UGN Security
Posted By: Ice NYT Hacker Released on $250,000 Bond - 09/10/03 04:08 AM
A 22-year-old who admits to hacking into corporate computer networks was released on $250,000 bond in California on Tuesday and ordered to travel to New York to face charges related to breaking into the internal network of The New York Times newspaper.

A federal magistrate in Sacramento released Adrian Lamo to the care of his parents, who used their house as collateral for the bond, and prohibited him from accessing any computers, said Patty Pontello, a spokeswoman for the U.S. Attorney's Office in Sacramento.

In addition, the magistrate told Lamo not to leave the area except to travel to New York, where he will have to report to the FBI office on Thursday morning, Pontello said.

Before his initial court appearance, Lamo had surrendered to the U.S. Marshall's service at the courthouse after learning that the FBI had obtained a warrant for his arrest last week.

Lamo has made a name for himself by breaking into networks of high-profile companies and pointing out the breaches to the company and sometimes the media. In some cases, he offered to help fix the security hole and was praised.

A federal complaint accuses him of repeatedly accessing the New York Times internal network without authorization by using the name and social security number of a former employee between February and April of 2002.

Lamo altered a database of social security numbers and phone numbers of 3,000 editorial page contributors to include his personal information, resulting in more than $25,000 of damage, the complaint alleges.

A second count charges him with using an unauthorized access device by stealing employee user names and passwords to log on to the LexisNexis news archive service and run up more than $300,000 in fees.

He could face fines and prison time under the Computer Fraud and Abuse Act of 1986.

MICROSOFT, YAHOO, WORLDCOM HACKED

According to the complaint, Lamo has admitted breaking into networks at Microsoft Corp. MSFT.O , Yahoo Inc.YHOO.O , Excite@Home Corp., WorldCom, known as MCI WCOEQ.PK , SBC Ameritech and Cingular.

Lamo also told San Francisco Weekly in April 2003 that he was preparing to announce his biggest hack to date on a critical infrastructure-related company, the complaint said.

An FBI agent notified the New York Times after reading about Lamo admitting to breaching the newspaper's network on a security news Web site, the complaint said.

New York Times Co. NYT.N has declined to comment other than to say it was cooperating with law enforcement authorities.

"I don't think that what I have done is wrong, but I understand that my actions have consequences," Lamo said on Monday.

Lamo's defense is likely to be the "white-hat hacker" defense, said Mark Rasch, former head of the computer crime unit at the U.S. Department of Justice.

White-hat hacker is a term used for people who work to protect computers from attack while "black-hat hackers" are those who attempt to break into them.

However, the law focuses on the intent to break into the computer, not the motive, said Rasch, who is chief security counsel for Solutionary, a computer security company.

"It's like a guy who sees the keys in the car in a parking lot, opens the door, takes the keys out and hides them under a mat and leaves a note," he said. "It's not a valid defense." (Additional reporting by Andy Sullivan in Washington, D.C.)

View the original article here
Sometimes you wonder where the hell they get these numbers. How can a single entry to a database cost $25,000? Did the guy get paid 25,000 dollars a minute, for the minute it took him to remove it. He didn't violate the integrity of the file obviously, b/c there was no integrity.

As for LexisNexis, used to have accesss, god that is a wonderful thing for information junkies. 300,000$, That would take 11yrs with the most expensive subscription plan w/ is actually the lack of a subscription plan, its paying daily, which is obviously the most expensive way to go. You can't pay per article and subscription rates are cheaper.

Quote:
Lamo altered a database of social security numbers and phone numbers of 3,000 editorial page contributors to include his personal information, resulting in more than $25,000 of damage, the complaint alleges.

A second count charges him with using an unauthorized access device by stealing employee user names and passwords to log on to the LexisNexis news archive service and run up more than $300,000 in fees.
© UGN Security Forum