◆ SpookStack

accessed a New York Times staff list; obtained the name and Social Security number of a former New York Times employee; and using that information logged onto the NYT Intranet as a “superuser” -- that is, a user with full administrative rights to access and make changes to the network. Using that superuser access, the intruder created another superuser account under the fictitious user name “Eric Yee.” The intruder then used the Eric Yee superuser account to access various sites within the NYT Intranet, including an administrative database of contact information for various public sources (the “administrative database”) and a database containing personal information and Social Security numbers for contributors to the New York Times Op-Ed page (the “Op-Ed database”). NYT Representative One advised me that the intruder Had altered the Op-Ed database, adding a record for “Adrian Lamo” and personal information such as Lamo‘s cellular telephone number (i.e., (415) 505-HACK) and email address, and listing his expertise as “computer hacking, national security, communications intelligence.” NYT Representative One also advised me that a similar record for ‘Adrian Lamo” had been added to the administrative database. 6. In or about late May 2002, another representative of ‘the New York Times (“NYT Representative Two”) advised me that in or about May 2002, LexisNexis (an online subscription service that provides legal, news, public records and business information for a fee) had contacted the New York Times to report unusually high levels of activity associated with a number of the userids/passwords assigned to the New York Times’ user account with LexisNexis (the “compromised uscrids/passwords”). NYT Representative Two told me that the New York Times had subsequently conducted an internal investigation to determine who was responsible for the unusual activity. That investigation, including analysis of electronic logs relating to the NYT Intranet, revealed that each of the compromised userids/passwords was created by the account of the fictitious user Eric Yee that the intruder had created during the course of the unauthorized intrusion into the NYT Intranet. 7. Representatives of The New York Times have provided me with copies of the following records pertaining to the intrusion, among others: discussed below in paragraph 15, it has been reported in the press that ADRIAN LAMO, the defendant, used Proxy Hunter to identify an unsecure proxy server, which he then used to access MCI WorldCom’s internal network. FBI(19-cv-1495)-234)