Homeless Hacker Adrian Lamo Surrenders to FBI

kojikun · Post by **kojikun** » 2003-09-09 09:48pm

Renowned homeless whitehat hacker Adrian Lamo surrendered this morning to the FBI to face charges under the Computer Fraud and Abuse Act of 1986 in response to his ethical hacks of New York Times computers. After hacking the NYT, and other companies, he told them how he did it and offered to fix their systems free of charge.

Links:

TechTV article. Be sure to watch the video of him, he's CUTE. And gay.

Wired article on Adrian. From 2002.

Darci's blog entry for today. Darci is a friend of Adrian's, and also Kevin Mitnicks girlfriend, as well as former part of the Screensavers crew [yay Darci!

]

Honestly, I think it's stupid. The NYTs refused to fix their systems when he told them. They all did, however, make sure that the systems were patched before releasing information on the hack to the news.

kojikun · Post by **kojikun** » 2003-09-09 09:49pm

Er, sorry, not today's blog entry, Saturdays.

I kind of find this exciting tho. It's very cyberpunk. =x

Joe · Post by **Joe** » 2003-09-09 09:50pm

Good! Hope they send him to a pound me in the ass prison.

kojikun · Post by **kojikun** » 2003-09-09 10:03pm

Bah. You suck, Durran.

Joe · Post by **Joe** » 2003-09-09 10:08pm

kojikun wrote:Bah. You suck, Durran.

If he wants to help people, fine. He can do it legally at PWC. He broke the law and should have considered the ramifications of his actions.

kojikun · Post by **kojikun** » 2003-09-09 10:10pm

Durran Korr wrote:If he wants to help people, fine. He can do it legally at PWC. He broke the law and should have considered the ramifications of his actions.

Actually he knew exactly what he was doing and has no qualms with being charged. I just think they're stupid, he didn't do any harm.

Stormbringer · Post by **Stormbringer** » 2003-09-09 10:11pm

kojikun wrote:
Durran Korr wrote:If he wants to help people, fine. He can do it legally at PWC. He broke the law and should have considered the ramifications of his actions.
Actually he knew exactly what he was doing and has no qualms with being charged. I just think they're stupid, he didn't do any harm.

But he still broke into their systems illegally. Sucks to be him but I'm not going to shed a tear.

kojikun · Post by **kojikun** » 2003-09-09 10:23pm

Stormbringer wrote:But he still broke into their systems illegally. Sucks to be him but I'm not going to shed a tear.

I agree that legally he should be prosecuted, but I think NYT is being stupid.

Stormbringer · Post by **Stormbringer** » 2003-09-09 10:26pm

kojikun wrote:
Stormbringer wrote:But he still broke into their systems illegally. Sucks to be him but I'm not going to shed a tear.
I agree that legally he should be prosecuted, but I think NYT is being stupid.

For prosecuting a hacker? What the fuck were they supposed to do? Give him a pat on the back and check? I'd do the same thing and so would most people.

kojikun · Post by **kojikun** » 2003-09-09 10:31pm

Stormbringer wrote:For prosecuting a hacker? What the fuck were they supposed to do? Give him a pat on the back and check? I'd do the same thing and so would most people.

No. A "Thanks, but don't do it again" would've been good, especially cause he saved their asses from other hackers and did so out of the kindness of his heart not for monetary gain.

Stormbringer · Post by **Stormbringer** » 2003-09-09 10:33pm

kojikun wrote:No. A "Thanks, but don't do it again" would've been good, especially cause he saved their asses from other hackers and did so out of the kindness of his heart not for monetary gain.

But he still hacked them and broke the law. He knew the risk and it was a dumb assed thing for him to do.

Joe · Post by **Joe** » 2003-09-09 10:35pm

kojikun wrote:
Stormbringer wrote:For prosecuting a hacker? What the fuck were they supposed to do? Give him a pat on the back and check? I'd do the same thing and so would most people.
No. A "Thanks, but don't do it again" would've been good, especially cause he saved their asses from other hackers and did so out of the kindness of his heart not for monetary gain.

There are plenty of legal avenues he could have pursued if he wanted to act out of the goodness of his heart.

Solauren · Post by **Solauren** » 2003-09-09 10:46pm

He should have said "hello. I haven't done it, but I know it's possible to hack your systems. If you want, I can show you with your permission, and then tell you how to fix it. Free of Charge. I don't want to see the NYT get hacked"

If they had said no, then well, he tried.

Good idea. BAD execution

kojikun · Post by **kojikun** » 2003-09-10 01:13am

Yeah, he did it the wrong way. But have you seen what these companies do when told about their vulnerabilities? Nothing. "Shut up and go away." It's happened too often to often. Big companies ignoring little guys with good advice.

Pu-239 · Post by **Pu-239** » 2003-09-10 01:58am

PR department of NYT has fucked up.

- He'll be in big trouble, due to the stupidity of the media, and the bias caused by blaster, sobig, etc.

What are the punishments for physical breaking and entering? The computer equivalent shouldn't be any worse (though probably is/will be?, due to media hysteria)

.

