Slashdot Mirror
Hilton Hacker Gets 11 Months
B747SP writes "Well, the guy who 'acquired' the contents of Paris Hilton's Sidekick telephone and published them on the Internet has had his day in court. T-Mobile USA and the State of Massachusetts are pleased to report that he has been sentenced to 11 months in a juvenile facility. He's also not allowed to own or use a computer, a cellphone, or any other device that can access the Internet for two years. It turns out that the Hilton hack was just one of many Bad Things(tm) that he had been up to: calling in bomb threats to schools, creating T-Mobile accounts for himself and his friends, breaking in to data broker LexisNexis' systems are just a few of his exploits."
See you guys in 2 years!
N/T
Writers imply. Readers infer.
Paris should get 11 years for her acting ability and general ability to annoy people.
I wonder if the job offers have already started, or if the security companies are waiting until this particular piece of human trash gets out of jail.
All that and he only got 11 months? While there's a guy in California doing life for stealing a candy bar?
Also, the blurb failed to mention that this nice young fellow wasn't acting alone (see the Register's coverage from this morning)
Can he stay at a hilton?
Almost every Harvard student was High School Valedictorian- After a year of college, half are in the bottom of the class
More to do with all those bomb-threats me thinks =)
Or did I completely miss the story about the kid getting busted for this?
Hmmm.
Maybe during his probation period he should be required to listen to Paris Hilton's commentaries on current events, nonstop.
Have you read my blog lately?
Maybe T-mobile will get their act together now and fix all the problems. Who knows.
From TFA:
:)
In June, a second phone company became a victim to the juvenile's attack, according to the U.S. Attorney's statement. A phone that had been activated fraudulently was disabled, and the teen retaliated with a denial-of-service attack on the company's Web site when it refused to reactivate the phone.
Im not trying to troll, but what kind of professional website gets harmed by a DOS attack anymore. Slashdot alone should make webmasters think twice before putting up a service with a server that cant handle DOS attacks.
+1 funny, -2 overrated. Life isn't fair.
The numbers included those of rapper Eminem, actor Vin Diesel, singers Christina Aguilera and Ashlee Simpson, and tennis players Andy Roddick and Anna Kournikova.
I count at least 4 mistakes in this one sentence alone!
We present your leader. All bow to the alpha kiddie.
Read the only personal Runyon page out there.
I can't for the life of me figure out why stuff like this keeps getting stuck in the YRO section. As far as I can tell, the only person whose rights were in any danger was Paris Hilton - granted, her privacy is largely a theoretical concept these days, but nevertheless, what possible bearing does this kind of thing have on my rights online?
ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
An explanation of how Paris Hilton's Sidekick was hacked can be found here. A pretty interesting read.
//J
It's a deterrent in that if he gets caught, he's in violation of the court order which could get his ass thrown back in jail.
its being a good con artist! So what, this guy was able to sound like paris hilton, and she picked a stupid 'password reminder' that he used to get the real info from a phone jockey at T-mobile. Calling this kid a hacker is JUST WRONG.
time is a perception of a being's consciousness
time is your 6th sense, the wierd ones are 7+
He hacked illegally, and now he's paying the price. I say he got what he deserved. Too bad the kid's a juvie. I'd like to have seen him go to a real prison.
As I walk through the valley of death I fear no one, for I am the meanest sonova bitch in the valley!
He most certainly was not Mitnicked, that would require 4 years of imprisonment without a trial. It would require overzealous prosecution by the state and the media. This kid got a speedy trial, not imprisonment without a trial, and a relatively light sentence considering the scope of his crimes.
The rock, the vulture, and the chain
Congratulations! You just earned yourself a high paying security job with the United States government. We are all very impressed with your unusual interview. See you in two years.
Finance tutorials and more! Understandfinance
Some kid guessed her password reminder and we're calling him a hacker? Even "cracker" would be too good for this feat of leetness.
Not sure I'd even deign to call him a script-kiddie.
Argh.
Oh man. You condemn hedonism as immoral and then condone another sort of bad behavior, all in the same breath. Way to go, Socrates.
"OH SHIT, THERE'S A HORSE IN THE HOSPITAL!"
Hacking Paris Hilton's box would seem to be its own punishment. One is sure to contract a virus.
-Peter
I think 11 months is a reasonable sentence for the first offense of someone who committed a serious crime, but not a violent one.
