◆ SpookStack

New Architect: Inside the Hace @ Page 3 of 6 NA: What's the root cause of this mentality? And is there anything that.can be done? AL: A scenario where all networks are perfectly secure might be desirable for someone with a long-term vested interest in security, but—thankfully—that's not possible, and perhaps not even desirable. For many companies, it is harmful when intrusions happen, but it doesn't have to be. There's a stigma attached to them, and a sense that the companies are somehow lessened by having been targets of successful hacks. No company can be 100 percent secure, and the people securing them have tended to come from backgrounds that reflect zero-tolerance and linear, law-and-order approaches to security. It's easy to look at something that harms a company and say it's bad, but that denies the context—that without many of the spurious, sometimes seemingly meaningless events that have taken place during the history of the Net and of society, we wouldn't be at quite the place where we are now. People with a physical and national security background are trying to apply their life lessons to a situation outside that context, and they'll continue to do so for as long as they can. Everyone does what they feel they should do. NA: Okay, so where do you fit in? AL: I do what I do. I try to do it in ways that I'd generally be okay with if they were applied to me, and things work out one way or another. There's no quest that will be finished once I accomplish "X." I do what I'm geared to do, for lack of a better way of describing it. NA: Fair enough. I want to ask about some of your hacks, and we'll leave the "why" to the muses. How do you pick your targets? AL: They're there, and I'm there. It meshes with the above. If I really went out and looked for a specific target, I'd be going against the current of how this happens in the first place. It's random and unknowable. NA: Any thoughts on your favorite hacks? Easiest? Most difficult? Best? AL: Well, in keeping with how they happen, the more improbably it happens, the more of a kick I get out of it. With the New York Times, I couldn't even piece together every link in the chain of events, but when the intranet page loaded, my friend sitting next to me was just floored—not because it was the Times, but because of how randomly it had happened: Sitting there, chatting, me just randomly following a chain of sites on a random tangent. Read an article on one, push the security envelope on another, follow up on something I saw mentioned during the course of that, and research it on a different one, eventually end up with an interest in who had written something specific, and fire http:/Avww.newarchitectmag.com/documents/s=2415/nal202r/ 9/8/2003 FBI(19-cv-1495)-1095