RealTime IT News

Who's to Blame for Bill O'Reilly Hack?

The break-in to the Web site of Fox News commentator and talk show host Bill O'Reilly has gotten far less coverage than the so-called "hack" of Alaska Gov. Sarah Palin's e-mail account, but the story behind it is much more interesting.

Whatever the suspect's motivation for hacking Palin's e-mail, it's pretty obvious why O'Reilly became a target. He had spent days railing against the earlier Palin hacks, and in particular, the image-hosting site 4chan for posting the information. O'Reilly wanted 4chan and its owner held criminally responsible for the contents being posted on the boards.

Someone out there evidently took umbrage at these statements and decided to hack into O'Reilly's personal Web site. Over the weekend, screen grabs of recent subscribers, with their names, e-mail addresses, cities of residence and most importantly their passwords were posted to Wikileaks.org. In passing on the screens, the hackers told Wikileaks that security for BillOreilly.com was "non-existent."

Wikileaks posted one page of what it claimed were several sent to the site. While this is not a breach of TJX proportions, such a leak still requires O'Reilly and his hosting provider, Nox Solutions, to inform all subscribers their information has been compromised. Section 1798.82 of the California civil code says security breaches must be disclosed to data owners and that state residents must be notified in the event of a breach.

O'Reilly posted a warning on his site about the breach, saying no credit card information was released, and that no members who joined before Sept. 14, 2008, were affected.*

It went on to say that O'Reilly's staff has contacted the 205 members whose names and e-mail addresses were revealed. InternetNews.com also attempted to contact via e-mail many of those listed on the Wikileaks page, but about one-third of the addresses were invalid or otherwise bounced. The remainder have not responded.

The Knock against Nox

Los Angeles-based Nox Solutions has not answered repeated inquiries from InternetNews.com. Fox News owner News Corp. passed the buck, saying the O'Reilly site is hosted by Nox and therefore not its responsibility.

In that regard, legal experts said it could be Nox's problem -- maybe. "Blame will fall on Nox based on the full level of services that it looks like they provide and the way they are advertising terms," said Robin Sax, a deputy district attorney for Los Angeles. "It looks like they are a one-stop shop for the customers."

But she adds that liability depends on Nox's service agreement and who manages the Web site. "If they just provide the space, and it's Bill O'Reilly's people who update and add information, then it's their responsibility," she said. "If they are not putting content and they aren't doing maintenance and they don't put the security in, then it's not their problem."

Marc John Randazza, an attorney with Weston, Garrou, Walters & Mooney in Altamonte Springs, Florida and a professor of law at Barry University School of Law, thinks Nox could be in the clear, too.

"If they don't catch the hackers, you could possibly hold the site responsible. Possibly," he told InternetNews.com. "You'd have to get pretty creative to hold them accountable. It looks like everybody's a victim here except the hackers."

Those hackers have been a lot smarter than the one who broke into Palin's account, who left a trail virtually to his door. Whoever broke into O'Reilly's site has kept far more quiet about it, offering only the screenshot of user account information as proof of their deeds, and nothing more.

Next page: How poor was the security?