Avoid Missing Ball for High Score
Amen.
I personally have a problem with both the "hacker" and Paris. The guy did something illegal, and now he's going to jail for it. Good.
Paris, who may enjoy sex and is perfectly normal, really does use it for attention. It seems to be her only saving grace, and I bet she wouldn't be on TV otherwise. People who parade their sexual conduct in public for everyone to see are just degrading themselves.
breaking in to data broker LexisNexis' systems
Now, I realize that no interconnected computer system can be 100% secure, but shouldn't a place like LexisNexis be able to keep kids like this out? Was he really that good, or are they just really lousy at computer security?
You don't use science to show that you're right, you use science to become right.
"Computer hacking is not fun and games. Hackers cause real harm to real victims," U.S Attorney Michael Sullivan said in the statement. "Would-be hackers...should be put on notice that such criminal activity will not be tolerated." ....or not. i mean i know the companies are blameless for having a really obvious security hole up, but these kids should be put to death if they are the ones to find it and just mess around, instead of someone doing it and causing REAL harm
You're right, but you also forgot to mention that Paris Hilton isn't nearly as vain as Tsutomu "Takedown" Shimomura.
Enough on this kid (who commited a crime and got what was deserved), let's talk about those annoying 'secret questions'. I've lost count of the number web sites that require you to answer one of these and don't even let you choose a decent question. Not just insignificant sites, like random forums, but important sites that pretain to things that matter in real life, like my college records or credit card information.
I'm not a celebrity like Paris Hilton, but it is not hard at all to find out what my mom's maiden name is, or the names of my pets, or where I went to high school. At least give me the option to choose my own question, or better yet, not use the question at all.
At this point, who hasn't "hacked" Paris Hilton? Oh, wait, I see, this is about her phone. Well at least with the phone you can put a lock in it to prevent its use; can't really say the same for her.
"Look Lois, the two symbols of the Republican Party: an elephant, and a fat white guy who is threatened by change."
His life is so devoid of meaning that he hacked the handheld of some rich strumpet that everybody now knows isn't even a good lay. Isn't that punishment enough?
So, what I want to know is, what punitive measures were taken against T-mobile for having such poor security processes that a teenager could pull this off for so long without being stopped?
It is easy to send one kid, who probably couldn't afford more than a public defender, to jail. But what does it do to fix the problem? There are thousands more kids who could do the same thing, there are probably tens of professionals who are doing it right now and are smart enough to say under the radar.
Other than the fact that T-mobile has the big gun lawyers, big gun lobbyists and big gun 'campaign contributions' - why haven't they been prosecuted for negligence?
Great. He's being sent to jail.
How is that supposed to set him straight?
Did he do it because he hadn't spent enough time incarcerated?
Really, does jailing non-violent criminals like this kid help anything?
It costs taxpayers money, and him time.
If he were fined, put under supervision, and required to do serious charity work, it'd do everybody a little better.
Seriously, let's reserve jail for those who need to separated from the rest of society for everyone's good.
I really don't see a kid who hacked a cellphone
falling into that category.
Too bad nobody makes that response to the +5 funny prison rape comments.
And of course Mitnick waiving his right to a speedy trial and his defense team requesting delays during the trial had NOTHING to do with why it took so long, right?
A person who uses sex to get attention also isn't happy.
Unless the attention they want is sexual. After all, my Wife uses sex to get my attention from time to time, and she seems quite happy when I'm done.
Request a Linux Shockwave player here: http://www.macromedia.com/support/email/wishform/
Sure Mitnick got a trial, when he was arrested he was already a parole violator, so he went straight back to jail to complete his sentence. He could have got a quicker trial but his attorney was negotiating a plea bargain - he eventually pled guilty.
Mitnick was adept at social engineering, he appears to have socialy engineered you into thinking that he was somehow hard done by. He got the five year sentence for his sxith conviction, not his first (three of his convictions were as a juvenile).
If you can't do the time, don't do the crime.
Looking for an Information Security student project suggestion?
Try http://dotcrimeManifesto.com/
I have first hand experience with this particular individual. I wanted to reply to every post I've read on this page and address each point individually. However, there are too many points to address and too many of my own to add.
My Experiences
My first experience with this kid was three years ago. I am a consultant for the school department in which he was attending high school.
