Slashdot Mirror


Losing His Religion: Adrian Lamo Interview

digidave writes "Six months after the sit-down, TechFocus.org has published their interview with renowned hacker Adrian Lamo. Done before his arrest, TechFocus kept the interview secret so as not to influence the outcome of his trial. It remains his only interview since being arrested."

12 of 208 comments (clear)

  1. before arrest by AyeFly · · Score: 5, Insightful

    wait, this doesnt make sense "Done before his arrest, TechFocus kept the interview secret so as not to influence the outcome of his trial. It remains his only interview since being arrested." How can it be both before his arrest, ... and then be the only interview after being arrested??

    --
    Sig- http://www.dreamhost.com/rewards.cgi?ayefly
    1. Re:before arrest by VivianC · · Score: 3, Insightful

      Um... You are expecting the "editors" to edit? You must be new here.

      --
      Viv

      Gmail invites for ip
  2. IANAL, but... by chachob · · Score: 4, Insightful

    it seems to me that unless the comanies specifically hired him as a security consultant, then he has no legal support in these matters.
    However, he did not damage/alter any of the sites he hacked (excluding NYTimes, which was a minor addition to the list of "experts"). This does not help him in the courts though, because the act of breaking into the company's networks was illegal in itself.

    1. Re:IANAL, but... by 3terrabyte · · Score: 4, Insightful
      I consider your lack of RTFA pretty injurious.

      The FBI calculated the maximum cost of using Lexus Nexus to be $300k. An unlimited 3 month account COULD HAVE BEEN purchased by Mr. Lamo for $1500.

      --

      Why are there only 19 people folding@home for slashdot?

  3. Re:Cheese! by dasmegabyte · · Score: 4, Insightful

    Well, they'll never be able to track you via your slashdot account.

    Seriously, there's a rather supernatural school of thought that says we'll never hear interviews from the "best hackers," because they'll never get caught. I don't believe in superhackers -- but you have to wonder, with these guys catching interview with Lamo right before his latch, if an ego is REALLY the best thing for any criminal to possess. I mean, you need respect and renown to make it in a world without structure, but it seems having the blackhats known your name makes it easier for it to fall in the laps of the whitehats.

    --
    Hey freaks: now you're ju
  4. overrated. by dan2550 · · Score: 5, Insightful

    I dont mean to flame or anything, but im not to impressed by Lamo. he did some crazy things, but any lucky script kiddie could do the same. besides the fact that he was a meth addict, his "hacker skills" consist of using a web browser to snoop in unprotected directorys. In fact, he does not even know c++ or java.

    1. Re:overrated. by adamruck · · Score: 4, Insightful

      The fact that he wasn't trained and isn't skilled impresses me all that much more. Instead of relying on highly technical methods to gain access to things... he relyed on his sharp perception to notice security holes. The plain fact is that most people including me and you cant do that. He sees things in completely different ways than we do, thats what makes him smart.

      Wether you like lamo or what he did is up to you, but I think it would be foolish to not understand that what he did was impressive.

      --
      Selling software wont make you money, selling a service will.
  5. Re:It Figures the Times would do him in by Anonymous Coward · · Score: 3, Insightful
    the Times publishes a bunch of made up stories, about life and death stuff, and considers an apology to be good enough for us.

    Lamo tells truth and they want to send him to jail.

    Luckily, the Times gets more irrelevant every day.

  6. Moral of the Adrian Lamo story by twigles · · Score: 5, Insightful

    If you break the law shut up about it. Seriously, people bend and break laws all the time. Good, honest people. They cheat a little on their taxes, they don't stop all the way at stop signs, maybe they visit a prostitute occasionally.

    No one really cares until:
    1) The problem becomes extreme - instead of going 5 miles/hour over the speed limit you go 25 over.
    2) You trumpet your illegalities all over the place.

    If a sysadmin at the NY Times had received a discreet phone call from Lamo they would have had the option to ignore the whole situation and just quietly fix the problem. Instead they got a phone call from a reporter who was about to write a news piece on how this guy broke into their network.

