backtop


Print


Adrian Lamo  (Source: Facebook)
"My dad has an iPad, and I haven't even brought this up to him." -- Adrian Lamo

Ex-hacker and alleged "war crimes collaborator" Adrian Lamo has garnered a great deal of attention lately from his role in outing Wikileaks leaker Bradley Manning, a young U.S. Military official who was leaking sensitive documents, including some which Lamo believed endangered national security.

We conducted an extensive interview with Lamo in which he carefully detailed his motives in the Manning case.  Since that interview we've kept in close touch with Lamo and were interested when he contacted concerning the recent harvest of iPad 3G emails/ICC-IDs by security analysts at Goatse Security.  As Lamo is much more qualified to analyze such security issues than us (our staff certainly hasn't conducted exploits as epic as Lamo's, nor do we have enough time to devote to properly reading security mailing lists), we contacted him promptly for an interview.

We started by asking if he knew whether Goatse Security shared the exploit with any malicious parties pre-patching or whether they shared the emails (a key question in determining their guilt or innocence).  Lamo replied that he had not heard of them doing that, stating, "I haven't seen any, though to be fair, I was fairly busy during all times relevant."

As to whether the researchers broke any federal laws or behaved immorally, Lamo comments:
I think it's nice to see a real example of media whoring to contrast against media promiscuity. 

If I could be charged with submitting a web form that had no authentication or security or warnings, it'd stand to reason that they could.

Morally wrong? It was certainly poor netiquette.
We pushed Lamo on whether it was fair for them to go to the media, considering Apple/AT&T have reportedly still not fixed an iPad browser vulnerability they previously disclosed.  Lamo was quick to comment, "Allegedly found themselves ignored."

We asked him what if their claims were legitimate though.  He then comments, "Well, lord knows that can happen.it's a little-known fact that I started out running inside-aol.com."

When asked why he was skeptical about the claims, then, Lamo responded:
Oh, nothing specific. Just that it's a convenient claim. But as someone who's made a number of convenient claims which happen to be true, these things happen. 

If I were less ethical it'd be ideal to find a reason to cast doubt on that claim. God knows I can't launch cruise missiles to distract from a scandal like a sitting president might.
As to the recent arrest of Goatse Security hacker Escher Auernheimer who was involved with the incident, Lamo comments:
There's nothing to make of it, really.  The warrant being executed was probably related to the AT&T thing, unless he was running multiple simultaneous criminal enterprises. they found stuff that warranted local charges, and those charges were filed.  It's only news by confluence of events.

Like if I got arrested for hooking tomorrow, for instance. odds are, it'd be news, but would it on its own be news? No. Would it be legitimately related to the Manning case?  No.  But tech media would feel compelled to report on it, and I'd find it hard to fault them."


Unless I was Marion Barry. Then it'd just be funny.

Was the worst case scenario that someone might spam the iPad owners, including White House Chief of Staff Rahm Emanuel, or could more sophisticated attacks be carried out with the info?  Lamo opines, "As an AT&T subscriber, I have to say, I've found fairly little the information would be useful for.  Other than being mediagenic. Or mediapathic, if you're AT&T.  Which is exactly how it was leveraged.  So, worst case scenario pretty much executed.  If you assume they didn't sell the list to Eastern European spammers."

We ask Lamo:
So the bottom line then -- given the minimal risks, AT&T customers shouldn't be concerned, right, past taking standard security precautions like using a strong password, employing a spam filter, and not responding to requests to retrieve lost information?

Lamo responds:
My dad has an iPad, and I haven't even brought this up to him. 

I'm usually the least alarmist security expert in the rolodex though, and tend to get bumped for someone who allocutes that it's absolutely a critical concern for all involved, and could compromise nat'l security too.
There you have it.  According to at least one top expert, the Goatse issue is being blown out of proportion.  That does, however, raise some interesting questions given that the story was leaked by Gawker Media, which certainly has an ax to grid with AT&T/Apple.  However, that's perhaps a topic best left for future pieces...

Notes:
DailyTech would like to thank Mr. Lamo for taking the time to conduct this interview.  All quotes from the interview are unedited, other than fixes to capitalization of the word "i" for consistency, and added capitalization to the start of sentences to improve readability.




“Then they pop up and say ‘Hello, surprise! Give us your money or we will shut you down!' Screw them. Seriously, screw them. You can quote me on that.” -- Newegg Chief Legal Officer Lee Cheng referencing patent trolls













botimage
Copyright 2016 DailyTech LLC. - RSS Feed | Advertise | About Us | Ethics | FAQ | Terms, Conditions & Privacy Information | Kristopher Kubicki