◆ SpookStack

News: When is hacking a rin e x by “Weld Pond” when he was part of the LOpht. But others don't believe that a gray area should exist, even for hackers who break into a company's servers only te inform its network administrators about the vulnerabilities--a technique made famous by itinerant hacker Adrian Lamo. He has found his way into the networks of WorldCom, the New York Times, America Online and Excite@Home before breaking the news to the company or, more often, to the press. To those like Peter Lindstrom, director of security strategies for the Hurwitz Group consultancy, Lames and others of his ilk are criminal hackers, "If you are gray, you are black,” Lindstrom said. "It's not that [ don’t understand what they are trying to do, but it comes down to what you are actually doing." When hackers attack a network, an administrator has few ways to judge their intent. Every incident must be treated as an emergency, Lindstrom maintains, so every trespasser should be treated as a criminal. That point of view may be in the minority today, but it's rapidly gaining support. The trend is lending new strength to such laws as the Digital Millennium Copyright Act Cracking down on grays Last year, the FBI arrested Russian programmer-cum-hacker Dmitri Sklyarov for violating the criminal provisions of the DMCA by producing a program that could circumvent the copy protections surrounding Adobe Systems' e-book format. Adobe forced the issue with the FBI and then backed off amid wide criticism. Now the Justice Department is pursuing the case against Sklyarov's company, Elcomsoft. The arrest has worried those who find holes in software. At this year's Defcon hacking conference, some international researchers doubted they would attend in 2003, given the turn in the U.S. legal environment. *The DMCA is so vague and complex and confusing,” said Jennifer Granick, a defense lawyer and clinical director at Stanford University's Center for Internet and Society. "This is the most serious problem." The DMCA has become a favorite legal weapon of the software and media industries to silence critics and security experts, despite exemptions written by the Library of Congress for security research. Princeton University professor Edward Felton delayed presenting his findings regarding the security of several music standards when the Recording Industry Association of America threatened him with a lawsuit. In addition to the case against ElcomSoft, the FBI is reportedly investigating Lamo for his hacking of a database that contained contact information for New York Times columnists. Internal affairs Many security companies, such as Digital Defense, Internet Security Systems and @Stake, trumpet the fact that they hire hackers as part of their cachet. Oracle even maintains a staff of its own homegrown Page 3 of 6 FBI(19-cv-1495)-1039