, SecurityFocus 2003-09-10
Days before going public with his penetration of the New York Times internal network last year, hacker Adrian Lamo created five new user accounts with the LexisNexis database service under the Times corporate account, which he used to rack up $300,000 in charges over the following three months, a federal complaint in New York charges.
Expand all |
Post comment
Of course he should be tried
2003-09-11
drg (3 replies)
drg (3 replies)
Of course he should be tried
2003-09-11
The 420 Zodiac (1 replies)
The 420 Zodiac (1 replies)
Of course he should be tried
2003-09-12
Wckd (1 replies)
Wckd (1 replies)
Of course he should be tried - Enough analogies!
2003-09-12
Anonymous (1 replies)
Anonymous (1 replies)
The difference between my network and yours.....
2003-09-11
Anonymous Hacker Supporter (3 replies)
Anonymous Hacker Supporter (3 replies)
breaking into someone's house analogy doesn't work !!!
2003-09-11
Anonymous (2 replies)
Anonymous (2 replies)
breaking into someone's house analogy doesn't work !!!
2003-09-12
An idiot like the one that posted before me.
An idiot like the one that posted before me.
I think you'd have a hard time convincing any company accountant that the bills for the Servers, Routers, Switches, cabling, manhours, etc, that go into building and maintaining a corporate network/system are virtual.
A corporate Domain is property, it is owned in just the same way that the servers it lives on are owned.
Just because it can be entered and explored from the comfort of your own box, without passing a discrete physical threshhold doesn't mean it's not trespassing.
Blaming everything on the Admins is just a convenient moral cop-out, yes, it is their(by their, I do mean our) job to design and maintain their systems in such a way as to preclude exploit (not to mention to prevent their systems being used to exploit others through smtp or DoS relaying).
But.
That admission does not absolve the moral/legal obligations of would be hackers/crackers to behave in a responsible manner.
You find a hole, you tell them, you go away, lack of action on their part could and should never be taken as implict carte blanche to run roughshod over their system.
I don't care if you have the best interests of overall internet security at heart, if you enter my system without my permission I will seek to punish you, you are a criminal (and I'm a shit Admin, but that's another story).
Is Adrians transgression being blown out of all proportion to distract from the inadequecies of the NYTs security?
Clearly.
Are the FBI playing this up as a great victory to create the illusion of success (and some kind of competancy)?
Clearly.
Is what Adrian did right?
Not even slightly.
All that said, the saddest aspect of all this is that NYT is being portrayed as pure victim, in the country I operate out of, we have a Law called "The Data Protection Act", and under that law the NYT could be crucified for not protecting the personal data it holds more rigorously.
If the US doesn't have an analogous law, it should, and the NYT shout be nailed to a tree by the Feds for its irresponsibility,at the same time as Lamo.
*RANT OVER*
[ reply ]
Link to this comment: http://www.securityfocus.com/comments/articles/6934/22298#22298