Computer Crime Problems Research Center

Kevin Poulsen, SecurityFocus Online

Lamo bumped from NBC after hacking them

How did a mediagenic hacker like Adrian Lamo get himself bumped last week from a scheduled appearance on the NBC Nightly News with Tom Brokaw? Perhaps with his impromptu on-camera intrusion into the peacock network's own computers.

The vagabond hacker known for his drifter lifestyle and his public forays into large and poorly-secured corporate intranets sat down at a Washington D.C. Kinko's laptop station earlier this month with a freelance NBC news producer to show-off his particular style of hacking -- the 21-year-old typically uses little more than an ordinary browser, possessing an eerie knack for finding undocumented Web servers and open proxies at large organizations.

That method has gotten Lamo deep into the electronic infrastructures of such companies as troubled telecom giant Worldcom, Internet portal Yahoo, and most recently the New York Times, where last February he exploited lax security to tap a database of 3,000 Times op-ed contributors, culling such tidbits of information as Robert Redford's social-security number, and former president Jimmy Carter's home phone number. But unlike most intruders, Lamo eventually goes public with his discoveries, and offers to help those he's hacked tighten their security pro bono -- an offer that's been accepted by several of his corporate targets. So far Lamo's managed to avoid prosecution, though federal officials in New York are believed to be investigating him for the Times hack.

Lamo says NBC was taping him at Kinko's while he demonstrated security holes in a telecommunications company's systems, when the interviewer asked him if he'd be successful hacking NBC.

Five minutes and one guessed password later and Lamo was surfing the television network's private messaging system and an affiliate scheduling application that included internal memos and information on advertising rates. Screen shots of the hack provided by Lamo and reviewed by SecurityFocus Online include a page from an NBC vendor database with the network's trademark "living color" peacock and the warning, "All information contained on this Web site is to be held in the strictest confidence," in all capital letters. "It was a very full service system," recalls Lamo.

The videotaped intrusion was rushed onto the NBC Nightly News schedule, where it was slated to run last Thursday. But it was abruptly yanked off the schedule at the last minute. NBC News' spokesperson didn't return repeated phone calls on the segment, but a source close to the production, speaking on condition of anonymity, says network lawyers pulled the plug on the Lamo package out of concern that NBC might have acted improperly in filming the hacker committing computer crimes for the sake of the camera.

Legal Pitfalls?
The hacker says he wasn't coerced into doing anything illegal, and that he'd have likely wound up at the same Kinko's cracking corporate networks even without the camera crew -- an assertion that few who've met Lamo would dispute. But former federal computer crime prosecutor Matt Yarbrough, now an attorney with Fish & Richardson, says NBC's barristers did the right thing anyway, given broad federal conspiracy and computer crime laws. "If I was their lawyer, I'd be concerned if they were sitting there filming it," says Yarbrough. But the attorney adds that spiking the story may not entirely solve the problem. "Arguably, the crime has already taken place whether they air it or not."

It's not entirely clear what that crime would be. Other journalists (including this reporter) have observed lawbreaking for the purpose of reporting on it, and Lamo's intrusion into NBC's systems may not have been illegal to begin with, since the producer arguably gave Lamo permission to proceed. As for the telecom company, "It's not aiding and abetting a crime just because you had an appointment to get together and be shown," says Jennifer Granick, director of the Center for Internet and Society at Stanford Law School. "Apparently, he already has access to these systems, so it was something he was able to do, and was inclined to do, and the reporter was just watching... Being witness to somebody else breaking the law is not itself a violation."

But Kelly McBride, an ethics instructor at the Poynter Institute, a journalism research center, calls the taping "borderline lawbreaking," and says NBC News should have checked with their legal department before shooting, and found another way to tell the story if necessary.

"If the journalistic motivation is to show the public how easy it is or how vulnerable we all are... it's a good story and it's one of holding powerful people accountable," says McBride. "Maybe they should have just talked to the lawyers first. It's not like this is so urgent that they have to get it on the air, it's not the Pentagon Papers. ... A little front end work to identify the pitfalls would have made it a good story."

For his part, Lamo, who's not known for shrinking from controversy, charges the network with a failure of courage. "I can understand where they're coming from," says Lamo, in a telephone interview from somewhere on the East Coast. "But I like to think that in their place I'd take more of a risk."

Source: www.theregister.co.uk

Home | What's New | Articles | Links
Library | Staff | Contact Us

Copyright © Computer Crime Research Center, 2001-2002 All Rights Reserved.
Contact the CCRC Office at 380-612-735-907
[email protected]

Rambler's Top100 Rambler's Top100