The break-in of Fox News commentator and talk show host Bill O’Reilly’s Web site has gotten far less coverage than the so-called “hack” of Alaska Gov. Sarah Palin’s e-mail account, but the story behind it is much more interesting.
Whatever the suspect’s motivation for hacking Palin’s email, it’s pretty obvious why O’Reilly was hacked. He had spent days railing against the hacks and in particular the image hosting site 4chan for posting the information. O’Reilly wanted 4chan and its owner held criminally responsible for the contents being posted on the boards.
Someone out there took umbrage at these statements and decided to hack into O’Reilly’s personal Web site. Over the weekend, screen grabs of recent subscribers, with their names, e-mail addresses, cities of residence and most importantly their passwords were posted to Wikileaks.org. In passing on the screens, the hackers told Wikileaks that security for BillOreilly.com was “non-existent.”
Wikileaks posted one page of what it claimed were several sent to the site. Such a breach requires O’Reilly and his hosting provider, Nox Solutions, to inform all subscribers their information has been compromised. Section 1798.82 of the California civil code says security breaches must be disclosed to data owners and California residents must be notified in the event of a breach.
Whether that has been done cannot be accurately determined. There is no notification on O’Reilly’s site of the breach. InternetNews.com attempted to contact many of the people listed on the Wikileaks page, but about one-third of the addresses were invalid and the e-mail bounced. The remainder have not responded.
The Knock on Nox
Nox Solutions has not answered repeated inquiries from InternetNews.com. News Corp. passed the buck, saying the O’Reilly site is hosted by Nox and therefore not its responsibility.
In that regard, it may well be Nox’s problem, say legal experts. Maybe. “Blame will fall on Nox based on the full level of services that it looks like they provide and the way they are advertising terms. It looks like they are a one-stop shop for the customers,” said Robin Sax, a Deputy District Attorney for Los Angeles.
But she adds that liability depends on their service agreement and who manages the Web site. “If they just provide the space, and it’s Bill O’Reilly’s people who update and add information, then it’s their responsibility. If they are not putting content and they aren’t doing maintenance and they don’t put the security in, then it’s not their problem,” she said.
Marc John Randazza, an attorney with Weston, Garrou, Walters & Mooney in Altamonte Springs, Florida and a professor of law at Barry University School of Law, thinks Nox could be in the clear, too.
“If they don’t catch the hackers, you could possibly hold the site responsible. Possibly,” he told InternetNews.com. “You’d have to get pretty creative to hold them accountable. It looks like everybody’s a victim here except the hackers.”