
Fortnite teen hackers 'earning thousands of pounds a week' - yawz
http://www.bbc.co.uk/news/technology-46624136
======
laumars
I think the real issue here is not the kids doing the hacking but the parents
who know what they’re doing and let them continue - even help them bank their
earning in some instances. That makes the parents just as responsible in my
opinion.

We’ve all taken stupid risks as kids. I’d done my fair share of hacking too
when I was younger. But I tread a very fine line because I knew my parents
would have gone _mental_ if I was caught. Just as I would if I found out my
kids were doing something reckless and illegal. So to endorse such behaviour
in their own children really doesn’t cast them in a good light.

Sorry if this sounds high and mighty. I know comments about parenting often
can sound “holier than thou”, but the parents in that article have crossed the
line by in my personal opinion.

~~~
kjullien
I don't agree that much with what you are saying, mainly from personal
experience.

1\. Even if parents find out they probably have no idea what it means (legally
or literally) 2\. You can open a bank account really easily online for free.
(You can find photoshop ID templates for every possible country, maybe they
check them more nowadays but some years ago you didn't even need to change any
of the hashed numbers and it would be accepted by most services, even PayPal)
3\. I did get caught at one point by my parents, they proceeded to take away
every bit of technology they could find, so I ended up doing more shady stuff
(on a lended machine at mcdonalds) to make enough to buy a new computer and
keep on with life as usual. Had to re-buy a new computer every year or so when
they found out.

My perspective on the thing is that most parents won't even fathom the idea of
what hacking is, so finding out their kid is a "hacker" won't change a thing
in their day. And if it does a "hacker" will always find a way to keep on
going anyway, trying to not get caught along the way, it's the job spec.

Now what I can agree on is that if the kid tells their parents they're getting
money illegally and asking their parents to hold it in their bank account, and
the parents agree, then that's just plain stupidity, and a lot of that goes on
in the world, parent or not parent...

~~~
pavel_lishin
> _Even if parents find out they probably have no idea what it means (legally
> or literally)_

At least one kid admitted that his parents know exactly what he's doing, in
the article:

> _He said he knew what he was doing was illegal, but his parents were aware
> of his activities and had not stopped him._

Furthermore, parents aren't idiots. I got into some shit as a kid, and while
my parents weren't the tech-savviest folks around, they were usually pretty
quick to catch on that something was amiss. And keep in mind, that today's
parents probably grew up with computers themselves.

~~~
newnewpdro
> Furthermore, parents aren't idiots.

Plenty of adults are idiots, and many of those are parents.

~~~
newnewpdro
Relevant example in the news today:

[https://www.nbcnews.com/news/us-news/maryland-father-
accused...](https://www.nbcnews.com/news/us-news/maryland-father-accused-
directing-his-daughter-5-steal-package-porch-n950436)

------
circular_logic
I receive 2-5 emails a week with 'someone has tried to log in to your account'
from Epic games. After seeing this article it makes me wonder how much
prevention of brute forcing passwords Epic games are providing vs Just how
persistent these kids really are.

~~~
jstanley
2-5 attempts per week sounds like their brute-force prevention can't really be
asked to do much more.

~~~
vorpalhex
I was getting a few a night for a couple of weeks, with no option to
permanently lock my account. I had 2-factor enabled and that did nothing.
There's no way to disable the emails. I was just getting endlessly spammed by
someone who was never going to guess a 24+ character password via any
dictionary or bruteforce. Very annoying.

------
kjullien
SWIM did something similar at a similar age on the game League of Legends.
What is interesting was that at the time, most script kiddy programs to do the
"cracking" would in fact work, but as soon as you found (bruteforced) a valid
account it would be sent by the program in question to a main server, by the
time somebody tried to do anything with the account, the credentials were long
gone (stolen by the dev of the app). Essentially, they used the script kiddies
as a server farm and free human labour, and from what I understood they made
copious amounts of money, much more than the thousands they talk about in this
article.

