Security News
Navigation

 

 


Home News News Item
 

New York Times Internal Network Hacked

April 2001

Security holes in the New York Times internal network left sensitive databases exposed to hackers, including a file containing Social Security numbers and home phone numbers for contributors to the Times op-ed page.

In a two-minute scan performed on a whim, twenty-one-year-old hacker and sometimes-security consultant Adrian Lamo discovered no less than seven misconfigured proxy servers acting as doorways between the public Internet and the Times' private intranet, making the latter accessible to anyone capable of properly configuring their Web browser.

"The very first server I looked at was running an open proxy," says Lamo. "The server practically approached me."

Once on the newspaper's network, Lamo exploited weaknesses in the Times password policies to broaden his access, eventually browsing such disparate information as the names and Social Security numbers of the paper's employees, logs of home delivery customers' stop and start orders, instructions and computer dial-ups for stringers to file stories, lists of contacts used by the Metro and Business desks, and the "WireWatch" keywords particular reporters had selected for monitoring wire services.

Source...

News Headlines

 

Latest Security News



Home  |  Client Login  |  Search  |  Site Index  |  Contact Us
Terms & Conditions  |  Contact Us               UK Telephone   0845 22 55 050