Andrian Lamo :Homeless hacker |scriptkiddie stories
Adrian Lamo was a hacker that found new ways to challenge companies to re-think how secure they were. From hacking his way into the most prestigious companies while living out of a backpack to being called a “snitch” from the hacker community, Adrian was a highly controversial figure in the hacking world.
Early Days — Back Story
Adrián Alfonso Lamo Atwood was born in Malden, Massachusetts, U.S, on February 20th, 1981. He attended high school in San Francisco, but he dropped out after many arguments with his teachers. He did not graduate but he received a GED and then studied journalism at the American River College in Carmichael, California.
His computer skills were mainly self-taught. Adrian got his first computer, a Commodore 64 at a young age. He then became interested and familiar with software hacking by experimenting with coding that was used to create the video games that he loved to play.
His hacking journey started by hacking into computer games, creating viruses on floppy disks, and eventually practicing with phone phreaking. He was able to make free long-distance calls by tapping into stranger’s phone lines and finding ways to spoof his calls from the phone companies to go undetected.
First Steps in Hacking
In the mid-90s he started using a simple web browser and explorer the web to find holes in the security of companies.
He was unknowingly driven by the so-called Hacker culture, where individuals enjoy the intellectual challenge of overcoming the limitations of software systems using their creativity to achieve their individual goals. It’s not about how big the companies were or how sensitive the information was, but more about the odds of finding something that was never being found before.
Describing the security of the companies back then, he would say that was not all that challenging to find security holes in their systems. He would try to take the available information resources and arrange them in improbable ways, not spending time to download databases or leak any customer information.
He began exploring the Web by spending countless hours at the Public Library of San Francisco, using their Internet terminals to telnet out to other systems, including the ones that let him use their modems to dial out.
Security holes everywhere, living out of a backpack.
In 1997, AOL introduced one of the first instant messaging services, after ICQ in 1996 and the dot.com bubble was starting to form. Adrian was watching the explosion of activity on the Internet with a mixture of excitement and worry about the dangers that no one could see.
Living out of a backpack, he would then spend a couple of years traveling the country on a bus, sleeping in abandoned buildings and on friends’ couches while getting online from university libraries and Kinko’s laptop stations.
During this time, he’d been sleeping in an abandoned building underneath Philadelphia’s Ben Franklin Bridge when he discovered security vulnerabilities at Excite@Home, he would inform the executives but no action was taken at first. He would even start helping customers and trying to fix their problems that were reported as helpdesk tickets when the company was not even taking action for them.
His first ISP was AOL, and he was curious to know what went on behind the scenes. He found multiple vulnerabilities and he was able to crack into the company’s network.
As a teenager, Adrian became known in the early 2000s with a string of attacks against large companies, mostly harmless though. Trying to prove a point, that if someone like Andrian Lamo, who was borrowing internet from a local Kinko’s could crack into companies like AOL, Yahoo, Microsoft, and even New York Times with such ease, anyone could. He was cracking misconfigured proxy servers, allowing him to bypass the corporate firewalls. He got into an unprotected CMS tool at Yahoo’s news site, and tried to alert the company, just like he did with the other vulnerabilities he found on other companies but no one was giving him attention. The only way to give attention and fix their problems was to go to the press and make the story known. Reuters wrote the story and things got heated quickly.
New York Times hack and charges from the FBI
In 2002, he penetrated the internal network of the well-known newspaper, ‘The New York Times’, and decided to have some fun. He managed to give himself admin credentials and gained access to a database containing data of over 3000 contributors of the newspaper. He then added himself to the paper’s internal database of experts, as a “hacking expert”. The Times was not having any of it and contacted the FBI to begin the investigation. In 2003, the FBI issued a warrant for Adrian’s arrest and in 2004 he pleaded guilty, resulting in a fine and six months of home detention, followed by two years of probation. But he knew that even after that, that the federal authorities were constantly monitoring him.
Asperger’s Syndrome Diagnosis
In 2010, Lamo joined the growing list of computer hackers who’ve been diagnosed with Asperger’s, like Gary McKinnon and Albert Gonzalez.
Usually, the diagnosis comes when the hacker faces the criminal justice system for the first time, rather than six years later, like Lamo’s case. The article was written by the reporter Kevin Poulsen, who was himself a former hacker and published by Wired.
WikiLeaks — Chelsea Manning case
Chelsea Manning was a former US soldier (formerly Bradley Manning) and known for being an activist and a whistleblower.
In 2010, Chelsea, who was in Baghdad at the time, was already pending discharge for “adjustment disorder” (gender identity disorder) because she expressed her uncertain feelings over her (his at the time) gender identity, causing her to lose her job as a soldier.
She contacted Adrian on May 20th, 2010 via encrypted emails because she was already aware of his hacking incidents back in the 2000s. She felt isolated and fragile and she thought Adrian was someone that might understand her situation.
He was unable to decrypt them but replied anyway, and invited the emailer (Chelsea) to chat on AOL messenger. In a series of chats between May 21 and May 25, Chelsea, using the nickname bradass87, and introducing herself as an Army intelligence officer, without waiting for a reply, alluded the leaks to Adrian. He then replied to her, and talk about restricted material in general. She then referenced a version of Wikipedia’s article on Wikileaks and indicated that some of the sections about the leaked Baghdad airstrike video were her leaks as well.
