Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

IP: New York Times Internal Network Hacked

From: Dave Farber <dave () farber net>
Date: Tue, 26 Feb 2002 19:38:36 -0500

------ Forwarded Message
From: "Kevin L. Poulsen" <klp () securityfocus com>
Reply-To: <klp () securityfocus com>
Date: Tue, 26 Feb 2002 16:32:12 -0800
To: "Farber () Cis Upenn Edu" <farber () cis upenn edu>
Subject: New York Times Internal Network Hacked


Dave, FYI.

---

New York Times Internal Network Hacked

http://online.securityfocus.com/news/340

Security holes in the New York Times internal network left sensitive
databases exposed to hackers, including a file containing social security
numbers and home phone numbers for contributors to the Times op-ed page,
SecurityFocus Online has learned.

In a two-minute scan performed on a whim, twenty-one-year-old hacker and
sometimes-security consultant Adrian Lamo discovered no less than seven
misconfigured proxy servers acting as doorways between the public Internet
and the Times' private intranet,  making the latter accessible to anyone
capable of properly configuring their Web browser.

"The very first server I looked at was running an open proxy," says Lamo.
"The server practically approached me."

Once on the newspaper's network, Lamo exploited weaknesses in the Times
password policies to broaden his access, eventually browsing such disparate
information as the names and social security numbers of the paper's
employees, logs of home delivery customers' stop and start orders,
instructions and computer dial-ups for stringers to file stories,  lists of
contacts used by the Metro and Business desks, and the "WireWatch" keywords
particular reporters had selected  for monitoring wire services.

But measured by sheer star power, the hack is most notable for Lamo's access
to a database of 3,000 contributors to the Times op-ed page, the august soap
box  of the cultural elite and politically powerful.

The roster includes social security numbers for former U.N. weapons
inspector Richard Butler, Democratic operative James Carville, ex-NSA chief
Bobby Inman, Nannygate veteran Zoe Baird, former secretary of state James
Baker, Internet policy thinker Larry Lessig,  and thespian activist Robert
Redford, who last May authored an op-ed on President Bush's environmental
policies.

<snip>



------ End of Forwarded Message

For archives see:
http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: