The producers were quite successful in temporarily filling the Nathan for You shaped hole in my life.
However, I must agree that I'm unsure whether that was their aim or not..
I think some of the real questions that events like this raise are:
* How do reduce the technological illiteracy in the population?
* How do we develop polices to ensure that these devices that are being sold to millions of people are properly protected?
People are angry about analogical non-tech "pranks" when those happen too. It is convenient to chulk anger of prank target to his own faults, but no, they are not as cool as you think you are and people in general don't like pranks. And I am blaming culture instead of teenagers, because you have adults like PewDiePie saying this "I love it. Please keep it up, just don’t do anything illegal, because that will look bad on me—that’s the only reason—that will look bad on PewDiePie". What exactly does teenager hears there and would the teenager in that culture hear the opposite clear "it is illegal" and "don't do it, boundaries of others" messages?
i think the "attack" they did is pretty perfectly grey hat, expose a weakness to the user with a "how-to-fix" guide.
(i should note, i'm talking about the chrome hack.)
Another would be putting a potato in the exhaust -- why don't they build potato proof exhausts?
You can let car tyres down without causing an ounce of damage, what a hoot. It's the car company's fault that so many cars are susceptible.
It's quite hard to accidentally put a potato in an exhaust pipe. One cannot write a script that mechanically puts a potato up every car in the world's tailpipe, in 5 minutes nonetheless!
An appropriate real world analogy would be something like a maker of explosion-proof equipment forgoes designing any actual protection against those harsh environments, and then blames the ensuing explosion on all that dust in the air.
The Internet was successful precisely due to scaling from the End to End principle. The Internet is hostile noise - as soon as something speaks IP, it must be capable of standing up for its own security rather than relying on some imagined benevolence or accountability. If a manufacturer is not up to this task, then there are plenty of non-globally-routing protocols (eg USB, bluetooth) that printers can use to communicate with a competent Internet node.
(Furthermore ignoring the digital spookiness, the actual damage doesn't even add up to much. If we assume they hacked 30k printers, that's only 60 reams of paper - on the scale of petty larceny. And given that we allow junk mail and other advertising companies to do far more damage as their above-board business, it's questionable whether that integral even applies!)
i'm sure you don't want secure strong products.
Just as we should not demonize acts like this as something more dangerous then it is, we should not add naive feel good interpretations that makes them misunderstood heroes.
they did them to expose a weakness to the user so they could fix it.
if white hat is employed by companies, and black hat is working for malicious gain. their actions fall squarely into grey hat.
i'm not calling them saints, but it confuses me that anyone would have a issue with their actions? can you explain why they don't fit the model of grey hat?
what they do wrong?
I think that what they did crossed the boundaries of other people. It did not caused much harm, just like walking around directors office without permission and without taking away something.
I don't care about hat color games. That just serves to obfuscate issues.
Also, it was illegal and put themselves in danger for that reason. So PewDiePie along with all adults who talk from both sides of their mounth in front of audience they intentionally build from young inexperienced impulsive people can stuff themselves too. "This illegal thing is totally cool I love you, I mean don't do anything illegal, I love you for doing that ilegal thing" is mastery of double message and manipulation.
so why did the chrome cast hack include a 'how to fix this' guide?
"the CastHack bug, allegedly disclosed nearly five years ago"
"A spokesperson from Google told TechCrunch, “We have received reports from users who have had an unauthorized video played on their TVs via a Chromecast device. This is not an issue with Chromecast specifically, but is rather the result of router settings that make smart devices, including Chromecast, publicly reachable.”"
google has ignored this bug as it isn't a issue with the chromecast, but the router, so using this hack to teach users to fix the router issue is a legitimate way to help users.
your analogy suck, a better one is how bug hunters work, except this bug was exposed directly to the end-user.
sorry i know colours can be confusing, don't worry about it.
point me to the laws that were broken, just because you hate a YouTuber doesn't make him a bad person.
Bug hunters work with prior agreement, they don't access devices owned by third parties without it. When they do they anonymize and hisr themselves. They do indeed fear legal and go through steps to protect themselves. They complain about these processes like all the time.
2.) Dude, the hacker giraffe wrote that he had anxiety attacks due to his activities even before all this. He also wrote he could not sleep due to persistent fear that every noise is swat team knocking. He wrote that he won't touch computer and will seek job without them. I am sceptical about feasibility of the last one.
I don't know whether youtuber is good or bad person. He is definitely irresponsible when he encourages teenagers to do what giraffe did.
Giraffe did everyone good service writing that letter, so really go read it. It might be fun and games for PewDiePie, but is not for giraffe. So let's hope he won't get caught affecting him even more, that his past activities are not too bad and that he learns from experience.
