Good Samaritan Hacker To Be Arrested
from the cracking-down dept
Adrian Lamo, the well-known good Samaritan hacker – who finds vulnerabilities in corporate computer systems, and then helps the companies fix the problem – is being sought by the FBI, who have an arrest warrant for him. It’s believed to be the end result of the famed NYTimes.com hacking from nearly two years ago. At that time, he broke into the NYTimes.com computers and found quite a lot of private info. While some companies have been happy about Lamo helping them fix their vulnerabilities, the NY Times was anything but and have been threatening to have him charged for ages. After all this time, some had thought that it was to be forgotten. Apparently, that’s not true. I don’t deny that he probably went a bit to far in poking around the NY Times computers, but hacker prosecutions always seem to go too far. He did no actual harm, but will (undoubtedly) be charged with causing many millions of dollars worth of damage. Hopefully he can get himself a good lawyer – but with the public fear of hacking and new legal threats to put hackers in jail for life, he may not be free for some time. This just means that vulnerable systems he might normally be helping to patch will now remain open for hackers who really do have malicious purposes.
Comments on “Good Samaritan Hacker To Be Arrested”
No Subject Given
You know, it’s funny. It really is. The problem isn’t people breaking into systems. It’s companies making systems that are fundementally insecure. This is a travesty.
Re: No Subject Given
If I show you your doors unlocked am I a thief or a hero ? This is where the computer industry has presumed guilt over innocence.
Re: Re: No Subject Given
It’s a fine line. What if I point out the unlocked door only after I walked around your house and rummaged through your stuff?
No Subject Given
I agree that the charges may outweigh the crime, and in fact the guy should be let off if (1) there really was no harm done to infrastructure or privacy, and (2) he acted conscientiously about reporting the security vulnerability once discovered.
However, the “millions of dollars damage” stuff has some basis in reality. Just because a white-hat cracker says he did no harm doesn’t mean the IS department can just trust that. No, they have to rebuild and scan a lot of data, at the expense of that time and labor and lost opportunity. Maybe not “millions” but surely a much larger cost than a pat on the back and a handshake to the refrain, ‘aw, that’s okay, no harm done.’
Also, the newspaper numbers regarding damages comes from the insurance claims. If your company is hit, you take a claim on your data integrity insurance to the tune of the worst case cleanup costs. You then find out the real costs during a real cleanup over the coming days and weeks. You then realize that your data integrity insurance premiums will be higher for the next N years. These are real costs to the company, costs that would not have been true if the cracker hadn’t poked around on systems that don’t belong to him.