EmperorChrostas the Cruel · Post by **EmperorChrostas the Cruel** » 2003-09-10 12:23pm

I think the peanalty for virtual B&E SHOULD be more than the real thing.
The MAXIMUM amount of theft/vandalism a burglar can do is the value of the building and it's contents.
Breaking into my house CAN'T cause BILLIONS of $$$$$$$ in damages, like hacking can. There is a difference in the law between simple vandalism, a misdemeanor, and destruction of property, a felony. The difference is one of degree, and $$$ amount of damage.
Just because the cost is spread out over people that use the net, doesn't change the amount of money lost.
LIVES can be lost due to hacking.
Lost or altered medical records, law enforcement records lead DIRECLTY to deaths. (Wrong type/dose/delay of medicine, and unintentional releases)
The uncertain nature of the spread of damage and vulnerability factor make hacking literaly a crap shoot, on how much Bad Things happen.

I suspect sympathy is from those who don't get it, or are secret wannabe hackers.

EmperorChrostas the Cruel · Post by **EmperorChrostas the Cruel** » 2003-09-10 12:26pm

PS:
My brother's workplace was hacked, and the mess delayed his PAYCHECK for 10 days! The time in took to MANUALY figure out the payrole from hardcopy backups, and manualy write the checks.
Fuck you hackers, one and all.

Datana · Post by **Datana** » 2003-09-10 12:44pm

Penalties for hacking should match the harm caused (or was intended to cause), rather than just a catch-all penalty. Cause a few hours' downtime, fine, just fine the person for time lost (should already amount to tens of thousands) and jail him for a month or two. Destroy data, and the penalties should be much stiffer (say, time lost, repair costs, a penalty on top of that, and years in the slammer). Invoke capital punishment if someone dies. The NYT didn't suffer greatly from this attack compared to how it could have been, so throwing the book at the guy seems unwarranted. He should still be prosecuted, though, as he did enter without permission, even if it was good-intentioned (which I sincerely doubt).

Stormbringer · Post by **Stormbringer** » 2003-09-10 12:58pm

kojikun wrote:Yeah, he did it the wrong way. But have you seen what these companies do when told about their vulnerabilities? Nothing. "Shut up and go away." It's happened too often to often. Big companies ignoring little guys with good advice.

Maybe so. But that doesn't give people like him the right to break in to their systems. If they have vulnerabilities then that's their problem. It's not his right or duty to hack into their system to point them out. He committed the crime, now he'll do the time.

Pu-239 · Post by **Pu-239** » 2003-09-10 04:16pm

EmperorChrostas the Cruel wrote:Pu-239:
I think the peanalty for virtual B&E SHOULD be more than the real thing.
The MAXIMUM amount of theft/vandalism a burglar can do is the value of the building and it's contents.
Breaking into my house CAN'T cause BILLIONS of $$$$$$$ in damages, like hacking can. There is a difference in the law between simple vandalism, a misdemeanor, and destruction of property, a felony. The difference is one of degree, and $$$ amount of damage.
Just because the cost is spread out over people that use the net, doesn't change the amount of money lost.
LIVES can be lost due to hacking.
Lost or altered medical records, law enforcement records lead DIRECLTY to deaths. (Wrong type/dose/delay of medicine, and unintentional releases)
The uncertain nature of the spread of damage and vulnerability factor make hacking literaly a crap shoot, on how much Bad Things happen.

I suspect sympathy is from those who don't get it, or are secret wannabe hackers.

No, I meant only virtual B&E that causes no or minimal damage, like the NYT incident, unlike when a cracker does something malicious like plant a trojan, steal files, etc. Unlike real B&E, you don't have property damage like broken windows and the like. If sensitive information (credit card numbers, the like), though, was accessed, and they downloaded a file containing such, then they would be in deep shit, unless they could prove that they did not commit or intend to commit fraud or other misuse of the information, which would be difficult anyway.

In this case, he didn't do much of anything other than breaking in, until we can get more detail. That would merely be breaking and entering, minus property damage(unless he broke something on the way in).

You seem to be confusing breaking in to computers (cracking/hacking, whatever) with virus writing, merely because they are computer based.

Hacking a single server is like breaking and entering into a single building, like your analogy, unless the person leaves behind trojan/virus/worm(more later). Leaving a trojan behind... well I don't know about the RL equivelent(leaving someone to stay behind and hide in the building, eitehr to steal data or facilitate future attacks)? Doing so would be more incriminating and would probably get a much heavier sentence though, depending on what was done.

Worm and virus writers should be thrown in the slammers for years though, since it is the computer equivelant of releasing (often ineffective though) WMD, and cannot be controlled. Worse if someone dies.

EmperorChrostas the Cruel · Post by **EmperorChrostas the Cruel** » 2003-09-10 05:15pm

In the case of my brother, the hacking of one compuer crashed the whole system. It was done by an ex emploee who still had limited access.
I agree that the punishment should fit the crime, we just disagree in principal about the severity of the offence.
The ensuing chaos, and lack of money input for that time almost made my brother unemployed, and cost him late fees and fucked up his credit. One year later, and he is STILL dealing with the consequences.

How do you put a value on something like screwing up someones credit?

He lost a HOUSE because he didn't qualify! He damn sure did before this bullshit landed on him.(New and degraded credit rating makes for higher interst on loans, thus higher monthly payments)
How do you figure that in $$$$$ ?
I have a personal grudge againt ALL hackers, be they evil, or "benign."
I suspect the opposite is true of my counter parts.