Slashdot Mirror
Losing His Religion: Adrian Lamo Interview
digidave writes "Six months after the sit-down, TechFocus.org has published their interview with renowned hacker Adrian Lamo. Done before his arrest, TechFocus kept the interview secret so as not to influence the outcome of his trial. It remains his only interview since being arrested."
Except for this one he did for NPR's Marketplace that aired Wednesday.
It Figures the Times would do him in. He prob tried to read a story without registering.
Keep the faith, share the code
...cute young guy like that isn't ever going to want for cigarettes while he's in the joint.
"I'd rather be a lightning rod than a seismometer." -Ken Kesey
wait, this doesnt make sense "Done before his arrest, TechFocus kept the interview secret so as not to influence the outcome of his trial. It remains his only interview since being arrested." How can it be both before his arrest, ... and then be the only interview after being arrested??
Sig- http://www.dreamhost.com/rewards.cgi?ayefly
Losing His Religion: Techfocus Interviews Hacker
Adrian Lamo
Posted by Bill Royle on April 08, 2004
The companies he broke into reads like a Forbes ranking list. Yahoo! Excite@Home. MCI WorldCom. Microsoft. SBC Ameritech. Cingular.
He got away with it by notifying those companies of the weaknesses, and in some cases helped fix them, for free. Then he set his sights on the New York Times. They were less forgiving. Today, April 8th, Adrian Lamo will be sentenced - having plead guilty.
I first worked to get an interview with Adrian Lamo in July, 2003. Having compromised the networks of some of the most influential companies in the world was not incredibly unusual, but the manner in which it was done was intriguing. Adrian Lamo has been termed the "homeless hacker," the "helpful hacker" and numerous other nicknames - because instead of disappearing into the ether, he would make the company aware of the flaw he had exploited, and in some cases would advise them on how to resolve it. Based on that approach, Lamo was fortunate to have dealt with companies that didn't choose to press charges.
Then, during an interview with SecurityFocus (not affiliated with Techfocus), he admitted to having broken into the NY Times network. The interviewer contacted the New York Times in a request for comment. Shortly thereafter, the FBI started an investigation. He was ultimately arrested in September for the penetration of the New York Times network, and for using their resources. Today he has pleaded guilty to breaking into their network, and for conducting unauthorized searches on Lexis/Nexis - all on the Grey Lady's tab. You can read the original criminal complaint here.
Lamo had another distinction from many hackers - he did so while homeless. While his family was willing to house him, he set off on his own, traveling from place to place via Greyhound. Occasionally he slept on the couches of people he knew in different cities, at other times he would sleep in abandoned buildings or anywhere feasible. All the while, he traversed networks using a battered laptop with a wireless network card.
Adrian Lamo is most assuredly unique. A month after his arrest, I received an email from him asking how the weather was. A bit puzzled, I contacted a mutual acquaintance to verify that it was Adrian. Indeed it was, so we met the next weekend near his home to discuss his background, and the serious charges he faced.
This was no ordinary interview. Not only had Lamo not given any interviews since the arrest, but the FBI had been exerting tremendous pressure on journalists that had spoken with Lamo, demanding that they turn over all notes and correspondence with him. It was only after a strong outcry from the journalistic community and their attorneys that the FBI grudgingly relaxed their demands, but there was little solace in that. As such, there was nothing written down - just a digital voice recorder with a limited battery. Upon the conclusion of the interview, the recording was transcribed to the PC, then sent to an offshore server outside of my control, in the event that an order was made to surrender it. The digital recording was destroyed.
We hope you enjoy the interview.
Update: Sentencing has been delayed until June.
When did you get started getting interested in security online?
"That'd depend on how you define started, I guess. My first exposure to computers was my Dad's Commodore 64 when I was six or seven, and as you may have read somewhere, I was interested in making things work differently than the way they were intended - loading, then inputting it and using the list command to see all of the code contained within it to see what the hell I was supposed to do with this blind corner that didn't seem to go anywhere."
What kind of games?
"Text-based adventure, like Zork-style."
What moved you to move from disk-based security to a larger scale type of interest?
