Rootsecure Homepage
About RootSecure
Lite Edition
User Area
Audio News
Daily Newsletter
Site News Archives
Sources News Archive
SecNews RSS Feeds
SecNews Console
Links:
Videos
Security
Hacking
Wireless
Downloads:
Other
Perl Scripts
Audio Clips
Win32 Tools
Media Archive
PDF Documents
Reports
Hacker Gear
Win' Error Pic's
ASCII Generator
Your IP Address
RootSecure:
Contact
Search
Publicity
Affiliates
Attack Statistics
Syndication
(RSS/XML Feed)
Privacy Policy
Hits: 134,505,174
(Since 06/09/02)
Admin Telnet
HoneyPot Project
|
|
|
|
Reports | In Depth: Adrian Lamo, the charges
{11th Sep 2003} |
|
|
Accused New York Times hacker Adrian Lamo is charged with two title 18
violations of U.S.C (United States Code). Specifically
section 1030 (a) (5) (A) (ii) "intentionally accesses a protected
computer without authorization, and as a result of such conduct,
recklessly causes damage" and
section 1029 (a) (2) "knowingly and with intent to defraud traffics
in or uses one or more unauthorized access devices during any one-year
period, and by such conduct obtains anything of value aggregating $1,000
or more during that period".
Count one alleges Adrian Lamo used the New York Times private Intranet
without authorization causing damage in excess of $25,000 (the cost of
"confirming, addressing, and repairing" the vulnerabilities) and
altering contributors information. Count two alleges Lamo created,
then used five usernames / passwords to obtain search services from
"LexisNexis" valued at over $300,000.
Bringing the charges is Special Agent Christina A. Howard of FBI
Cybercrime Task Force who states:
In or about late February 2002, I read an article on website
SecurityFocus.com dated February 26, 2002 and entitled "New
York Times Internal Network Hacked". The Article reported that
ADRIAN LAMO, the defendant, had hacked into the New York Times' private
intranet…
Likely based on reading that article, Special Agent Christina contacted the New York Times
who then initiated an internal
investigation. The investigation revealed Lamo had accessed
various information ranging from staff lists to social security numbers
and created a new "super user" account. Next after a two-three month wait another New York Times
representative contacted Agent Howard informing her about compromised
usernames / passwords which had been used to access LexisNexis search
facilities. LexisNexis then provided further details including
the IP addresses used to access the service that were found to belong to various Kinko's locations
(which it has been reported Lamo used to carry out computer intrusions
before) in California and search queries including among
others "Adrian Lamo".
Background:
In relation to the case New York Times supplied copies of:
- Their administrative database (admin_db) / Op-Ed database (Oped_db) both
before and after the alleged intrusion.
- Various log files from a proxy server, and the NYT Intranet.
- An email automatically generated by the creation of a new "super user"
account.
- Usernames / passwords created by the new "super user" account relating
to "LexisNexis".
Special Agent Christina A. Howard has been with the FBI for six and a
half years, and has an undergraduate degree in computer science. She
views hackers in general as those who "discover and explorer
vulnerabilities and computer weaknesses in computer networks and
software" and that carry out their activities using "hacker tools that
can be either custom written software code or, as is more common,
software readily available for download on the internet or for
purchase".
Related Links:
The 'homeless hacker' talks, CNet
Adrian Lamo Speaks With Leo Before Arrest, TechTV
Exclusive Video of Lamo's Surrender, TechTV
Adrian Lamo Deposition, FindLaw.com
Lamo denies $300,000 database hack, Security Focus
Lamo surrenders, is released, Security Focus
Adrian Lamo charged with computer crimes, Security Focus
Lamo's Adventures in WorldCom, Security Focus
|
|