Noted Hacker Responds to Wikileaks Security Gaffe

Share Article

Convicted New York Times hacker Adrian Lamo responds to a mishandling of donor data recently reported by Wired. Wikileaks, a well-known conduit for the anonymous disclosure of sensitive information in the public interest, had mistakenly disclosed a list of information on donors to the site, including information on Lamo.

Infamous hacker Adrian Lamo responded today to news that he himself had allegedly been a victim of a data breach at well-known leakage clearinghouse reported recently via the Threat Level blog that an anonymous user had uploaded a list of contact details on donors to Wikileaks, including information on Lamo himself.

The gaffe placed Wikileaks in the awkward position of hosting leaked information on its own internal operations.

When made aware of the breach, Lamo asserted that the chain of events reflected positively on Wikileaks when taken in its totality: "They clearly could have made the decision to pull the data, and many sites would have."

Lamo added: "The fact that they've treated it the same as any other content submitted to them speaks well of their integrity. The leak itself - the result of operator error in a common e-mail program - isn't overly damning. Worse technological mishaps have easily befallen more tech-savvy sites, and I'm not in the least unsettled to be identified as a supporter of freedom of information on the Internet."

Lamo acknowledged that others might not feel similarly, noting: "Donors in sensitive positions, especially ones within entities which have had unflattering data posted on Wikileaks, might lose some sleep over this."

Lamo asserted that the mishap would not deter him from posting to or financially supporting Wikileaks in the future.

Although Lamo was identified in the leak via his work e-mail at Reality Planning LLC, a threat analysis and "red team" security firm which he holds a majority stake in, he noted that his donation was personal, and his company does not have an official position on the site.

Adrian Lamo was convicted in 2004 after pleading guilty to computer intrusions at Microsoft, Lexis-Nexis, and The New York Times Co. The government had alleged his involvement in further intrusions at MCI Worldcom, Google, Excite@Home, Yahoo!, SBC, AOL, and others.

In each case, he was proven or alleged to have contacted the companies in question and offered assistance in repairing security vulnerabilities free of charge. His services no longer take place unsolicited, and carry a price tag. His pursuit, arrest, and case are subjects of the documentary "Hackers Wanted" stewarded by Dana Brunetti's & directed by Sam Bozzo.

Ed. Notes: Lamo's criminal case # was 1:2004cr00011, SDNY.


Share article on social media or email:

View article via:

Pdf Print

Contact Author

Adrian Lamo
Visit website