[ISN] Hacker Lamo Sentenced To Home Detention

InfoSec News isn at c4i.org
Fri Jul 16 03:29:23 EDT 2004 

http://www.informationweek.com/story/showArticle.jhtml?articleID=23901163

By George V. Hulme 
July 15, 2004 

Adrian Lamo, known as the "homeless" hacker, built a reputation for 
hacking into the networks of some of America's largest companies and 
then offering to help, for free, fix the security vulnerabilities that 
made his incursions possible. 

Lamo was indicted for breaking into computer systems at The New York 
Times. In January, he pleaded guilty to those charges. On Thursday, a 
federal judge sentenced him to two years probation, with six months to 
be served in home detention, says Lamo's federal public defender, Sean 
Hecker. 

Lamo will also have to pay $65,000 in restitution, Hecker says. 

In earlier interviews, Lamo said his hacking days were over. 

Lamo allegedly broke into computer systems at Excite at Home, Yahoo, 
Microsoft, MCI-WorldCom, and SBC Ameritech. Some of the companies Lamo 
hacked into, including WorldCom, thanked him for finding and helping 
to fix the security holes he uncovered. In each case, after Lamo 
helped the company fix its security hole, Lamo would call a news 
reporter to make his penetration public. 

That changed after Lamo breached the network of The New York Times in 
early 2001. In January of this year, Lamo pleaded guilty before U.S. 
District Judge Naomi Reice Buchwald to unauthorized access of the 
private network of the Times, where he added his name and contact 
information to the paper's op-ed database. In pleading guilty, he 
agreed that his actions caused losses in the range of $30,000 to 
$70,000. The losses include costs of intrusions into the Times, as 
well as use of the LexisNexis database and for alleged access to a 
Microsoft database in October 2001. 

Under the terms of Lamo's plea agreement with prosecutors, he could 
have faced six months to a year in prison. In court in January, Lamo 
read a statement in which he admitted guilt and said, "I know that I 
crossed a line that should not be crossed and I'm genuinely 
remorseful."

More information about the ISN mailing list