◆ SpookStack

FD-302 (Rev, 10-6.95) FEDERAL BUREAU OF INVESTIGATION Date of transcription _ 08/29/2002 SBC, email: | telephone number: ; was telephonically contacted by the interviewing agent. After being advised as to the identity of the interviewing agent and the purpose of the interview[__]provided the following information: bo -2 is familiar with unauthorized intrusion of SBC_b bic -2 hacker ADRIAN LAMO.| stated that another SBC employee, Do] telephone number [_—_=+4dir-- was approached by a Newsbytes reporter. The Newsbytes reporter stated that a white hat hacker had contacted him and informed him that he had gained unauthorized access to SBC's network. Through emails, the reporter identified the hacker as LAMO. The reporter further stated that LAMO was able to see all their customers' information. LAMO utilized a vulnerability in the dial up pools of SBC's customers. He gained access to their network by opening up his Netscape browser and typing in a particular Internet Protocol (IP) address and keyword. This action caused an URL attack to occur causing SBC's index of files to be displayed in LAMO's browser. The index feature must be turned on for this to occur. LAMO claimed the vulnerability to their system was in their dial up routers. LAMO was able to view customer account names, passwords and email addresses. Over 3600 customer's were vulnerable to the attack, The technical team at SBC was able to validate the vulnerability LAMO had utilized. They went through their directory structure to determine the amount of damage LAMO had inflicted. The technical team had to call all 3600 customers individually and change all of their passwords. The web server and dial up logs were preserved. Some of the IP addresses in the web server logs resolved to Kinko's stores. Other IP addresses resolved to dial up accounts. and[_——édit had’ indirect contact with LAMO. They decided not to speak to him directly. (C7 Jis unaware if anyone from SBC's Public Relations Department spoke to him directly. About two (2) to three (3) weeks later, an individual who works in their security department was approached by LAMO via email. The b3 -2 b6 -1,2 Investigation on 08/27/02 at New York, NY ({telephonicallyb7C -1,2 f This document contains neither recommendations nor conclusions of the FBI. It is the property of the FBI and is loaned to your agency: it and its contents are not to be distributed outside your agency. FBI(19-cv-1495)-1788