------
nradov
While stealing is obviously wrong, there's no real impact from losing a video
game account. For the victims hopefully this will be a cheap lesson in the
importance of following good security practices: choose strong passwords, use
multi-factor authentication, and keep your devices free of malware.

~~~
foepys
Do you think the same when people get their jewelery stolen? The sentimental
value of in-game cosmetics might be the same to a lot of people.

~~~
nradov
I would think the same if the jewelry cost like $5. It's just a game, don't
take it too seriously.

~~~
mdpopescu
"It's just a game" works when it's about Tetris or Solitaire. If it's
something like WoW or Eve Online, where you need to invest years of effort
and/or thousands of dollars, it's no longer "just a game".

~~~
nradov
It's just a game. There's nothing wrong with playing games, but you're paying
for _entertainment_. It's not an investment.

And honestly those who devote years to playing WoW or whatever are more
deserving of pity than sympathy. People can spend their time however they like
but it's just such a sad waste of human potential.

~~~
laumars
You could prefix any statement with "it's just a" and it wouldn't change
things.

Just because you don't care it doesn't mean it's

    
    
        a/ any less of a crime
        b/ any less important to the victim
    

I mean where would _you_ draw the line? It's just car (after someone steals a
car) because you happen to take the train to work? Or "it's just a house"
(after an arson attack) because you happen to live in a hotel? And why should
anyone else care about your personal property - physical or virtual - if/when
that gets stolen if you don't consider other peoples property to be important?

Thankfully the law isn't defined by your specific benchmark of personal
importance.

~~~
nradov
The law is defined by the fair market value of the thing stolen or destroyed,
and by the risk or damage to human life. That seems like a reasonable way to
draw the line. Any sort of working car is worth a lot more than a video game
account.

And there's obviously no comparison between the impact of an _arson_ attack
versus anything that could happen related to a video game. I can't fathom why
you'd even bring that up. Let's have a sense of proportion.

------
Symbiote
> the teenager said he had spent about £50 of his pocket money to build up a
> collection of skins

Isn't that the underlying problem? In-game purchases have really disrupted the
economics of online gaming; £50 used to be something around the final price
for the whole game.

~~~
JeremyBanks
The underlying problem here is theft.

You’re discussing an unrelated problem.

~~~
WilliamEdward
It's not unrelated if the problem exists solely because these kids can make
money off of microtransactions, and would otherwise be unable to if the game
was a flat price.

~~~
JeremyBanks
Valuable property existed prior to 2016, including digital assets. There are
many valid criticisms of these business models but none of them are a
significant factors in explaining this behavior.

If the parents won't discipline these children, the state needs to discipline
those parents.

~~~
nradov
While account hacking is wrong and should be punished, the state has limited
enforcement resources. I would prefer that law enforcement focus on children
who commit more serious crimes, like breaking into cars, littering, or
spraying graffiti. Video games are way down the list of priorities.

~~~
JeremyBanks
True

------
justinhj
This is a good learning opportunity for the kids to use better passwords.
Hackers rely on large lists of leaked hashed passwords and usernames. Not sure
how good Fortnite security is but it’s easy to enforce longer passwords,
delays and account locks on repeated bad password entry and of course 2FA
which they do support and reward players for using

------
xfitm3
What we really need is minimum authentication standards with incentives for
compliance - password reuse isn’t limited to Fortnite.

~~~
simion314
I get emails from Epic to enable 2 factor often enough, I refuse because I
have a strong password, I don't want to give them my phone and I have nothing
to lose if I lose my account since I am not spending anything on it.

It should be much harder to change the email linked to an account, if the
email password is in the data leaks then there is really nothing you can do.

~~~
markild
I hate the tendency to demand phone number to activate two factor. I see no
practice reason why not simple TOTP isn't good enough. It's probably not a
practical reason though...

~~~
ams6110
Probably want phone as fallback auth for the inevitable people who lose their
TOTP device and didn't save any emergency codes.

~~~
lotsofpulp
That could be setup as an option. The fact that there is no option provided
and a phone number is mandatory means that they want to be able to track
people with a globally unique identifier.

------
lihaciudaniel
Phishing not hacking is the term you look for.