    I'm not saying that they were right, just that it's understandable and Lamo shot himself in the foot with his lack of discretion. I learned this same lesson in high school when I wrote a creative writing paper that was so bloody offensive that I had to have a conference with my parents, the principle, the teacher and the school psychologist. My teacher told me in private that he wouldn't have done anything but make me re-write the paper but since I showed it to a bunch of people (whose parents called in) he had no choice.

  7. inflated damages by David+Jao · · Score: 3, Insightful
    I personally consider $300k pretty injurious.

    From Wired's interview:

    Although the Times doesn't pay retail for the service, the FBI calculated Lamo's damages using the full Lexis-Nexis rate, which added up to a shocking $300,000. It was clearly a punitive figure. Had Lamo simply bought an unlimited three-month account with Lexis-Nexis rather than piggybacking off the Times, it would have cost him just $1,500.
  8. Technically Disabled News Paper Company by EconomicRat · · Score: 3, Insightful

    I find it baffling how anyone can consider Lamo's non-malicious acts of security audits grounds for incarceration. If I were responsible for the New York Times data network during Lamo's breach, in addition to being embarrassed, I most likely would have written him a check and engaged with him to tighten up the security holes (Obviously including the necessary agreements required to protect against the sale or use of the data he had access to).

    Had Lamo intended to act maliciously or engage without notice, he could have. So, the New York Times should be thankful that it was Lamo, walk-off the embarrassment, and throw this frivolous suit in the garbage can. The dollars allocated to the damage as a result of Lamo's activities are most likely "soft" costs. Specifically, the 300k associated to the LexisNexis activity, which is, most likely, an overvalued retail transaction price related to database queries, which fundamentally costs nothing. And, the 25k associated to the investigation efforts of the New York Times networking personnel, was really just a bad business decision. They could have just asked Lamo once he disclosed that he breached the network. I'm sure he would have provided the details. Additionally, those are, most likely, soft costs, as those resources used to perform the investigation were, most likely, New York Times network administration personnel doing what they do every day, well aside from reading Slashdot, and handling ID-10-T user errors.

    The "real" cash that was wasted on all the blood-sucking lawyers to file suit against Lamo, should have been used to tighten up the security on that New York Times network. But, maybe it's not too late. Maybe, the charges can be dropped, prior to sentencing, and Lamo is good-natured enough to still help the New York Times out. Because the possibility of being on the receiving end of hacker community retaliation is certainly not a place I would ever want to be!

    ER

    --
    "What I have written, I have written." - Pontius Pilate
  9. Does it really matter? by jedi_odin · · Score: 3, Insightful

    whether or not he could code? so what he didn't know java or c++, he did understand how networking worked, and how to use network components and the networks themselves against itself. I think that the fact that he couldn't code yet still showed the world that networks were vulnerable to persistant attacks of such intimate nature is important and should not be taken lightly. If he was a coder, just think about what he could have done. Was he a script kiddie? that all depends on the definition I guess, but some people want to call him b/c he used a webbrowser for his explorations. Wait, I use a webbrowser when I explore the internet, does that make me a script kiddie, does that make any and all browser users a script kiddie? Seriously, a coder could have done a lot more breakins, and bunch more "spectacular" and prolly would have been respected more, but who cares, the guy found a way in without needing to code; and that should be addressed. Also, obiviously the guy had a talent for understanding networks and the perserverance to get the job done. There are many other "crackers/hackers" like that, both convicted and not yet caught. People with such talent and perserverance should be learned from, not convicted and jailed to be sitting beside murderers and rapists. I think that picking the brains of such people would be a benefit to society, not locking them up in some shitty jailcell. I heard that Robert T. Morris was an assistant professor at MIT, damn I'd love to learn from him, I'd love to chit chat with Mitnick, Poulsen, and many others who have show us the weaknesses in comp and network security. These are the people to learn from, not those 3 week long IT boot-camps and mindnumbing professors who are so far up their own ass its pathetic. My former CS professor is a genius, very intelligent and inventive like these people were, and the humbleness he had and the willingness to teach rivals Yoda himself. If it wasn't for my former CS prof, I'd be dead in the water clueless. So we should accept the fact that we need to learn from hackers/crackers not just after the attack, but by conversing with them, working with them hand in hand, instead of sending some of our most inventive minds off to jail.

    --
    may the source be with you