3.) This is exactly what compelled me to answer. These things have very real serious consequences, but due to the way we talk about it people don't realize until is too late. Go lob for change of laws, but don't say they don't exist to kids who might believe you.
he wasn't bug hunting? he was showing users they are exposed to the internet so they could fix it!
2.) yes, i don't blame him, what was meant to be a harmless exercise in google scanning, has lead to people throwing death threats at him, and threatening law suits.
he didn't encourage any reckless actions, i see Felix as quite a rational guy.
i have read the chromecast hack, and the printer one, have you? i doubt he will, and if he does a simple defence could be made to fight for his case in court.
3.) i don't know if you are talking about me or felix? i doubt felix has a firm grasp on computer hacking law, but like i said he didn't tell them to do that, in fact he's stayed at arms length. the actions giraffe took don't fall foul of the UK law, idk about american.
i'm pretty much done with this exchange, and who ever has been down-voting my comments.
2.) Just one note: being rational does not exclude irresponsible. Because what is in rational for Félix self-interest is not in interest of hacker giraffe nor in interest wannabe pre-teenage hackers in his audience. It might as well be rational for him to be irresponsible as his audience like it.
3.) No, he does not have form grasp of laws. Again that would be against his self interest, as he could not be funny clueless after.
I quoted him at full above. Frankly, sleezy and talking from both sides of mounth. Encouraging it while keeping plausible deniality. End result: he is safe while audience is having fun while they all think how cool consequences less it was.
4.) American law is batshit crazy with penalties, expansive and absurdly expensive even if you are actually innocent.
The reason they may not apply is the lop-sided extradition arrangements that the UK has with the US.
But, since this is likely a crime in both countries with a potential sentence of longer than one year in prison he faces possible extradition to the UK if anyone can be bothered with that process.
UK based hackers who attacked US computers have been (or have come close to being) extradited to the US.
It's much harder to take US based hackers attacking UK systems to the UK.
> The treaty has been claimed to be one-sided because it allows the US to extradite UK citizens and others for offences committed against US law, even though the alleged offence may have been committed in the UK by a person living and working in the UK (see for example the NatWest Three), and there being no reciprocal right; and issues about the level of proof required being less to extradite from the UK to the US rather than vice versa.
Although the US embassy does say this: https://uk.usembassy.gov/our-relationship/policy-history/the...
> Why is it so much easier to extradite someone from the UK to the U.S. than in the other direction
> It isn’t. The United States has not denied a single extradition request from the UK under the treaty; the UK has denied 10 requests from the U.S. since the treaty took effect.
> Moreover, extradition requests from the U.S. to the UK have taken as long as 13 years to work their way through the UK and European courts. For extradition requests from the UK to the U.S. the subjects are in most cases extradited within several months.
> A panel of UK extradition experts, led by well-respected retired judge Sir Scott Baker, found that the treaty is fair and balanced. Its report, issued in October 2011, provides considerable data and analysis to support the panel’s conclusions.
> The Baker panel report notes that the U.S. has a population about five times the size of the UK, but there have been fewer than twice the number of people extradited to the U.S. than to the UK. The number of U.S. requests is therefore not disproportionate.
Encouraging a crime is a crime in the UK based on the Serious Crime Act 2007
The actual hacking falls under the Computer Misuse Act 1990
If I leave my front door unlocked, return home, find that someone has gone into my house and left a note saying "Hi, your door was unlocked, you should lock it", I would not be happy. If they papered my living room with "visit this celeb's webpage" I'd be furious.
i then walk past, notice your door and the vulnerability, and then slide a note through your door explaining the vulnerability and how to fix it. you would be out of your mind to cry foul.
Felix didn't encourage a crime, come on, act your age. just because you blindly hate someone doesn't mean you can twist their words without getting called out. i'll be the first to say that he's no saint, but he's way better than the average trash that floats around on the internet.
doing charity fund raisers that are worth donating to, calling out abusive personal and companies, being the genuine face of a massive community he never asked to represent.
Computer Misuse Act 1990
(1)A person is guilty of an offence if—
-(a)he causes a computer to perform any function with intent to secure access to any program or data held in any computer [F1, or to enable any such access to be secured].
-(b)the access he intends to secure [F2, or to enable to be secured,] is unauthorised; and
-(c)he knows at the time when he causes the computer to perform the function that that is the case.
i don't believe using a google program to send out code to any device with the open ports falls under any of these, as the code didn't secure access to any program or data held, and wasn't malicious.
as he wasn't securing access, he doesn't fall foul of these laws.
as the bug had already been reported to google chrome, and they had stated it was user error, supplying the user with the means to fix it is a perfectly acceptable thing to do.
