New York Times hacker Adrian Lamo gets home detention

Posted on by Nimgimli

New York Times hacker Adrian Lamo gets home detention

I remember seeing this guy on TechTV’s The Screensavers. Then, after the warrant was issued, they did a phone interview with him while he was on the lam, so to speak.

Back then the story we heard was different. That Lamo had hacked into the Times, made a few minor changes to prove he was there, and then notified The Times that he’d hacked into their network so they could fix the security flaws. There was no mention of LexisNexis back then.

The story was he’d done the same thing to other companies (such as Yahoo) who had thanked him for his help. He was definitely portrayed as a “White Hat” hacker.

So what’s the true story, I wonder? Let’s do some digging.

In fact, in Sept. 2003 IDG News Service posted:

His surrender followed reports last week that the FBI was investigating Lamo’s alleged unauthorized intrusion into the internal networks of The New York Times Co. in February 2002 (see story). The Times learned of the break-in after Lamo contacted the company through SecurityFocus reporter Kevin Poulsen, according to Christine Mohan, a spokeswoman for the newspaper.

Lamo frequently trespassed on the networks of prominent companies, uncovering security holes and accessing sensitive information. He then informed the companies of his exploits and often worked with them, as a consultant, to close the holes.

‘Homeless Hacker’ Lamo surrenders to feds

and in Feb 2002, Computerworld posted:

Toby Usnik, a Times spokesman, confirmed that the company had been notified of the security breach and has since fixed the holes that allowed Lamo to enter the intranet.

Security holes closed in New York Times intranet after hacker intrusion

But in the recent IDG News Service story, we read:

Lamo confessed to the Times break-in during an interview with Securityfocus.com, a computer security news Web site, in February 2002. That confession prompted an internal investigation by the Times that uncovered evidence of Lamo’s activities, and resulted in a case being opened by the FBI.

But no mention of the fact that Lamo had initiated the contact via SecurityFocus.

History is indeed written by the victors, eh?