21 year old hacks into NYTimes confidential files easily.

greenspun.com : LUSENET : Unk's Troll-free Private Saloon : One Thread

PageSix,com Feb 28, 2002

link ALL THE NEWS THAT'S FIT TO HACK

By RICHARD JOHNSON with Paula Froelich and Chris Wilson

INTIMATE information about celebrity contributors to the New York Times op-ed page was exposed after a 21-year-old hacker broke into the paper's computer system.

It only took two minutes for security consultant Adrian Lamo to infiltrate the Times' internal network and get private poop on the likes of Robert Redford, Warren Beatty, Jimmy Carter, William F. Buckley Jr., Rush Limbaugh, James Carville, James Baker and Jeanne Kirkpatrick.

Lamo accessed a database of 3,000 contributors to the Times' opinion page that listed social security numbers, home telephone numbers, notes about how they feel about being edited, and how much they get paid.

He also accessed the names and social security numbers of all Times employees, lists of contacts used by the metro and business desks and logs of home delivery customers' start-and-stop orders.

"The server practically approached me," Lamo bragged to SecurityFocus.com. The crafty computer whiz discovered seven servers acting as doorways between the public Internet and the Times' private intranet, making the information available to anyone capable of properly configuring a Web browser.

Lamo notified the Times of its porous database on Tuesday. In a statement, a red-faced Times spokesperson said: "We are actively investigating a potential security breach. Based on the results of this investigation we will take appropriate steps to ensure the security of our network."

Lamo has earned a reputation for hacking into the networks of large corporations, alerting the companies and offering to fix their vulnerabilities - for a price.

In December, he was praised by communications monolith WorldCom after he discovered - and helped fix - gaping holes in its intranet that threatened to expose the private networks of Bank of America, Citicorp and J.P. Morgan.

A few months earlier, he had shown how easy it was to hack into a Yahoo! News Web site by tampering with a wire service story posted on the site. At least Lamo was unable to tinker with Times stories before they got into print. The paper's Web site is not tied in to its Swiss cheese-like internal computer system.

Last year, anti-globalization activists hacked into a World Economic Forum database and downloaded details about Bill Clinton, Bill Gates, South African President Thabo Mbeki and Japanese Prime Minister Yoshiro Moki, all attendees of the group's summit in Davos, Switzerland.



-- (Roland@hatemail.com), February 28, 2002


Moderation questions? read the FAQ