He was found to have done $73k damages. Why? AT&T sent a physical letter to all 114k people, and that was the cost of the postage. Convicted to 41 months in prison.
I may be downvoted to hell and then some, but it's impossible to look beyond those facts before mythologizing him into some sort of hacker hero
He doesn't have to be hero worshipped - his actions in this particular case should stand on their own. His terrible beliefs may only come into it if they are relevant to what actions he performed.
Serving prison time for notifying people of a serious privacy breach doesn't seem to be a balanced approach.
Except his crime wasn't "notifying people of a privacy breach". It was breaching that privacy. There was absolutely no reason whatsoever for him to actually scrape the personal information of 114k people.
Reporting on his "hacker hero antics" without putting it in context of what a personality he really is is, in my book, whitewashing of history and engaging in revisionism.
Whilst I agree with you in part, I also believe that over-emphasising personality traits or behaviours of a person also engages in revisionism.
One should be able to view an event entirely separate from the person, if the person's generalised behaviour isn't relevant.
We don't need to think about the man at all, in my own opinion, in this particular case. Redact his name if you have concerns that the man is unworthy of attention.
Adding complaints of a person to any mention of them is calling for jury and judgement. It's a distraction from what's important. It takes an event that should be discussed and explored, and twists it so you are forced to take sides about the person.
You can use these tactics to derail any conversation. It's a debating tactic commonly used in politics to avoid answering questions.
It might be better in future just to say something along the lines of "Aside: Can we not use his name? The guy is actually a racist, and has a pretty deplorable past."
We don't want to get lost in the debate of a man's merits, when his actions may themselves be meritorious.
They are not relevant for judging whether scrapping data from unprotected 14mil urls should be seen as hack. They are relevant to whether suggestion that he was well intentioned white hat doing public service claims sounds naive or likely. It matters when I have to decide whether I will buy his framing of events and motivations or not. Such claims very much existed and were predominant interpretation of evens in circles I was in.
Edited to add: then you had weev using his bigger fame and sort of new credibility to try to cause further harm to person he harassed somewhere around going to/from prison. So to me, it makes sense for people seen it at the time to jump into these discussions to prevent further rise of credibility.
I think the deal with Weev is that everything he does is both serious and a joke. He does appear to be a nazi but if you try to stitch together his actual person it gets twisted really quickly. He has a personality disorder. I think a lot of people caught in his reality distortion field didn't quite get that playing around with "edgy" troll stuff normalizes things that eat up self and society. I definitely have seen a change in the casual dabbling with it since Charlottesville. While I have some sympathy for people that believed the lie that it's all jokes... I don't think Weev ever thought it was just jokes. He's extremely smart and fucking dangerous. I hope one day he gets a moment to reflect and use his brain for something that isn't being the fentanyl of meme pushers.
EDIT: DO NOT GOOGLE GNAA or GOATSE AT WORK
Probhably most readers are too young to remember this "important" piece of internet lore. Let's just say it was the first, massively not safe for work web site.
Naming his company after that is quite fitting.
Here is a DEFCON talk from a GNAA/lulsec affiliate talking about trolling as an art. I think the talk actually has some interesting things going on when looked at through the lens of what weaponized trolling has produced in the now. At one point someone in the audience asks the presenter to read his "funny" slides and it's a racist "joke" comic. He acts embarrassed and says "I don't believe this stuff." He does break down a few of their trolling tools from their repo that they were pretty proud of at the time. So the curious can scope that out if you don't have to browse to any of their official sites or do a risky google. This was before Facebook so it's mostly IRC tools and general troll culture commentary.
They used the ATT dump, knowing it wasn’t really illegal to get hype to sell their services. I think it worked?
Here's a pretty good piece on him with a reporter who followed him around during the first trial. I think it covers a lot of it.
EDIT: DO NOT GOOGLE GNAA or GOATSE AT WORK. Links should be mostly SFW. Obviously YMMV. It's content made by/about professional offensive assholes.
Sniff. I want my natille portman and grits :'(
I have a mixed racial background and am of Jewish heritage, and could never take offense to what he spews because of the insincerity sensed in his tone and his own supposed Jewish heritage. If anything I just laugh at him because, like Alex Jones and Ann Coulter, he's a performance artist. A Tony Clifton, if you will
That he is neonazi and harassed people quite hard (to the point of seriously affecting their careers and lives) are things that I learned only much later and people still don't like those two being brought up in pretty much any context.
DDOSing has been a scourge. I work in the public sector of Denmark and we see then from time to time, and, you frankly feel rather helpless. I mean, these days we have ways of dealing with them technically, but I don’t think anyone ever expected the culprits to face any sort of consequences. Yet here we are.
More information here: https://www.europol.europa.eu/newsroom/news/authorities-acro...
You wouldn’t steal a car.