One afternoon I got wind of a report that a couple of computers were "operating themselves." Of course, they were not, they were being controlled by VNC. We took the computers out of the library, found the backdoor, and analyzed all the files. We were also able to identify the backdoor that was installed, as well as the many utilities that were downloaded from a file-serving website he had setup.
Many of the files contained portions or the entirety of a first name. The website the files were downloaded from contained the same first name.
The backdoor was installed on the premesis. It was installed before the start of school. The utilities were downloaded during school hours.
We did a first name search in the SIS system, we found five or so individuals with the same first name. None were enrolled in a class that had a computer in the classroom. We then did an attendence search on those individuals. Only one was absent the date the utilities were downloaded. We had our guy, we were confident, but the evidence was circumstantial.
We decided to put the compromised (Windows 98) systems back on the network under surveillance, or specifically tethereal. The systems immediately connected to irc.mircx.com and joined a channel with the first name, again.
For a few days nothing happened. No activity, other than the PING/PONG of IRC. That weekend, however, he bit. He bit hard, too. He searched the names and phone numbers of guidance counsellors, secretaries, and other school personnelle. He obviously conducted some rather trivial social engineering. He was able to gain access to the SIS system, which runs on OpenVMS.
We tracked his every move, I laughed and laughed as he struggled with VMS. Time after time he would break the telnet connection because he was stuck in EDT, or because he confounded the DEC Basic application. He queried himself multiple times, tried to change information about his enemies, I assumed, and made unsuccessful attempts to change his own grades.
The administration didn't buy it. He cried foul, denied any knowledge of computers, claimed he was botted, claimed hackers were out to get him. They didn't pursue the issue, but we 'secured' the network. We dropped all IRC traffic and all VNC traffic. The next day we were subjected to a crippling DDOS, and a bomb threat was called into the school. We couldn't prove it was related and got no support from above.
A few months later, he was cought red handed trying to break into an attendance-entry web interface, by a librarian. He was suspended and removed from computer classes. Case closed, at least from our perspective. A few more days of DDOSes, but that ended quickly.
The next school year, bizarre things started happening again. The High School's network was secured, but the middle schools were not locked down as well. Again, the SIS system was being accessed after hours from backdoored systems. Again, social engineering had taken place. We locked down that building, but the accesses were still happening. It was determined that an unsecured WAP had been installed on site and he was sitting outside the building accessing the network. (Sometimes I wonder why they pay me when they do things like that despite my objections).
Of course, we had even less evidence this time to point to him but it was obviously him. The IRC backdoors were the same, the names were the same, the passwords were the same, but the administration still refused to act. We secured that network and the after hours accesses stopped, but unusual activities continued to arouse suspicions.
U
The List of Grievances with Slashdot.
I saw this on the Fox 11 morning news, and there were 3 things to note:
1. One woman said "He was hacking into the internet..."
2. One 50 year old anchor guy said "This is not a cool dude", even more rofles.
3. Their file footage of Paris Hilton was of her in a float of a car in a parade waving to people. Why the fuck was she in a parade and why were people happy to see her?!
I've been sentenced for a D.U.I. offense. My 3rd one. When I first came to prison, I had no idea what to expect. Certainly none of this. I'm a tall white male, who unfortunately has a small amount of feminine characteristics. And very shy. These characteristics have got me raped so many times I have no more feelings physically. I have been raped by up to 5 black men and two white men at a time. I've had knifes at my head and throat. I had fought and been beat so hard that I didn't ever think I'd see straight again. One time when I refused to enter a cell, I was brutally attacked by staff and taken to segragation though I had only wanted to prevent the same and worse by not locking up with my cell mate. There is no supervision after lockdown. I was given a conduct report. I explained to the hearing officer what the issue was. He told me that off the record, He suggests I find a man I would/could willingly have sex with to prevent these things from happening. I've requested protective custody only to be denied. It is not available here. He also said there was no where to run to, and it would be best for me to accept things . . . . I probably have AIDS now. I have great difficulty raising food to my mouth from shaking after nightmares or thinking to hard on all this . . . . I've laid down without physical fight to be sodomized. To prevent so much damage in struggles, ripping and tearing. Though in not fighting, it caused my heart and spirit to be raped as well. Something I don't know if I'll ever forgive myself for. ...and I'll keep posting this story every time slashdot advocates rape and moderators mod it up.
-A letter to Human Rights Watch