September 20, 2001 11:30 AM PDT
Yahoo News hacked, story changed
According to Yahoo, news of the hack was first reported and brought to the company's attention by SecurityFocus.com this week. A Yahoo representative said the Web portal had taken "appropriate steps to block unauthorized access" to its production tools.
The hacks are the latest in an ongoing headache for online news organizations. Previous incidents include the defacement of The New York Times Web site and an attack one year ago on the Orange County Register's Web site.
In those incidents, hackers appeared to be using the sites to make a political point or simply to make trouble. But in the attack on Yahoo News, the hacker, Adrian Lamo, said he was acting to demonstrate Yahoo's security lapses, according to the SecurityFocus report.
Some of Lamo's changes were whimsical, but others were substantial factual misrepresentations. For example, Lamo's altered story reported that the Russian hacker faced the death penalty if convicted, SecurityFocus reported.
Lamo also told SecurityFocus that he'd been able to change Yahoo News stories over the course of three weeks and that he had changed other stories in addition to the Aug. 23 Reuters story.
Yahoo would not comment on whether it planned legal action against Lamo over the incidents.
The Yahoo News caper is not Lamo's first warning to a Web company. In May, he brought to light security lapses in Excite@Home's network, which the broadband Internet access provider later thanked him for catching.
Lamo, the founder and a staff writer for the Inside-AOL Web site, was also credited last year for exposing a hole in America Online's instant-messaging application.