"To
The interview linked to in the story is not really the best I have read. There was one done in Wired a while back that had a lot more about his exploits. A particular favorite among the stories he told was one where he and some friends were exploring a Gypsum factory while high on methanphetamines. The police came and just when they were about to get arrested Lamo hears a cat and tells the officers he had come in to rescue it. Sure enough they find the cat and Lamo and his friends are not arrested.
_____
Thank you.
Because the server was Slashdotted so quickly. Anyone get this mirrored in the 30 seconds it stayed online?
-- Josh Turiel
"2. Do not eat iPod Shuffle."
here's (bottom of page) an interview with Lamo I heard on Marketplace a couple days ago. It's really pretty good, he also rags on the computer security industry. Not entirely justified, but he makes some valid points.
That was fast. I even tried to hit it before it went 'live', and it was already /.'d. *sigh*
it seems to me that unless the comanies specifically hired him as a security consultant, then he has no legal support in these matters.
However, he did not damage/alter any of the sites he hacked (excluding NYTimes, which was a minor addition to the list of "experts"). This does not help him in the courts though, because the act of breaking into the company's networks was illegal in itself.
Well, they'll never be able to track you via your slashdot account.
Seriously, there's a rather supernatural school of thought that says we'll never hear interviews from the "best hackers," because they'll never get caught. I don't believe in superhackers -- but you have to wonder, with these guys catching interview with Lamo right before his latch, if an ego is REALLY the best thing for any criminal to possess. I mean, you need respect and renown to make it in a world without structure, but it seems having the blackhats known your name makes it easier for it to fall in the laps of the whitehats.
Hey freaks: now you're ju
wired also has an article about him. Pretty informative about his history and current conditions. Read away...t ml
http://www.wired.com/wired/archive/12.04/hacker.h
If you go to 2600's website, you can get an mp3 of the last show here. Adrian Lamo was present and spoke about a few things. Also, check the archives, he was on the show previously.
*twitch*
No, I'm New Here
According to this article in PC World, Adrian Lamo's sentencing has been delayed until June:
http://www.snpx.com/cgi-bin/news5.cgi?target=www.I wonder if the the NY Times or the Feds decided to change the terms of the plea agreement at the last minute?
That's a nice bit of spin. They did it because they're a website, so in the eyes of the legal system, they're not decisively a "real" news organization, so they knew they'd get subpoenaed in a second by either prosecutors and have to turn over everything; it'd be a legal battle that would get drawn out for months given the stakes. The EFF would probably get involved, etc. A good deal of their notes etc would probably be very, very incriminating to Lamo, since hackers, like most stupid criminals, love to brag about their crimes.
So, in other words, they danced on the line of hiding criminal evidence. It would not be a stretch for them to get charged themselves. I'd be absolutely amazed if they didn't at least get subpoenaed within the next few days and the evidence used to file new charges against Lamo.
Please help metamoderate.
Here's the interview, folks... we've been /.'ed before, but never at this magnitude. The server op is working to get things evened out, but in the meantime here is the text:
When did you get started getting interested in security online?
"That'd depend on how you define started, I guess. My first exposure to computers was my Dad's Commodore 64 when I was six or seven, and as you may have read somewhere, I was interested in making things work differently than the way they were intended - loading, then inputting it and using the list command to see all of the code contained within it to see what the hell I was supposed to do with this blind corner that didn't seem to go anywhere."
What kind of games?
"Text-based adventure, like Zork-style."
What moved you to move from disk-based security to a larger scale type of interest?
"To me there's never been that much of a differentiation, in the sense that what I do is less about a particular methodology of technology that's applicable to some technology but not applicable to others. And more about seeing things differently - seeing things that people see everyday, but seeing them in a way that they never saw, that people who created them never intended them to be seen. To see them, to see what is around them and make them more as the sum of their parts and in doing so cause them to operate in a way that was never intended, expected or even thought possible."
Have you always done this type of thing alone, or do you prefer doing it in a team of other people?
"I've always worked alone pretty much. I will occasionally give pointers, but I very much believe that nobody should look at me as an example to be followed - in the sense that if there's anything that I've done, it's... occupied a space in our world that previously was not occupied. And if there's anything that I can say to anybody that is considering starting out on their own, it's to do something that nobody before them has done. And as such, if I was to really try to unduly influence anybody's path, even by working with them, I'd think that I'd be being untrue to the nature of what I do."
