Who’s to Blame for Bill O’Reilly Hack?

The break-in to the Web site of Fox News commentator and talk show host Bill O’Reilly has gotten far less coverage than the so-called “hack” of Alaska Gov. Sarah Palin’s e-mail account, but the story behind it is much more interesting.

Whatever the suspect’s motivation for hacking Palin’s e-mail, it’s pretty obvious why O’Reilly became a target. He had spent days railing against the earlier Palin hacks, and in particular, the image-hosting site 4chan for posting the information. O’Reilly wanted 4chan and its owner held criminally responsible for the contents being posted on the boards.

Someone out there evidently took umbrage at these statements and decided to hack into O’Reilly’s personal Web site. Over the weekend, screen grabs of recent subscribers, with their names, e-mail addresses, cities of residence and most importantly their passwords were posted to Wikileaks.org. In passing on the screens, the hackers told Wikileaks that security for BillOreilly.com was “non-existent.”

Wikileaks posted one page of what it claimed were several sent to the site. While this is not a breach of TJX proportions, such a leak still requires O’Reilly and his hosting provider, Nox Solutions, to inform all subscribers their information has been compromised. Section 1798.82 of the California civil code says security breaches must be disclosed to data owners and that state residents must be notified in the event of a breach.

O’Reilly posted a warning on his site about the breach, saying no credit card information was released, and that no members who joined before Sept. 14, 2008, were affected.*

It went on to say that O’Reilly’s staff has contacted the 205 members whose names and e-mail addresses were revealed. InternetNews.com also attempted to contact via e-mail many of those listed on the Wikileaks page, but about one-third of the addresses were invalid or otherwise bounced. The remainder have not responded.

The Knock against Nox

Los Angeles-based Nox Solutions has not answered repeated inquiries from InternetNews.com. Fox News owner News Corp. passed the buck, saying the O’Reilly site is hosted by Nox and therefore not its responsibility.

In that regard, legal experts said it could be Nox’s problem — maybe. “Blame will fall on Nox based on the full level of services that it looks like they provide and the way they are advertising terms,” said Robin Sax, a deputy district attorney for Los Angeles. “It looks like they are a one-stop shop for the customers.”

But she adds that liability depends on Nox’s service agreement and who manages the Web site. “If they just provide the space, and it’s Bill O’Reilly’s people who update and add information, then it’s their responsibility,” she said. “If they are not putting content and they aren’t doing maintenance and they don’t put the security in, then it’s not their problem.”

Marc John Randazza, an attorney with Weston, Garrou, Walters & Mooney in Altamonte Springs, Florida and a professor of law at Barry University School of Law, thinks Nox could be in the clear, too.

“If they don’t catch the hackers, you could possibly hold the site responsible. Possibly,” he told InternetNews.com. “You’d have to get pretty creative to hold them accountable. It looks like everybody’s a victim here except the hackers.”

Those hackers have been a lot smarter than the one who broke into Palin’s account, who left a trail virtually to his door. Whoever broke into O’Reilly’s site has kept far more quiet about it, offering only the screenshot of user account information as proof of their deeds, and nothing more.

Next page: How poor was the security?

Continued from Page 1

The one way Nox could be on the hook is if its security was as nonexistent as the hackers claimed. “If their site was really easy to hack, they might be negligent, maybe. It’s really going to depend on how poor their security was,” Randazza said.

Sax concurred. “The thing that’s going to be of issue here is the causation issue — that is, what actions that allowed for the hack. If there was nothing done from a preventative point of view, is there a liability? The next step is if [Nox] found out the information was compromised, what did they do to protect the people afterwards?”

Randazza said the victims listed on Wikileaks have his sympathies. Attackers “hacked [O’Reilly’s site] and posted info about nobody who had anything to do with this. It would have been real easy to black out those passwords and make those people’s lives easier. Those are the people I feel bad for,” he said.

O’Reilly, though, is off the hook. “I don’t see how he could be liable. All he did was poke the hornet’s nest,” Randazza said.

Nox Nox. Who’s There?

One of the most peculiar and unanswered elements of the story is how Nox wound up hosting O’Reilly to begin with. A quick scan of its home page shows an imitation of iTunes’ animated Cover Flow display that lists its clients.

Nox had a tiny entry in Wikipedia that was recently removed. It said, in part, “Nox Solutions is located in Los Angeles, CA and was founded by Eric Marston and Payam Zarabi in 2001 as an independently owned, full-service e-commerce management firm. Nox offers website management including website design, creation, maintenance, hosting, marketing, promotions, customer service and product fulfillment.”

Payam Zarabi’s LinkedIn profile indicates he graduated from the University of Southern California with a Bachelor’s degree in Information Systems. He worked as a senior consultant for Wavebend Consulting and then a senior developer for Firstlook.com before launching Nox with Marston. Marston’s LinkedIn profile said he worked for Kraft Foods and IBM as a programmer.

Sax noted that many of the clients listed, including O’Reilly, have a nationally syndicated radio show on Westwood One, one of the largest national radio networks. Other Nox clients are syndicated through Talk Radio Network and Salem Talk Radio. This could mean Westwood One gets dragged into a legal swamp, should the people exposed by the hackers feel litigious.

“This possibly could go up to Westwood One, especially if they are taking care of [the sites] and placing [talent with Nox], and they are the bigger cheese here,” she noted.

When contacted regarding its association with Nox, a Westwood One spokesman told InternetNews.com he would inquire with his superiors and reply back. As of press time, there has been no response.

*Corrects prior version to indicate that O’Reilly published a warning to members on the site.

Get the Free Newsletter!

Subscribe to our newsletter.

Subscribe to Daily Tech Insider for top news, trends & analysis

News Around the Web