
Rise and Fall of a Hacker Who Found the Secrets of the Next Xbox and PlayStation - recoiledsnake
http://kotaku.com/5986239
======
bonzoesc
> "I was treated like a criminal," he complained to me, looking back at the
> raid.

Today we learn several lessons:

1) Don't break in to computers of American corporations while living in a
country that has historically been very friendly with US law enforcement.

2) Don't break in to computers and boast about it to video game bloggers while
using your real identity.

3) Pirating games and using stolen credit card numbers are both crimes, yes,
but not doing them doesn't mean that breaking into computers isn't a crime.

4) If you don't want to be treated like a criminal, maybe don't commit crimes.

------
guylhem
When I read stuff like that, I just wonder what exactly the "hacked" company
is trying to achieve, or if they have any idea themselves.

On one hand, you have a person who seems to genuinely care about the security
of your company (since he gave you details), who had both the chance and the
opportunity to use the access to leak stuff that could have been quite
damaging to the company - yet didn't, and willfully meets the companies
representatives and corporate enquirer.

On the other hand, you have a company who seems to have real problem with its
security procedures, an improving but frail image as game platform (not so
many dead xbox memes at the moment), and a way to manage problems like an
elephant in a porcelain shop.

What exactly did anyone in his right mind hoped such a raid would do??? Let's
see, for the potential "benefit" effects of frightening other hackers, it
further damaged microsoft reputation and it will turn a cooperative hacker
group into a revenge-seeking foe. What did they got??? In the day and age of
cloud storage, what they took during the raid was at best zeroed harddrives
previously containing a copy of the information they wanted that could now be
anywhere - and they pissed off the guy who put that information out of they
reach.

Strategically, all I see just looks like a terrible move.

Now think for a second - what if the guy puts everything he downloaded
(sourcecode, etc) in a torrent, or pass the pdfs they were so willing to
protect on wikileaks? What if he start using his knowledge to create not
"giant hacks", but small hacks that could masquerade as bugs ? (say randomly
turn off live access, hijack random xbox live accounts, etc)

What if he commits suicide ? After all, he said he lost everything! Seriously
all this is at best a PR nightmare, and at worst the first step into a Sony
PSN style catastrophy. Some people should be fired, they forgot the basic
axiom :

DO NOT TAUNT THOSE WHO CAN DAMAGE YOU.

It will be fun watching anonymous attack xbox live in the following days, then
the various bad things that will happen - no, not fun, sad. What will happen
is so evident it's a tragedy.

Critics are easy, so I'll offer my 5 cents suggestion too. The right move in
this case? Give the hackers a psychological assessment, a background check,
then a big fat check to replace the bozos who were in charge of your security
and failed. Give them more to loose- money, their dream job, reputation.

Just don't turn them into enemies who have nothing to lose.

~~~
mhurron
> What exactly did anyone in his right mind hoped such a raid would achieve?

Made people think the company in question was doing what it needed to do to
protect its users.

The group of people that would see that move as a negative is small. Gamers,
by and large are not technically savvy people. They sat and worried about
their characters being broken into and people cheating. Basically there is no
action too drastic to protect them. The general public is basically the same.
A 'hacker' did something, the company targeted brought the hammer down on him.
All is well with the world.

Raid the hacker and nothing comes to light from what he did? The company
protected its users. Raid and the material is released? This is why we have to
be harder and harder on them until they get the message this won't be
tolerated. Commits suicide? It just shows how unstable these people are.

~~~
__david__
> Made people think the company in question was doing what it needed to do to
> protect its users.

So raiding hacker's houses is the IP equivalent of the TSA?

"Look at us, we're _doing_ something!"

------
networked
>Dylan's fellow hacker replies in detail about issues with the security of
content on the Xbox Live Marketplace—the Xbox 360's online store—but doesn't
elaborate on the Gamertag issue. The e-mail ends with a request for the
Microsoft person to maybe put in a good word for them. "I don't mean to ask
anything of you, and if I denied, I'll still be more than willing to help,"
Dylan's apparent hacker friend writes, "but do you think it would be possible
that me and Dylan, if proved to be useful, could possibly list someone we've
spoken to on your end as a reference for resumes or something of the sort?"

This part is puzzling to me. I think that at that point they had proved
themselves capable enough to ask Microsoft to straight up hire/contract them,
and not just for a resume quote. Establishing this kind of relationship with
Microsoft could have also prevented the seizure.

>Dylan told me that he was polite and helpful during the raid, but that "they
didn't allow me a lawyer...that's probably the biggest right they took from
me."

Does anyone here know Australian law? I certainly don't but at first glance it
looks like Dylan was intimidated into not doing what was legally the right
thing.

~~~
objclxt
I know of no jurisdiction where there's a right to legal representation
_during_ a raid. This makes complete sense, because otherwise you could
attempt to hold up a raid and dispose of evidence whilst you waited for your
legal counsel to get there. Your can argue about what is and isn't admissible
post the raid.

So I don't really think in that particular example any 'right' was taken from
him.

------
rodly
It seems a bit far fetched that Microsoft has thousands of servers you can
access publicly via default passwords.

They raided his home and took all of his stuff, but didn't arrest him? How is
that legal? Shouldn't he get his stuff back if they don't have any case within
X hours for prosecution?

I'm sure he's playing the victim here pretty hard because he states that he
doesn't believe he has done anything wrong and yet has tried selling a Durango
development kit on eBay in the past. He's probably done a lot more than that
to prompt an FBI agent across the world to his doorstep.

~~~
bonzoesc
This happened in Australia so it might be totally different, but if it
happened in the US: a warrant for search and seizure of evidence requires less
cause than a warrant for arrest, especially in the case where it's digital
evidence that can be destroyed without a trace quite easily.

~~~
AlexDanger
IANAL, but I believe they can seize the evidence if they have probable cause
that a crime has been committed.

In this case it would be easy to establish probable cause given how open this
guy has been with his hacking.

What I'm not sure of is how long its reasonable for the police to retain the
seized equipment. Although the guy said he was unemployed, I think most IT
people could make a case that the seizure of all computing equipment impedes
their ability to earn a living. That doesnt seem fair if no charge s have been
laid.

------
pandaman
Devkits are, usually, property of the console manufacturer. Maybe things has
changed with the new Xbox but this how it was in 6th and 7th generations.

If the ownership of devkits remains at MS then somebody who has one without MS
authorization is in possession of stolen property, this answers the question
"what did I do wrong?".

------
i386
He's unemployed because he has 'chronic pain' thus is unable to work but he
can spend all his time hacking game development companies? I call bullshit. I
don't know his situation but I wouldn't be surprised he's collecting a welfare
cheque too considering how easy this is to do in Australia.

(Don't get me wrong I have nothing against people on welfare - Ive been a
beneficiary when I was growing up but he sounds like the kind of person who
choses not to work and will use any excuse not to.)