There was a question on the site from someone asking if there were any "schools" or any places to become a "pro hacker." Do you have any suggestions as to where people could go or what you suggest for people who were interested in being an enthusiast?
"The mean streets of Washington D.C. on two dollars a day. Surviving on that - that's a hack."
What was your favorite city in terms of your travels?
"I don't think I have one particular favorite. I have strong affinities to DC, Philadelphia, San Francisco and probably Sacramento, as well as Pittsburgh."
You've been referred to as the "homeless hacker," or "helpful hacker." What started you on the road? Did you have to leave your home against your will - did your parents kick you out or was it something you chose to do?
"No, my parents have always been very good to me. They've always been there for me, no matter what, and they're really great people. When I was seventeen or so, they moved to Sacramento."
Did you like her? Was she a good mom?
"Yeah, she's a great mom. How many moms would stand on the doorstep of a home and tell the FBI "thou shalt not pass," essentially?"
She had said that she wished that you would do something something that everyone would see as positive. Is there any sort of discontent between your family and you when it comes to this field, or is it something you're moving past now?
"The family's in some hard financial straits right now. In many ways I think they don't see what I do as I see it, and certainly not be involved in that respect. They, I believe, view it (computing) more as a hobby and don't really understand, and it seemed to be much closer to being about religion for me."
A
I can't get to the interview, but the wired article seems to imply this guy is just a script kid. Basically it sounds like he's doing the modern day equivalant of war dialing.
He gets the press coverage because he's "homeless", but doesn't fit the alcoholic loser bum image of most homeless people. People like hearing such stories because it gives them hope that all the homeless (or more accurately, bums) might be able to pull themselves up by their bootstraps. Total bullshit of course, but it makes for good copy.
AccountKiller
I dont mean to flame or anything, but im not to impressed by Lamo. he did some crazy things, but any lucky script kiddie could do the same. besides the fact that he was a meth addict, his "hacker skills" consist of using a web browser to snoop in unprotected directorys. In fact, he does not even know c++ or java.
It remains his only interview since being arrested.
w ww.wired.com/wired/archive/12.04/hacker_pr .htmlm lj htm l?articleID=17300322n fostructure/0,1377,618 31,00.html9 03.html/ c/a/2003/ 09/22/BUGR11R7L91.DTLa dio.org/shows/2004/04/0 7_mpp.html
Except for all the others...
http://www.securityfocus.com/news/6934
http://
http://news.com.com/2100-7348_3-5135351.ht
http://www.internetweek.com/story/showArticle.
http://www.wired.com/news/i
http://www.2600.com/offthehook/2003/0
http://sfgate.com/cgi-bin/article.cgi?f=
http://marketplace.publicr
you mean the kind that can spell testicles?
"We can confirm that Debian does *not* ship the version with the trojan horse. Our version predates it." [CA-2002-28]
Every time i hear bout this Adrian Lamo guy, I get excited thinkin its the Victoria's Secret model Adriana Lima, only to realize its just this loser :)
no comment
Give a shit?
Seriously, this guy is just craving attention. Homeless hacker my ass. Maybe if he actually tried to make something of his life or contribute to society I could give a shit. But he has done nothing for the real 'hacker' community.. stop giving hackers a bad name and refer to him as homeless 'criminal' please.
You're new here, right?
(and that the original poster got it a bit wrong.)
Er, um...again...you're new here, right?
Please help metamoderate.
If you break the law shut up about it. Seriously, people bend and break laws all the time. Good, honest people. They cheat a little on their taxes, they don't stop all the way at stop signs, maybe they visit a prostitute occasionally.
No one really cares until:
1) The problem becomes extreme - instead of going 5 miles/hour over the speed limit you go 25 over.
2) You trumpet your illegalities all over the place.
If a sysadmin at the NY Times had received a discreet phone call from Lamo they would have had the option to ignore the whole situation and just quietly fix the problem. Instead they got a phone call from a reporter who was about to write a news piece on how this guy broke into their network.
I'm not saying that they were right, just that it's understandable and Lamo shot himself in the foot with his lack of discretion. I learned this same lesson in high school when I wrote a creative writing paper that was so bloody offensive that I had to have a conference with my parents, the principle, the teacher and the school psychologist. My teacher told me in private that he wouldn't have done anything but make me re-write the paper but since I showed it to a bunch of people (whose parents called in) he had no choice.