Chelsea started helping and providing WikiLeaks with leaked stories/content at the end of 2009 when she found herself involved in something she was completely against. He leaked various material including videos of airstrikes in Bagdad, Afghanistan, thousands of diplomatic cables of the U.S (the cables contain diplomatic analysis from world leaders, and the diplomats’ assessment of host countries and their officials) and half a million Army reports that later came to be known as the “Iraq War Logs” and “Afghan War Diary”.
The homepage of the WikiLeaks.org website circa 2010. The Manning leaks put a little-known transparency organization on the map and made its founder, Julian Assange, a household name. - source: www.npr.orgShe said she hoped that the material would lead to “hopefully worldwide discussion, debates, and reforms, and if not, we’re doomed as a species.”
Lamo as a whistleblower — chat logs got published
After the first chat with Manning on the 21st of May 2010, Adrian got in touch with Chet Uber, who was working for the Project Vigilant, which was researching cybercrime, and with a friend, Tim Webster, who was working in Army counterintelligence. The possibility that Adrian was under surveillance and that his chats with Manning were monitored, thus resulting to prosecute him as an accessory to the leaks may played a role in reporting her.
After he told them about the chat he went to the authorities, telling them that he believed Manning was endangering lives. He met with FBI investigators on May 25 in California where he showed them the chat logs, while also told the story to the reporter of Wired, Kevin Poulsen.
The FBI informed the Army officials and arrested Chelsea in Iraq on May 27th.
Kevin proceeded with breaking the news of the story in Wired on June 6th. Wired then, published some of the chat logs on June 6th to 10th and the whole logs in July the next year.
Arrest and charges of Chelsea Manning and Lamo’s criticism from the hacker community
Chelsea was then charged with several offenses, including violations of Articles 92 and 134 of the Uniform Code of Military Justice, and the Espionage Act.
His methodology and motivation had been under scrutiny ever since he turned in Chelsea. He was largely ostracized by the hacker community afterward, such as those at the “Hackers on Planet Earth” conference in 2010, who labeled him as a “snitch”.
Julian Assange, the founder of WikiLeaks also criticized Lamo’s actions, stating that it was “mischievous to suggest the individual has anything to do with WikiLeaks.”
However, from another perspective, it was thanks to Adrian that the government had months to amend any harm caused by the release of the diplomatic cables, but the opinions will always be widely divergent on such controversial issues as those.
For some time in the early 2011s, he was allegedly “in hiding”, and claiming that his “life was under threat” after turning in Manning.
Manning was incarcerated in the U.S military justice system and later sentenced to 35 years in prison. However, President Barrack Obama commuted the sentence to a total of seven years at the end of his presidential term.
She was first released from prison on May 17, 2017, but had rough following years spending time in and out of courts where she was served with multiple subpoenas to testify against the case of WikiLeaks and Julian Assange which she refused to testify multiple times.
On March 11, 2020, she tried to commit suicide in the prison where she was held, a couple of days before it was scheduled to appear before a judge on a motion to terminate sanctions. She recovered well in the hospital and the grand jury decided that her testimony was no longer needed. The judge found that her detention was no longer needed and she was released.
She received multiple awards over the years and made multiple appearances on TV and Universities, giving interviews and speaking engagements.
Death
Adrian died unexpectedly on March 14, 2018, at the age of 37 in Kansas.
His death was made public from his father’s post on Facebook who wrote “With great sadness and a broken heart I have to let know all of Adrian’s friends and acquaintances that he is dead. A bright mind and compassionate soul is gone, he was my beloved son.”
They found several bottles of pills in his home and the medical examiner, Scott Kipper, who handled Adrian’s autopsy explained that he couldn’t even rule out murder. He pointed out several irregularities in Lamo’s case such as a sticker found on Adrian’s left thigh, that read “Adrian Lamo, Assistant Director, ProjectVigilant, 70 Bates Street, NW, Washington, DC. “, but that wasn’t enough to point them in a definite answer.
After three months later, the Sedwick County Regional Forensic Science report showed no definitive cause of death, despite a complete autopsy.
A long list of chemicals found in Lamo’s bloodstream like Benadryl, chlorpheniramine, citalopram, gabapentin, clonazepam, etizolam, flubromazepam, and some of them were benzodiazepines that were prescribed by his doctor to treat his anxiety disorder. However according to the medical examiners, those drugs weren’t enough to kill Adrian, but he was likely in a sedated state. He would probably overmedicate due to his substantial anxiety.
The most probable cause of Adrian’s death was that he unknowingly combined the benzodiazepines with kratom, a recreational drug. The FDA came out with a medical alert just a month before Adrian died with a warning against mixing the benzodiazepines with kratom which was a combination that had been linked to dozens of deaths.
Adrian Lamo was the kind of hacker that wanted to challenge others to find different ways to get companies to take their security seriously. His role as a hacker was to find new and innovative ways of accomplishing things, beyond what an average person would think, ways to use existing resources differently and more efficiently to overcome unseen barriers.
He will remain forever “a very disreputable character” and a controversial figure in the hacker community.