Adrian Lamo convicted for gaining unauthorized access to New York Times
Incident Date: February 2002
Incident Location: New York NY USA
Adrian Lamo pled guilty on January 8, 2004 to a count of unauthorized access to the New York Times internal computer systems. On February 26, 2002 Mr. Lamo penetrated a database containing the personal information of more than 3,000 New York Times editorial page contributors. He added his own contact information and listed himself as an expert in computer hacking.
Mr. Lamo began accessing the internal New York Times network using an improperly secured proxy server. Using this server as a launching pad for internal searches, he found the intranet homepage and an unprotected copy of a database that cataloged employees' names and Social Security numbers. "From what I've been able to tell, it was a backup database being used for research," Mr. Lamo reported.
This turned out to be useful information because the default account password for employees at the New York Times was the last four digits of the personís Social Security number. Mr. Lamo found an account with this default password that belonged to an administrator. With this identity he created his own privileged network account.
Mr. Lamo also set up five fictitious user accounts and passwords for the LexisNexis news service associated with the New York Times account. Over a three-month period, those five accounts were associated with more than 3,000 searches using LexisNexis. He was initially accused of generating more than $300,000 in LexisNexis service fees, but this figure was reduced to $18,500 at the time of his sentencing.
On July 15, 2004, Mr. Lamo was sentenced to six months of home confinement, two years of probation, and ordered to pay more than $64,900 in restitution to the New York Times.
As part of his plea agreement Mr. Lamo admitted responsibility for additional computer intrusions into organizations such as Excite@Home (May 2001), Yahoo! (September 2001), Microsoft (October 2001), MCI WorldCom (November 2001), SBC Ameritech (December 2001), and Cingular (May 2003).
Title: NYT Hacker Released on $250,000 Bond
Author: Elinor Mills Abreu
Publication Location: San Francisco CA USA
Publication URL: http://asia.reuters.cm/newsArticle.jhtml?type=internetNews&storyID=3416280
Title: New York Times Internal Network Hacked
Author: Kevin Poulsen
Publication URL: http://online.securityfocus.com/news/340
Title: Hacker Pleads Guilty in Manhattan Federal Court to Illegally Accessing New York Times Computer Network
Publication: US Attorney Press Release
Publication Location: New York NY USA
Publication URL: http://www.cybercrime.gov/lamoPlea.htm
Title: NYT hacker Adrian Lamo gets home detention
Author: Paul Roberts
Publication: PC World (IDG News Service)
Publication Location: USA
Publication URL: http://www.pcworld.idg.com.au/index.php/id;1045798212;fp;2;fpid;1
Do you have additional information to contribute regarding this story? If so, please email firstname.lastname@example.org with the details and source.