From Wired's interview:
We need a new moderation category: "It'd be funny if it wasn't so sad."
"If you could only see what I've seen with your eyes..." - Roy Batty
"we met the next weekend near his home"
Neat trick given he was homeless.
Holy s-, it's Jesus!
I find it baffling how anyone can consider Lamo's non-malicious acts of security audits grounds for incarceration. If I were responsible for the New York Times data network during Lamo's breach, in addition to being embarrassed, I most likely would have written him a check and engaged with him to tighten up the security holes (Obviously including the necessary agreements required to protect against the sale or use of the data he had access to).
Had Lamo intended to act maliciously or engage without notice, he could have. So, the New York Times should be thankful that it was Lamo, walk-off the embarrassment, and throw this frivolous suit in the garbage can. The dollars allocated to the damage as a result of Lamo's activities are most likely "soft" costs. Specifically, the 300k associated to the LexisNexis activity, which is, most likely, an overvalued retail transaction price related to database queries, which fundamentally costs nothing. And, the 25k associated to the investigation efforts of the New York Times networking personnel, was really just a bad business decision. They could have just asked Lamo once he disclosed that he breached the network. I'm sure he would have provided the details. Additionally, those are, most likely, soft costs, as those resources used to perform the investigation were, most likely, New York Times network administration personnel doing what they do every day, well aside from reading Slashdot, and handling ID-10-T user errors.
The "real" cash that was wasted on all the blood-sucking lawyers to file suit against Lamo, should have been used to tighten up the security on that New York Times network. But, maybe it's not too late. Maybe, the charges can be dropped, prior to sentencing, and Lamo is good-natured enough to still help the New York Times out. Because the possibility of being on the receiving end of hacker community retaliation is certainly not a place I would ever want to be!
ER
"What I have written, I have written." - Pontius Pilate
Correct me if I'm wrong, but it sounds like he simply tweaked his browser settings a tad and got in, no cracking(I.E. A cracking program, overflow attack, etc.) involved. To me this is the NY-Times' fault more than anyone. Lamo doesn't have the skills or knowledge to actually crack a system...he trolls for people that don't know how to configure there settings properly. And it's not like the sites he gets into are small personal sites. MSN, NYTimes, etc..should all be ashamed that someone who has no real knowledge of how a computer network operates can get in that easy. Of course what he did was wrong, similar to entering an unlocked store at night, but the NYTimes is just as much at fault for either having a braindead security team, or not funding security appropriately.
whether or not he could code? so what he didn't know java or c++, he did understand how networking worked, and how to use network components and the networks themselves against itself. I think that the fact that he couldn't code yet still showed the world that networks were vulnerable to persistant attacks of such intimate nature is important and should not be taken lightly. If he was a coder, just think about what he could have done. Was he a script kiddie? that all depends on the definition I guess, but some people want to call him b/c he used a webbrowser for his explorations. Wait, I use a webbrowser when I explore the internet, does that make me a script kiddie, does that make any and all browser users a script kiddie? Seriously, a coder could have done a lot more breakins, and bunch more "spectacular" and prolly would have been respected more, but who cares, the guy found a way in without needing to code; and that should be addressed. Also, obiviously the guy had a talent for understanding networks and the perserverance to get the job done. There are many other "crackers/hackers" like that, both convicted and not yet caught. People with such talent and perserverance should be learned from, not convicted and jailed to be sitting beside murderers and rapists. I think that picking the brains of such people would be a benefit to society, not locking them up in some shitty jailcell. I heard that Robert T. Morris was an assistant professor at MIT, damn I'd love to learn from him, I'd love to chit chat with Mitnick, Poulsen, and many others who have show us the weaknesses in comp and network security. These are the people to learn from, not those 3 week long IT boot-camps and mindnumbing professors who are so far up their own ass its pathetic. My former CS professor is a genius, very intelligent and inventive like these people were, and the humbleness he had and the willingness to teach rivals Yoda himself. If it wasn't for my former CS prof, I'd be dead in the water clueless. So we should accept the fact that we need to learn from hackers/crackers not just after the attack, but by conversing with them, working with them hand in hand, instead of sending some of our most inventive minds off to jail.
may the source be with you