The Hacker Who Found the Secrets of the Next Xbox and PlayStation 214
An anonymous reader writes "Stephen Totilo at Kotaku has a long article detailing the exploits of an Australian hacker who calls himself SuperDaE. He managed to break into networks at Microsoft, Sony, and Epic Games, from which he retrieved information about the PS4 and next-gen Xbox 'Durango' (which turned out to be correct), and he even secured developer hardware for Durango itself. He uncovered security holes at Epic, but notified the company rather than exploiting them. He claims to have done the same with Microsoft. He hasn't done any damage or facilitated piracy with the access he's had, but simply breaching the security of those companies was enough to get the U.S. FBI to convince Australian authorities to raid his house and confiscate his belongings. In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out. The article describes both SuperDaE's activities and a journalist's efforts to verify his claims."
Sort of interesting, but... (Score:5, Insightful)
In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out.
And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"? It was OK because the victims where Microsoft and Sony? Or, shall we see another case of the famous Slashdot Double Standard?
Durango hasn't been revealed (Score:1, Insightful)
> he retrieved information about the PS4 and next-gen Xbox 'Durango' (which turned out to be correct)
"Durango" hasn't been revealed yet. How do we know his info is correct?
Chinese Army (Score:5, Insightful)
Ugh.
If some surfer dude from Oz can do this imagine what the Chinese Army and the TLAs have gotten into.
I don't know is this is good or bad, Mutually Assured Destruction can be a good thing, as well as can be the dissemination of information.
However it sure should give people pause when they put a server online. Or make their bank accounts available on the web.
It might be a case of not if but when.
Re:Sort of interesting, but... (Score:5, Insightful)
It may be ok to a degree for the cases where he broke in and then notified the company of a breach...
Hi, I broke into your house and ran may fingers through your dainty underthings and fondled your tooth brush.
Don't you think you should buy a better lock and maybe an alarm system?
Don't bother thanking me, it's what I do...
Re:No damage? (Score:5, Insightful)
There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
There seems to be this common misconception that having to fix a network to remove holes and backdoors is somehow worse than having lived with it for some time without knowing it Not to mention the fact that your second sentence does not substantiate the first, also known as the non sequitur fallacy: not having caused any damage and being under suspicion for having caused some are two completely independent things.
Re:No damage? (Score:5, Insightful)
There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
Those actions and associated costs are not the result of having your network broken into. They are the result of being told your network is vulnerable - even if you have no knowledge that the network was actually broken into.
Re:Sort of interesting, but... (Score:2, Insightful)
If I'm in charge of millions of people's credit card information, THANKS! You're better than dealing with hackers who would rather take that credit card information, sell it on the black market and have to deal with legal charges for failure to properly secure financial information!
Re:Sort of interesting, but... (Score:2, Insightful)
If you truly believe such behavior is merely "a tad creepy" and that it isn't a problem, seek professional help. I'm serious. What this guy did to these networks is way less of a problem than your disturbing analogy.
The last time I saw someone "helpfully" checking doors in my neighborhood I called the cops. There is never a good reason to test the security of a stranger's house, or even a friend's house, unless they want you to do so. If you really care, write a damn pamphlet about home security and hand it out or mail it.
Getting back to the network... You only have the word of someone unscrupulous that they didn't commit further unscrupulous activities.
Re:Sort of interesting, but... (Score:5, Insightful)
Less secure than what, exactly?
Let's use a real world analogy. I have my house locked up tight. My neighbor says that I have cruddy, worthless locks on my door. He proceeds to show me how easy it is to break into my own house. He suggests that I invest in the same type of locks that he uses.
So, what should I do? Call the law, and have the neighbor locked up for showing me that my security is shit?
Or, should I purchase and install the locks that he has shown me to be effective?
In actuality, the neighbor has helped me to be MORE secure, not less secure.
Derp, derp, derp.
Re:Sort of interesting, but... (Score:5, Insightful)
Depends. Did he ask for your permission beforehand? If he did and you gave him OK, that's fine.
If he didn't, he's committing a crime for obvious reasons. Else this would become a perfect excuse to burglars who didn't manage to steal YET. "But I was just showing the residents how weak their lock was!".
Re:Sort of interesting, but... (Score:5, Insightful)
Let's say you came home and your neighbor was sitting on your couch watching tv while drinking one of your beers. Then he says "your locks suck, you should try the ones I use".
How would you like that?
Derp, derp, derp.
Really? (Score:2, Insightful)
Summary: Kid breaks in networks of corporate entities, accesses trade secrets, purchases development hardware using fraudulent information, brags about it on the internet and then cries about being "ruined".
There is nothing "ethical" about any of this kid's shenanigans. He cried about them taking his toys away, and doesn't even realize he's going to pound-me-in-the-ass prison yet.
Moral of the story: Common sense eludes hacker.
Re:Sort of interesting, but... (Score:5, Insightful)
The closest analogy is the spirit of the law vs the letter of the law...
Hackers generally obey the letter of the law, that is they are only making a computer do what it was programmed to do. Wether that programming was intentional, or the result of a bug comes down to the spirit in which the program was written.
A similar scenario is the law... There are many loopholes (ie bugs) in the law which allow people to legally perform acts which were never intended by the people who wrote those laws.
So why then is it legal for a lawyer to exploit loopholes in the law, but not legal for a hacker to exploit loopholes in program code?
Re:Sort of interesting, but... (Score:4, Insightful)
That's my concern in this. Seizing his bank access seems punitive to me and he hasn't been found guilty of anything. The alleged offenses don't even seem to warrant that action.
I really hope his legal team can set some kind of precedent to keep a tighter leash on prosecution agencies.