Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Crime Security Microsoft Network Nintendo The Courts

Security Researcher Pleads Guilty To Hacking Into Microsoft and Nintendo (theverge.com) 53

24-year-old security researcher Zammis Clark pleaded guilty today to hacking into Microsoft and Nintendo servers and stealing confidential information. Clark, known online as Slipstream or Raylee, "was charged on multiple counts of computer misuse offenses in a London Crown Court on Thursday, and pleaded guilty to hacking into Microsoft and Nintendo networks," reports The Verge. From the report: Prosecutors revealed that Clark had gained access to a Microsoft server on January 24th, 2017 using an internal username and password, and then uploaded a web shell to remotely access Microsoft's network freely for at least three weeks. Clark then uploaded multiple shells which allowed him to search through Microsoft's network, upload files, and download data. In total, around 43,000 files were stolen after Clark targeted Microsoft's internal Windows flighting servers. These servers contain confidential copies of pre-release versions of Windows, and are used to distribute early beta code to developers working on Windows. Clark targeted unique build numbers to gain information on pre-release versions of Windows in around 7,500 searches for unreleased products, codenames, and build numbers.

Clark then shared access to Microsoft's servers through an Internet Relay Chat (IRC) server chatroom, allowing other individuals to access and steal confidential information. Prosecutors say other hackers from France, Germany, the United Arab Emirates, and other countries were then able to access Microsoft's servers. Police found the stolen files on Clark's home computer after a joint investigation involving Microsoft's cyber team, the FBI, EUROPOL, and the NCA's National Cyber Crime Unit (NCCU). [...] The Microsoft intrusion ended when Clark uploaded malware onto Microsoft's network, and he was subsequently arrested in June, 2017. Clark was then bailed without any restrictions on his computer use, and went on to hack into Nintendo's internal network in March last year. Clark gained access through Virtual Private Networks (VPNs) and used similar software to hack into Nintendo's highly confidential game development servers. These servers store development code for unreleased games, and Clark was able to steal 2,365 usernames and passwords until Nintendo eventually discovered the breach in May 2018. Nintendo estimates the cost of damages between $913,000 and $1.8 million, and Microsoft previously provided the court with a vague estimate of around $2 million in damages.
26-year-old Thomas Hounsell, known in the Windows community for running the now discontinued BuildFeed website, appeared alongside Clark in court on Thursday for using Clark's Microsoft server breach to conduct more than 1,000 searches for products, codenames, and build numbers over a 17-day period, the report adds.
This discussion has been archived. No new comments can be posted.

Security Researcher Pleads Guilty To Hacking Into Microsoft and Nintendo

Comments Filter:
  • by Excelcia ( 906188 ) <slashdot@excelcia.ca> on Thursday March 28, 2019 @08:33PM (#58351612) Homepage Journal

    ...is calling him a "security researcher".

    • Re: (Score:2, Funny)

      by Anonymous Coward

      I'm not robbing you, I'm just researching the security of your wallet!

    • by rtb61 ( 674572 )

      When the title fits, "Clark, who was employed at the Malwarebytes security company at the time of the Microsoft hack". The fellow is autistic (which is quite useful for computer security, they love details, deep numbers), and the position likely fed into his genetic malady and exacerbated it, the quest for more detail, that curiosity bug on steroids. Likely be better off in a protected job in government where they could constrain or make use of his excess digital curiosity, dependent upon the target.

      The NSA

      • ..

        whats up with that? microsoft paid someone 2 million to look into the hack? or nintendo got someone on their payroll and paid 2 million in actual bills to someone to look at the logs?

        UNFUCKING LIKELY.

        it's just made up.

        • by imidan ( 559239 )

          Just off the top of my head, here are a bunch of steps that might be taken in the situation:

          • Security team to discover the hack
          • Shut down systems/services to stop the attack
          • Document the extent of the hack and compromised data
          • Replace affected hardware with new, preserving the old as evidence
          • Eliminate the attacker's shells
          • Eliminate the attacker's malware
          • Rebuild affected systems
          • Audit everything the attacker might have touched
          • Prepare legal documentation
          • Depose everyone
          • Liaise with law enforcement
          • ...

          This requires t

  • by mabu ( 178417 ) on Thursday March 28, 2019 @08:46PM (#58351644)

    The guy hacked into Microsoft's network, and enjoyed access for more than five months, including sharing logon credentials with the hacker community, and Microsoft only seemed to find out after he uploaded malware to their network?

    • Note that this is a company that regularly performs security audits, with red-teaming and blue-teaming.

      I've said it before, but security can't be bolted on afterwards by a "security team." Every programmer needs to have security at the front of their mind.
  • This guy demonstrated issues wirh MS [lack of] security
    and they cried uncle.

    Do you support free security research, or Microsoft?

    Note: if you're not part of the security community please put "idiod" in your response subject so as not to bias valid results.

    E

  • WTF? how is this guy in anyway a "security researcher", he was nothing of the fucking sort, he was a straight up hacker/thief.
    • WTF? how is this guy in anyway a "security researcher", he was nothing of the fucking sort, he was a straight up hacker/thief.

      Bonus point for having used "Hacker": the previous word that used to mean something else [catb.org] but was eventually cooped into meaning the malicious attacker that apparently called "security researcher" nowadays by the press.

  • If it wasn't for those pesky kids.

    Kids he shared the access with on the internet in a large scale.

    Why do kids these days feel the need to publicly confess to their crimes in celebration?

Technology is dominated by those who manage what they do not understand.

Working...