

Quebec boy, 12, pleads guilty to hacking government websites - bgtyhn
http://www.torontosun.com/2013/10/25/que-boy-12-pleads-guilty-to-hacking-government-websites

======
Frozenlock
Better title: "A 12 years old boy hacked your government websites. Lack of
security is concerning."

Seriously, security on governmental websites (in Canada and Québec) is
terrible.

I wouldn't be surprised if they stored password in plain text: they ask you to
choose a shorter password if yours is too long.

~~~
iLoch
Ding ding ding. Visited the website for National Student Loans Services Centre
and forgot my password. Email reset? Here's your password!

No! Why?

~~~
redthrowaway
>No! Why?

It was built by the co-op students who couldn't get placements anywhere else.

~~~
DonPellegrino
That's actually exactly what happens. Co-op programs are huge in Québec and
that's a good thing. Government jobs usually pay 30-40% less and most of the
time the less skilled students end up doing their co-op(s)/internship(s)
there.

------
teamonkey
> Court heard the boy used three different computer attacks, one which
> resulted in a denial of service to those trying to access the websites and
> flooded servers, making them ineffective.

> In another method he would alter information and make it appear as the
> homepage.

> His third tactic involved exploiting security holes in order to access
> database servers.

> "And he told others how to do it," a police expert testified in Montreal on
> Thursday.

And now so has the Toronto Sun, because frankly, that's all the info a script
kiddie will need, if they couldn't work it out themselves.

------
simlevesque
I have an uncle who works for a infosec company which has contracts with the
provincial government. I know that internally, the police of the province
(which is called the SQ) has no real power in terms of hacking investigation.
It really is sad. They rely on gathering info from sources such as Facebook,
that's how they got the kid.

What this article does not say is that right now is his first court hearing
but they had found his identity a couple of months ago. My uncle was at the
press conference where they said that they had found him and after it was
finished he asked one the police officer on the case how they had found him.
He straight up told him that they found him because he talked about it to his
friends on Facebook. If not for that, the kid would not have been caught. The
alternative is to wait for him to commit a crime against the great US of A and
have the FBI do the job.

For the record, I'm a 20 year old guy from Quebec and I really wonder what I
could have done if I tried my hands at it. I'm also glad I didn't.

------
InternalRun
I always hate the comments on these type of articles.

"the government should hire him before someone else gets him"

In reply

"you can be sure there is a line up already - this kid is a treasure"

~~~
scotty79
Why you hate such comments?

------
iLoch
Probably the work of CGI Group! :) Not that I really want to bash my follow
Canadian developers, but can we please get some experienced developers working
on these sites?

------
deletes
How are they sure he wasn't just a pawn or a script kiddie. I say this because
he pleaded guilty; was there some serious analysis done or did they just got
his address?

------
adamnemecek
I'm curious how many 'hackers' actually wear a hoodie when 'hacking'.

~~~
scotty79
The ones employed by corporation and sitting in open space office. Also
headphones.

------
Balgair
Well, that's embarrassing.

------
avty
We are all hackers now.

------
joelgrus
It took me a minute to figure out what a "Que. boy" was.

