◆ SpookStack

Wired News: Lamo Hacks ong Claims Site ) Page 2 of 3 ‘ Lock\line spokesman Reed Garrett confirmed the hack. Carter noted that no financial information or social security number data were taken and the information wasn't even available to lock\line. "We screwed up,” said Carer. "Our policy is that any time there is a document with customer information on it is to be shredded. They've been trained on this. They just didn't do it. There's no excuse for it.” The event highlights the problems of managing vendor relationships when customer information needs to be shared but each company has different processes for handling that information. Carter says Cingular has neatly 40,000 vendors, and staying on top of them all is an "arduous" task, which the company continues to evaluate. Jerry Brady, CTO of security services company Guardent, said incidents like the Cingular episode are not that uncommon. "This usually happens because people whip together quick-and-dirty front ends without much thought fo the construction of the data,” he said. "You see this all the time, not just in the private sector, but in government systems as well. You just can't expect that outsourcer {to) treat confidential data the same way as the firm. They have no vested interest in worrying about the customer.” Lamo noted that outsourcing arrangements continue to yield a treasure trove of weak links in electronic security. Said Lamo, "As companies begin to outsource more and more of their businesses, the line of where security begins and ends gets blurry." He added that in this case, the security was “tremendously bad.” The Cingular discovery is the latest in a line of exploits from Lamo. In the past few years, Lamo has found his way into the database containing sources for the The New York Times, has altered news stories on Yahoo and has repeatedly compromised AOL. Companies have contemplated suing him, but security experts have lauded his efforts for pointing out flaws. Lamo, 22, doesn't have a permanent address. He wanders cross-country on foot or by public bus. Spring and summer usually bring him to Northern California. Until recently, he used. terminals at Kinko's to perform his hacks. He has graduated to using a Wi-Fi-ready laptop at Starbucks to do his work. For Lamo, there's a bigger issue at stake with the Cingular hack. "If only they had recycled the document instead of throwing it away," he quipped, "this wouldn't have happened." mM Wired News: Staff | Contact Us | Advertising We are transiated daily into Spanish, Portuguese, and Japanese © Copyright 2003, Lycos, Inc. All Rights Reserved. Your use of this website constitutes acceptance of the Lycos Privacy Policy and Terms & Conditions FBI(19-cv-1495)-1809 http://www.wired.com/news/privacy/0,1848,59024,00.html 6/12/2003