrote a creative writing paper that was so bloody offensive that I had to have a conference with my parents, the principle, the teacher and the school psychologist. My teacher told me in private that he wouldn't have done anything but make me re-write the paper but since I showed it to a bunch of people (whose parents called in) he had no choice.
Please. I don't condone any of his actions, but he didn't exactly "run up a $300K bill" for the Times. I'm sure the Times has something like unlimited access to Lexis-Nexis for a fixed price. They just decided to "charge" him with full "retail" price.
It'd be like a 7-11 saying they sell bags of ice for $2, but individual ice cubes for $100 a piece, then accusing someone of Grand Larceny for stealing two bags of ice "worth over $80,000."
It's joke.
From Wired's interview:
I find it baffling how anyone can consider Lamo's non-malicious acts of security audits grounds for incarceration. If I were responsible for the New York Times data network during Lamo's breach, in addition to being embarrassed, I most likely would have written him a check and engaged with him to tighten up the security holes (Obviously including the necessary agreements required to protect against the sale or use of the data he had access to).
Had Lamo intended to act maliciously or engage without notice, he could have. So, the New York Times should be thankful that it was Lamo, walk-off the embarrassment, and throw this frivolous suit in the garbage can. The dollars allocated to the damage as a result of Lamo's activities are most likely "soft" costs. Specifically, the 300k associated to the LexisNexis activity, which is, most likely, an overvalued retail transaction price related to database queries, which fundamentally costs nothing. And, the 25k associated to the investigation efforts of the New York Times networking personnel, was really just a bad business decision. They could have just asked Lamo once he disclosed that he breached the network. I'm sure he would have provided the details. Additionally, those are, most likely, soft costs, as those resources used to perform the investigation were, most likely, New York Times network administration personnel doing what they do every day, well aside from reading Slashdot, and handling ID-10-T user errors.
The "real" cash that was wasted on all the blood-sucking lawyers to file suit against Lamo, should have been used to tighten up the security on that New York Times network. But, maybe it's not too late. Maybe, the charges can be dropped, prior to sentencing, and Lamo is good-natured enough to still help the New York Times out. Because the possibility of being on the receiving end of hacker community retaliation is certainly not a place I would ever want to be!
ER
"What I have written, I have written." - Pontius Pilate
Correct me if I'm wrong, but it sounds like he simply tweaked his browser settings a tad and got in, no cracking(I.E. A cracking program, overflow attack, etc.) involved. To me this is the NY-Times' fault more than anyone. Lamo doesn't have the skills or knowledge to actually crack a system...he trolls for people that don't know how to configure there settings properly. And it's not like the sites he gets into are small personal sites. MSN, NYTimes, etc..should all be ashamed that someone who has no real knowledge of how a computer network operates can get in that easy. Of course what he did was wrong, similar to entering an unlocked store at night, but the NYTimes is just as much at fault for either having a braindead security team, or not funding security appropriately.
whether or not he could code? so what he didn't know java or c++, he did understand how networking worked, and how to use network components and the networks themselves against itself. I think that the fact that he couldn't code yet still showed the world that networks were vulnerable to persistant attacks of such intimate nature is important and should not be taken lightly. If he was a coder, just think about what he could have done. Was he a script kiddie? that all depends on the definition I guess, but some people want to call him b/c he used a webbrowser for his explorations. Wait, I use a webbrowser when I explore the internet, does that make me a script kiddie, does that make any and all browser users a script kiddie? Seriously, a coder could have done a lot more breakins, and bunch more "spectacular" and prolly would have been respected more, but who cares, the guy found a way in without needing to code; and that should be addressed. Also, obiviously the guy had a talent for understanding networks and the perserverance to get the job done. There are many other "crackers/hackers" like that, both convicted and not yet caught. People with such talent and perserverance should be learned from, not convicted and jailed to be sitting beside murderers and rapists. I think that picking the brains of such people would be a benefit to society, not locking them up in some shitty jailcell. I heard that Robert T. Morris was an assistant professor at MIT, damn I'd love to learn from him, I'd love to chit chat with Mitnick, Poulsen, and many others who have show us the weaknesses in comp and network security. These are the people to learn from, not those 3 week long IT boot-camps and mindnumbing professors who are so far up their own ass its pathetic. My former CS professor is a genius, very intelligent and inventive like these people were, and the humbleness he had and the willingness to teach rivals Yoda himself. If it wasn't for my former CS prof, I'd be dead in the water clueless. So we should accept the fact that we need to learn from hackers/crackers not just after the attack, but by conversing with them, working with them hand in hand, instead of sending some of our most inventive minds off to jail.
may the source be with you