Security Researcher Pleads Guilty To Hacking Into Microsoft and Nintendo (theverge.com) 53
24-year-old security researcher Zammis Clark pleaded guilty today to hacking into Microsoft and Nintendo servers and stealing confidential information. Clark, known online as Slipstream or Raylee, "was charged on multiple counts of computer misuse offenses in a London Crown Court on Thursday, and pleaded guilty to hacking into Microsoft and Nintendo networks," reports The Verge. From the report: Prosecutors revealed that Clark had gained access to a Microsoft server on January 24th, 2017 using an internal username and password, and then uploaded a web shell to remotely access Microsoft's network freely for at least three weeks. Clark then uploaded multiple shells which allowed him to search through Microsoft's network, upload files, and download data. In total, around 43,000 files were stolen after Clark targeted Microsoft's internal Windows flighting servers. These servers contain confidential copies of pre-release versions of Windows, and are used to distribute early beta code to developers working on Windows. Clark targeted unique build numbers to gain information on pre-release versions of Windows in around 7,500 searches for unreleased products, codenames, and build numbers.
Clark then shared access to Microsoft's servers through an Internet Relay Chat (IRC) server chatroom, allowing other individuals to access and steal confidential information. Prosecutors say other hackers from France, Germany, the United Arab Emirates, and other countries were then able to access Microsoft's servers. Police found the stolen files on Clark's home computer after a joint investigation involving Microsoft's cyber team, the FBI, EUROPOL, and the NCA's National Cyber Crime Unit (NCCU). [...] The Microsoft intrusion ended when Clark uploaded malware onto Microsoft's network, and he was subsequently arrested in June, 2017. Clark was then bailed without any restrictions on his computer use, and went on to hack into Nintendo's internal network in March last year. Clark gained access through Virtual Private Networks (VPNs) and used similar software to hack into Nintendo's highly confidential game development servers. These servers store development code for unreleased games, and Clark was able to steal 2,365 usernames and passwords until Nintendo eventually discovered the breach in May 2018. Nintendo estimates the cost of damages between $913,000 and $1.8 million, and Microsoft previously provided the court with a vague estimate of around $2 million in damages. 26-year-old Thomas Hounsell, known in the Windows community for running the now discontinued BuildFeed website, appeared alongside Clark in court on Thursday for using Clark's Microsoft server breach to conduct more than 1,000 searches for products, codenames, and build numbers over a 17-day period, the report adds.
Clark then shared access to Microsoft's servers through an Internet Relay Chat (IRC) server chatroom, allowing other individuals to access and steal confidential information. Prosecutors say other hackers from France, Germany, the United Arab Emirates, and other countries were then able to access Microsoft's servers. Police found the stolen files on Clark's home computer after a joint investigation involving Microsoft's cyber team, the FBI, EUROPOL, and the NCA's National Cyber Crime Unit (NCCU). [...] The Microsoft intrusion ended when Clark uploaded malware onto Microsoft's network, and he was subsequently arrested in June, 2017. Clark was then bailed without any restrictions on his computer use, and went on to hack into Nintendo's internal network in March last year. Clark gained access through Virtual Private Networks (VPNs) and used similar software to hack into Nintendo's highly confidential game development servers. These servers store development code for unreleased games, and Clark was able to steal 2,365 usernames and passwords until Nintendo eventually discovered the breach in May 2018. Nintendo estimates the cost of damages between $913,000 and $1.8 million, and Microsoft previously provided the court with a vague estimate of around $2 million in damages. 26-year-old Thomas Hounsell, known in the Windows community for running the now discontinued BuildFeed website, appeared alongside Clark in court on Thursday for using Clark's Microsoft server breach to conduct more than 1,000 searches for products, codenames, and build numbers over a 17-day period, the report adds.
The problem with this story... (Score:5, Insightful)
...is calling him a "security researcher".
Re: The problem with this story... (Score:1)
The media has misused the term "hacker" so much that when they see an actual hacker, they have no idea what to call him.
Re: (Score:1)
thats racist
Re: (Score:2, Funny)
I'm not robbing you, I'm just researching the security of your wallet!
Re: (Score:2)
When the title fits, "Clark, who was employed at the Malwarebytes security company at the time of the Microsoft hack". The fellow is autistic (which is quite useful for computer security, they love details, deep numbers), and the position likely fed into his genetic malady and exacerbated it, the quest for more detail, that curiosity bug on steroids. Likely be better off in a protected job in government where they could constrain or make use of his excess digital curiosity, dependent upon the target.
The NSA
those damages though.. (Score:2)
..
whats up with that? microsoft paid someone 2 million to look into the hack? or nintendo got someone on their payroll and paid 2 million in actual bills to someone to look at the logs?
UNFUCKING LIKELY.
it's just made up.
Re: (Score:2)
Just off the top of my head, here are a bunch of steps that might be taken in the situation:
This requires t
Re: (Score:2)
Re: (Score:2)
!protected != !confidential
Prerelease code is a trade secret. Any code is a trade secret.
Uploading web shells to enhance and extend his access...
Giving the access details to all his friends on IRC.
This isn't some estate brat who egged a house. Basically he picked the lock, robbed the house, put duct tape over the latch so that it couldn't properly lock and more, then told all his friends the house address so that they could pick over the stuff he didn't necessarily want.
Narrowly avoiding prison is wide of
Re: (Score:1)
What about Gandalf.
"Microsoft security?" (Score:3)
The guy hacked into Microsoft's network, and enjoyed access for more than five months, including sharing logon credentials with the hacker community, and Microsoft only seemed to find out after he uploaded malware to their network?
Re: (Score:2)
I've said it before, but security can't be bolted on afterwards by a "security team." Every programmer needs to have security at the front of their mind.
Microsoft sucks (Score:1)
This guy demonstrated issues wirh MS [lack of] security
and they cried uncle.
Do you support free security research, or Microsoft?
Note: if you're not part of the security community please put "idiod" in your response subject so as not to bias valid results.
E
researcher? (Score:2)
hacker (Score:2)
WTF? how is this guy in anyway a "security researcher", he was nothing of the fucking sort, he was a straight up hacker/thief.
Bonus point for having used "Hacker": the previous word that used to mean something else [catb.org] but was eventually cooped into meaning the malicious attacker that apparently called "security researcher" nowadays by the press.
Probably would have gotten away with it... (Score:1)
If it wasn't for those pesky kids.
Kids he shared the access with on the internet in a large scale.
Why do kids these days feel the need to publicly confess to their crimes in celebration?