Good Samaritan Hacker To Be Arrested
from the cracking-down dept
Adrian Lamo, the well-known
good Samaritan hacker - who finds vulnerabilities in corporate computer systems, and then helps the companies fix the problem - is
being sought by the FBI, who have an arrest warrant for him. It's believed to be the end result of the famed NYTimes.com hacking from nearly two years ago. At that time, he broke into the NYTimes.com computers and found quite a lot of private info. While some companies have been happy about Lamo helping them fix their vulnerabilities, the NY Times was anything but and have been threatening to have him charged for ages. After all this time, some had thought that it was to be forgotten. Apparently, that's not true. I don't deny that he probably went a bit to far in poking around the NY Times computers, but hacker prosecutions always seem to go too far. He did no actual harm, but will (undoubtedly) be charged with causing many millions of dollars worth of damage. Hopefully he can get himself a good lawyer - but with the public fear of hacking and new legal threats to put hackers in jail for life, he may not be free for some time. This just means that vulnerable systems he might normally be helping to patch will now remain open for hackers who really do have malicious purposes.
Reader Comments
Subscribe: RSS
View by: Time | Thread
No Subject Given
[ link to this | view in chronology ]
Re: No Subject Given
[ link to this | view in chronology ]
Re: No Subject Given
[ link to this | view in chronology ]
No Subject Given
However, the "millions of dollars damage" stuff has some basis in reality. Just because a white-hat cracker says he did no harm doesn't mean the IS department can just trust that. No, they have to rebuild and scan a lot of data, at the expense of that time and labor and lost opportunity. Maybe not "millions" but surely a much larger cost than a pat on the back and a handshake to the refrain, 'aw, that's okay, no harm done.'
Also, the newspaper numbers regarding damages comes from the insurance claims. If your company is hit, you take a claim on your data integrity insurance to the tune of the worst case cleanup costs. You then find out the real costs during a real cleanup over the coming days and weeks. You then realize that your data integrity insurance premiums will be higher for the next N years. These are real costs to the company, costs that would not have been true if the cracker hadn't poked around on systems that don't belong to him.
[ link to this | view in chronology ]