[ISN] Hackers: Under the hood - Adrian Lamo

From: InfoSec News (isn@private)
Date: Thu Apr 22 2004 - 00:10:36 PDT

  • Next message: InfoSec News: "[ISN] Tower Records settles government charges over hacker attacks"

    http://www.zdnet.com.au/insight/security/0,39023764,39116620-4,00.htm
    
    Name: Adrian Lamo
    Handle(s): None
    Age: 23
    Marital status: "Dating for over a year"
    Current residence: Living in exile in Sacramento, Ca., USA
    Job: Staff writer, American River Current and freelance journalist
    First computer: Commodore 64
    Best known for: Hacking into The New York Times network
    Area(s) of expertise: "Seeing things differently" 
    
    Don't let his baby face fool you. Adrian Lamo started hacking even
    before he could legally drive.
    
    Lamo's first thrill from a hack came when he figured out how to make
    both sides of a 5.25in floppy disk writable while playing around with
    his first computer -- a Commodore 64 he got when he was eight.
    
    "It was quite the discovery for me," he said.
     
    Unlike many so-called hackers, Lamo was never interested in impressing
    his peers.
    
    "I became deeply interested in the hacker culture, reading everything
    I could about it before ever actually encountering it," he said. "Once
    I encountered it, I was turned off by it, so I chose to go solo.  
    Exploration need not be competition," he told ZDNet Australia in an
    interview last month.
    
    At 18, his parents decided to move to Sacramento from San Francisco
    but Lamo decided to stay put.
    
    He was the lead network administrator for a law firm at the time. "I
    stayed with friends, sometimes in abandoned buildings, sometimes in
    storage areas of office buildings I had access to. Sometimes, I'd just
    nod off at my desk," he recalled.
    
    After a while, he dipped into his savings and hit the road, spending
    the next two years wandering around the United States.
    
    "There's a lot to be said for just having your clothes, a backpack,
    and the ability to buy a bus ticket and not have anything to tie you
    down.
    
    "I spent time in New York, Washington DC, Philadelphia, Pittsburgh,
    Ohio, parts of California, Virginia, and points in between -- usually
    because I knew people there, or wanted to see the city, or other
    circumstances," he said.
    
    Lamo has travelled far and wide but ranks his time in Philadelphia as
    the best.
    
    "I'd wake up early, go for a walk, check my e-mail wirelessly from a
    window ledge that had a clear shot to an unsecure 802.11 [wireless
    network], wander around with friends and hack from university
    libraries, Kinkos, coffee shops, read in the sun all day, or just
    explore the city physically. I loved it."
    
    Over the years, Lamo has carved a reputation as someone who didn't
    care much for rules. He used his skills to gain access into
    high-profile networks owned by America Online, Microsoft, and many
    others.
    
    But there was never any malicious intent. After penetrating these
    networks, Lamo would contact the network maintainers and tell them how
    he did it.
    
    This modus operandi worked well for a while ... up until the time he
    hacked into The New York Times' network in 2002 and accessed its
    contributor database.
    
    It's important to remember that the average contributor to The New
    York Times isn't Joe Bloggs from down-the-road. Lamo reportedly
    accessed the social security numbers of many high profile public
    figures, including former US president Jimmy Carter, Hollywood actors
    Robert Redford and Warren Beatty, and former United Nations weapons
    inspector Richard Butler. Some of the entries in the database included
    home phone numbers.
    
    The Times, one of the world's most influential publications, was not
    impressed. US authorities issued a warrant for Lamo, who turned
    himself in and pleaded guilty to one charge of computer crime.  
    Sentencing has been postponed until June.
    
    "I'll either get prison, or house arrest," Lamo predicts, before
    becoming philosophical. "I hope for the best ... [and] will make the
    best possible experience out of any sentence that's handed down. No
    experience we ever have is wasted."
    
    When he was arrested, he was dubbed the "homeless hacker" by media
    outlets due to the nature of his nomadic lifestyle. "I've never
    described myself as 'homeless'. It's something the media picked up,"  
    Lamo insisted.
    
    Lamo is currently living with his parents in Sacramento by order of
    the court. He draws parallels between his chosen lifestyle offline and
    his activities online. "I didn't, and don't, draw a clear distinction
    between the two kinds of exploration. I try to see things differently,
    no matter what venue I'm in. I'd be just as likely to spend the
    morning talking to a stranger who just got out of city jail, buy him
    breakfast, and learn about his life, as i would be to break into a
    company ... or just randomly explore the Net. It's all the same
    principle, the same desire to see things that other people gloss over
    in their daily lives."
    
    It's this curious mind that has led Lamo to his new passion --
    journalism. He's currently a staff writer for the American River
    Current, a bi-weekly Californian newspaper, and a freelance writer on
    the side.
    
    "I'm interested in journalism because it's an extension of what i do:  
    exploring, finding angles for things that others miss, sharing the
    uniqueness of the world. That's especially why i try to do my own
    photos when possible. It lets me capture moments in time in ways that
    words sometimes fail," he revealed.
    
    A similar path was taken by the legendary hacker Kevin Poulsen, who is
    now the editor of online security portal SecurityFocus.com -- which
    was acquired by anti-virus maker Symantec in 2002. Poulsen was best
    known for hacking a telephone system in order to rig a radio contest.  
    He won a Porsche 944 S2 before being caught and eventually spent some
    time in prison. He delved into journalism after his release.
    
    Writing about security seems to hold less interest for Lamo. "I look
    to him [Poulsen] as a model of what I don't aspire to be: typecast,
    and locked into a one-trick career," Lamo said, while acknowledging
    his respect for Poulsen as a journalist.
    
    Lamo doesn't want to work in the security industry either, believing
    that accepting payment for his talents would amount to "whoring
    himself".
    
    "I don't believe it's an honest industry, which is why I've declined
    all security jobs offered to me. Journalism isn't an honest industry
    either, but at least I have some personal control over the degree of
    dishonesty levelled against my victims," he joked.
    
    It's no surprise that Lamo is accustomed to the lifestyle of a nomad
    -- which began from a relatively young age. During the interview, he
    eluded to, at least, some degree of financial hardship --
    riches-to-rags style. "We were well-off, we were poor, we had a house,
    then we had a tiny apartment," he recalled.
    
    His parents have always been supportive, Lamo said, despite their
    concern over his his chosen lifestyle.
    
    "My parents are well-educated. My dad has a degree in anthropology and
    intercultural administration; my mom is a former English teacher. We
    moved around a lot, and they both tried to provide me a content-rich
    environment in which to grow up," he said.
    
     If you think that using "content-rich environment" sounds like a
    peculiar way to describe up-bringing, just remember that Linux creator
    Linus Torvalds captioned a photograph of his daughter "Linus v2.0" on
    his Web-site. In fact, Lamo insists he's not a "dork".
    
    "My curiosity isn't purely technological. Quite the opposite; I don't
    consider myself a tech person, I just see things differently and apply
    that to any environment I'm in. I spend a lot of time on my
    photography these days ... it acts as something of a surrogate to
    network intrusion," he said.
    
    For now Lamo awaits his sentence but remains fatalistic.
    
    "Actions have consequences. I never thought it was inevitable, but I
    always knew that something like that could happen." -- Patrick Gray
    
    
    
    _________________________________________
    ISN mailing list
    Sponsored by: OSVDB.org
    



    This archive was generated by hypermail 2b30 : Thu Apr 22 2004 - 02:14:54 PDT