◆ SpookStack

3 ‘and Again r , doors, am - re He Blacks same checking ty : . Business Week Online:Stop Him Before He Hacks Again : Gsenteant mention of NYTCO ney _* t = passing mention of NYTCO : — = industry article swt Reqiste/Subscibe Hone BusinessWeek online - 7 Close Window MAFRCH 5, 2002 EEREIN DATE 4 SECURITY NET By Alex Salkever Stop Him Before He Hacks Again Adrian Lamo has made quite a name for himself by breaking into corporate networks. He has done no harm — but that's not the issue Readers of The New York Times's "op-ed" page regularly find columns written by a host of world leaders and celebrities, from Palestinian leader Yassir Arafat and former U.S. President Jimmy Carter to hip-hop star and talk-show host Queen Latifah. The contact information for these luminaries is a closely guarded Times secret, as is the contents of the op-ed section's Rolodex. Not anymore. The Times op-ed section and its list of contributors were recently penetrated by one of the most controversial hackers to emerge since Kevin Mitnick, who spent almost five years in prison for repeatedly - invading computer systems at a slather of high-tech outfits. Meet Adrian Lamo, a soft-spoken 21-year-old snoop from San Francisco who hacks with nothing more than a laptop, a Web browser, and a Net connection at the local coffee shop. FRIENDLY WARNING. Lamo recently broke into the Times computer network, where he co-opted contact~ information files as well as sensitive details of the news-gathering and editing process at the Times. His tear through the Gray Lady's closet even gave him the ability to change the Web site at one of the world’s most powerful media organizations with a few key strokes -- an option he didn't exercise. Lamo then contacted computer-security publication Security Focus Online and asked it to contact the Times on his behalf to outline the breach. This isn't Lamo's first conquest. In September, 2001, he hacked into the content servers at Yahoo! —- and ictually did alter a news story to demonstrate that he was capable of breaching security. A month later, he acked customer-information databases at software powerhouse Microsoft. In December, 2001, he gained seess to secret network-topography diagrams at voice-and-data carrier WorldCom, going so far as to e-mail ompany officials a supposedly secret file showing key locations of network equipment. ‘why hasn't Lamo been prosecuted for computer crimes? In each of these cases, he warned the companies out their flaws after-the-fact and offered to help fix them for free. Lamo further claims that he has accepted money or compensation from any of his targets, something that often happens in the computer-security rid, where a consultant reporting a breach often gets awarded a contract. Rather than condemning him, no's "victims" have mostly praised him for helping to secure their networks. a XUDER OR HERO? So far, the Times has neither condemned nor lauded Lamo. "We are currently deterr { the appropriate next steps will be,” was how Times spokesperson Christine Mohan responded to - BusinessWeek Online. To date, no one has pressed charges. ww.businessweek.com:/print/bwdailv/an#l-- ‘ FBI(19-cv-1495)-1636