Simply put, Andrian Lamo, better known as "The Homeless Hacker" was
able to break into computer data bases and obtained information by
exploiting weaknesses in security. The companies included: Microsoft,
Yahoo, MCI/WorldCom, New York Times, Excite@home, Cingular and
Ameritech. Then he would visit the company and tell the them how he
hacked them and how to fix the holes in security.
Federal laws prohibit unauthorized access to a protected computer, and
illegal possession of stolen "access devices". Access devices is a
term that encompasses passwords, credit card numbers and sensitive
At this time he faces two Federal Charges for breaking into The New
York Times private network.
His chances? Hard to say. You can read and post at the General Chat
Forum at Freelamo.com
or at TechTV Message Boards TechTV Message Boards re: Lamo
If convicted, Lamo faces prison and fines under the Computer Fraud and
Most up-to-date information at: Information Week
Serial Hacker To Be Arraigned Sept. 11, 2003
Adrian Lamo faces two federal charges stemming from his alleged hack
into The New York Times' network in February 2002.
By George V. Hulme
"Accused serial hacker Adrian Lamo is expected to formally face two
federal charges Thursday stemming from his alleged hack into The New
York Times' private network in February 2002. The first charge,
according to a federal criminal complaint filed in the Southern
District of New York, charges Lamo illegally accessed the internal
network of the New York Times from February through April of 2002 and
also altered the paper's Op-Ed database, resulting in more than
$25,000 in damage.
The complaint also alleges Lamo illegally created five user names and
passwords under the Times' LexusNexus account and totaled more than
$300,000 in fees stemming from his news searches of the paper's
If convicted, Lamo faces prison and fines under the Computer Fraud and
The federal complaint states that Lamo's use of the LexusNexus
database included searches for news stories containing his name,
information regarding his parents' and neighbors' street addresses,
other hackers, as well as various America Online executives.
The complaint also lists the string of intrusions Lamo had publicly
admitted to committing during the past couple of years including
Excite@Home (May 2001), Yahoo (September 2001), Microsoft (October
2001), MCI/WorldCom (November 2001), SBC Ameritech (December 2001),
and Cingular (May 2003).
Earlier this week, Lamo was released into the custody of his parents
after they secured a $250,000 bond. According to Patty Pontello, a
spokeswoman for the U.S. Attorney's office in Sacramento, Lamo was
ordered by U.S. Magistrate Judge Gregory Hollows not to use a computer
and told that he must find employment.
Lamo has garnered a following in hacking circles for his
one-of-a-kind-hacking style of breaking into corporate systems, then
notifying the companies about their security holes and offering to
help remediate their systems for free. Some of the companies he's
intruded upon, including WorldCom, publicly thanked Lamo for helping
them fix their security holes.
A Web site aimed at supporting Lamo, Freelamo.com, surfaced earlier
Welcome To: freelamo.com - This website is dedicated to helping Adrian
Among other information available at the FreeLamo.com site is The
Complaint - (you'll need Adobe Reader to view the file). If you don't
have Adobe Reader you can download it for free at:
United States of America - v. - Adrian Lamo
Complaint: Violations of 18 U.S.C. §§ 1030(a)(5)(A)(ii) and 1029(a)(2)
County of Offense: New York:
8 TechTV Stories containing Lamo in entire site posted in the past
(Click on the right side of each page link to view videos.)
1. Exclusive Video of Lamo's Surrender
"Hacker Adrian Lamo spoke with Leo Laporte and Patrick Norton via
phone on yesterday's episode of "The Screen Savers." During the call,
Lamo announced he'd..."
2. Adrian Lamo Speaks With Leo Before Arrest
"According to SecurityFocus, Adrian Lamo, a famous hacker who exploits
security holes and helps companies fix them, is being hunted by the
FBI. Lamo called "The Screen Savers" at the top of the show. Lamo
hacked into the..."
Adrian Lamo charged with computer crimes
"Lamo has been charged in New York under Title 18 U.S.C. 1030 and
1029, according to deputy federal public defender Mary French, who
says she's spoken with one of the FBI agents that were searching for
Lamo. The federal laws prohibit unauthorized access to a protected
computer, and illegal possession of stolen "access devices" -- a term
that encompasses passwords, credit card numbers, and the like. French
did not know what the specific allegations were, because the charging
document is sealed."
"Lamo believes the arrest warrant is for his most high-profile hack.
Early last year he penetrated the New York Times, after a two-minute
scan turned up seven misconfigured proxy servers acting as doorways
between the public Internet and the Times private intranet, making the
latter accessible to anyone capable of properly configuring their Web
Once inside, Lamo exploited weaknesses in the Times password policies
to broaden his access, eventually browsing such disparate information
as the names and Social Security numbers of the paper's employees,
logs of home delivery customers' stop and start orders, instructions
and computer dial-ups for stringers to file stories, lists of contacts
used by the Metro and Business desks, and the "WireWatch" keywords
particular reporters had selected for monitoring wire services.
He also accessed a database of 3,000 contributors to the Times op-ed
page, containing such information as the social security numbers for
former U.N. weapons inspector Richard Butler, Democratic operative
James Carville, ex-NSA chief Bobby Inman, Nannygate veteran Zoe Baird,
former secretary of state James Baker, Internet policy thinker Larry
Lessig, and thespian activist Robert Redford. Entries with home
telephone numbers include Lawrence Walsh, William F. Buckley Jr.,
Jeanne Kirkpatrick, Rush Limbaugh, Vint Cerf, Warren Beatty and former
president Jimmy Carter.
In February, 2002, Lamo told the Times of their vulnerability through
a SecurityFocus reporter. But this time, no one was grateful, and by
May federal prosecutors in New York had begun an investigation."
FBI reportedly hunting Adrian Lamo By Kevin Poulsen, SecurityFocus
Posted: 05/09/2003 at 07:28 GMT
"The 22-year-old Lamo has become famous for publicly exposing gaping
security holes at large corporations, then voluntarily helping the
companies fix the vulnerabilities he exploited -- sometimes visiting
their offices or signing non-disclosure agreements in the process."
Older story at Wired News
He Hacks by Day, Squats by Night - Mar. 06, 2002 PT
NEW YORK -- "Last January, Adrian Lamo awoke in the abandoned building
near Philadelphia's Ben Franklin Bridge where he'd been squatting,
went to a public computer with an Internet connection, and found a
leak in the Excite@Home's supposedly airtight company network.
Just another day in the life of a young man who may be the world's
most famous homeless hacker.
More than a year later, Lamo is becoming widely known in hacker
circles for tiptoeing into the networks of companies like Yahoo and
WorldCom -- and then telling the corporate guys how he got there."
"For example, Lamo insists that unlike so many others in his trade, he
won't take money from the companies he's hacked.
"When I was thirsty during Excite@Home, they bought me a 50-cent
bottle of water," he said. "That's the most I got."
Instead, he relies on a small savings he amassed from stints doing
security work for Levi Strauss and for Bay Area nonprofits, where his
cubicle or the office elevator would often serve as the night's
lodgings. He picks up money, occasionally, from short-term freelance
security gigs. And, of course, there..."
Google Search: Andrian Lamo, serial hacker Lamo, charges against
Adrian Lamo arrest, TechTV Lamo