[ISN] Hackers: Under the hood - Adrian Lamo

InfoSec News isn at c4i.org
Thu Apr 22 03:10:36 EDT 2004


http://www.zdnet.com.au/insight/security/0,39023764,39116620-4,00.htm

Name: Adrian Lamo
Handle(s): None
Age: 23
Marital status: "Dating for over a year"
Current residence: Living in exile in Sacramento, Ca., USA
Job: Staff writer, American River Current and freelance journalist
First computer: Commodore 64
Best known for: Hacking into The New York Times network
Area(s) of expertise: "Seeing things differently" 

Don't let his baby face fool you. Adrian Lamo started hacking even
before he could legally drive.

Lamo's first thrill from a hack came when he figured out how to make
both sides of a 5.25in floppy disk writable while playing around with
his first computer -- a Commodore 64 he got when he was eight.

"It was quite the discovery for me," he said.
 
Unlike many so-called hackers, Lamo was never interested in impressing
his peers.

"I became deeply interested in the hacker culture, reading everything
I could about it before ever actually encountering it," he said. "Once
I encountered it, I was turned off by it, so I chose to go solo.  
Exploration need not be competition," he told ZDNet Australia in an
interview last month.

At 18, his parents decided to move to Sacramento from San Francisco
but Lamo decided to stay put.

He was the lead network administrator for a law firm at the time. "I
stayed with friends, sometimes in abandoned buildings, sometimes in
storage areas of office buildings I had access to. Sometimes, I'd just
nod off at my desk," he recalled.

After a while, he dipped into his savings and hit the road, spending
the next two years wandering around the United States.

"There's a lot to be said for just having your clothes, a backpack,
and the ability to buy a bus ticket and not have anything to tie you
down.

"I spent time in New York, Washington DC, Philadelphia, Pittsburgh,
Ohio, parts of California, Virginia, and points in between -- usually
because I knew people there, or wanted to see the city, or other
circumstances," he said.

Lamo has travelled far and wide but ranks his time in Philadelphia as
the best.

"I'd wake up early, go for a walk, check my e-mail wirelessly from a
window ledge that had a clear shot to an unsecure 802.11 [wireless
network], wander around with friends and hack from university
libraries, Kinkos, coffee shops, read in the sun all day, or just
explore the city physically. I loved it."

Over the years, Lamo has carved a reputation as someone who didn't
care much for rules. He used his skills to gain access into
high-profile networks owned by America Online, Microsoft, and many
others.

But there was never any malicious intent. After penetrating these
networks, Lamo would contact the network maintainers and tell them how
he did it.

This modus operandi worked well for a while ... up until the time he
hacked into The New York Times' network in 2002 and accessed its
contributor database.

It's important to remember that the average contributor to The New
York Times isn't Joe Bloggs from down-the-road. Lamo reportedly
accessed the social security numbers of many high profile public
figures, including former US president Jimmy Carter, Hollywood actors
Robert Redford and Warren Beatty, and former United Nations weapons
inspector Richard Butler. Some of the entries in the database included
home phone numbers.

The Times, one of the world's most influential publications, was not
impressed. US authorities issued a warrant for Lamo, who turned
himself in and pleaded guilty to one charge of computer crime.  
Sentencing has been postponed until June.

"I'll either get prison, or house arrest," Lamo predicts, before
becoming philosophical. "I hope for the best ... [and] will make the
best possible experience out of any sentence that's handed down. No
experience we ever have is wasted."

When he was arrested, he was dubbed the "homeless hacker" by media
outlets due to the nature of his nomadic lifestyle. "I've never
described myself as 'homeless'. It's something the media picked up,"  
Lamo insisted.

Lamo is currently living with his parents in Sacramento by order of
the court. He draws parallels between his chosen lifestyle offline and
his activities online. "I didn't, and don't, draw a clear distinction
between the two kinds of exploration. I try to see things differently,
no matter what venue I'm in. I'd be just as likely to spend the
morning talking to a stranger who just got out of city jail, buy him
breakfast, and learn about his life, as i would be to break into a
company ... or just randomly explore the Net. It's all the same
principle, the same desire to see things that other people gloss over
in their daily lives."

It's this curious mind that has led Lamo to his new passion --
journalism. He's currently a staff writer for the American River
Current, a bi-weekly Californian newspaper, and a freelance writer on
the side.

"I'm interested in journalism because it's an extension of what i do:  
exploring, finding angles for things that others miss, sharing the
uniqueness of the world. That's especially why i try to do my own
photos when possible. It lets me capture moments in time in ways that
words sometimes fail," he revealed.

A similar path was taken by the legendary hacker Kevin Poulsen, who is
now the editor of online security portal SecurityFocus.com -- which
was acquired by anti-virus maker Symantec in 2002. Poulsen was best
known for hacking a telephone system in order to rig a radio contest.  
He won a Porsche 944 S2 before being caught and eventually spent some
time in prison. He delved into journalism after his release.

Writing about security seems to hold less interest for Lamo. "I look
to him [Poulsen] as a model of what I don't aspire to be: typecast,
and locked into a one-trick career," Lamo said, while acknowledging
his respect for Poulsen as a journalist.

Lamo doesn't want to work in the security industry either, believing
that accepting payment for his talents would amount to "whoring
himself".

"I don't believe it's an honest industry, which is why I've declined
all security jobs offered to me. Journalism isn't an honest industry
either, but at least I have some personal control over the degree of
dishonesty levelled against my victims," he joked.

It's no surprise that Lamo is accustomed to the lifestyle of a nomad
-- which began from a relatively young age. During the interview, he
eluded to, at least, some degree of financial hardship --
riches-to-rags style. "We were well-off, we were poor, we had a house,
then we had a tiny apartment," he recalled.

His parents have always been supportive, Lamo said, despite their
concern over his his chosen lifestyle.

"My parents are well-educated. My dad has a degree in anthropology and
intercultural administration; my mom is a former English teacher. We
moved around a lot, and they both tried to provide me a content-rich
environment in which to grow up," he said.

 If you think that using "content-rich environment" sounds like a
peculiar way to describe up-bringing, just remember that Linux creator
Linus Torvalds captioned a photograph of his daughter "Linus v2.0" on
his Web-site. In fact, Lamo insists he's not a "dork".

"My curiosity isn't purely technological. Quite the opposite; I don't
consider myself a tech person, I just see things differently and apply
that to any environment I'm in. I spend a lot of time on my
photography these days ... it acts as something of a surrogate to
network intrusion," he said.

For now Lamo awaits his sentence but remains fatalistic.

"Actions have consequences. I never thought it was inevitable, but I
always knew that something like that could happen." -- Patrick Gray





More information about the ISN mailing list