Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hilton Hacker Gets 11 Months

Posted by Zonk on from the shades-of-dade-murphy dept.

B747SP writes "Well, the guy who 'acquired' the contents of Paris Hilton's Sidekick telephone and published them on the Internet has had his day in court. T-Mobile USA and the State of Massachusetts are pleased to report that he has been sentenced to 11 months in a juvenile facility. He's also not allowed to own or use a computer, a cellphone, or any other device that can access the Internet for two years. It turns out that the Hilton hack was just one of many Bad Things(tm) that he had been up to: calling in bomb threats to schools, creating T-Mobile accounts for himself and his friends, breaking in to data broker LexisNexis' systems are just a few of his exploits."

16 of 390 comments (clear)

  1. Last post! by Anonymous Coward · · Score: 5, Funny

    See you guys in 2 years!

  2. What about her crimes???? by NerdBuster · · Score: 5, Funny

    Paris should get 11 years for her acting ability and general ability to annoy people.

  3. Maybe t-mobile will learn. by crazygeek02 · · Score: 5, Insightful

    Maybe T-mobile will get their act together now and fix all the problems. Who knows.

  4. DOS? by cached · · Score: 5, Insightful

    From TFA:

    In June, a second phone company became a victim to the juvenile's attack, according to the U.S. Attorney's statement. A phone that had been activated fraudulently was disabled, and the teen retaliated with a denial-of-service attack on the company's Web site when it refused to reactivate the phone.

    Im not trying to troll, but what kind of professional website gets harmed by a DOS attack anymore. Slashdot alone should make webmasters think twice before putting up a service with a server that cant handle DOS attacks. :)

    --
    +1 funny, -2 overrated. Life isn't fair.
  5. Many mistakes in article by Anonymous Coward · · Score: 5, Funny

    The numbers included those of rapper Eminem, actor Vin Diesel, singers Christina Aguilera and Ashlee Simpson, and tennis players Andy Roddick and Anna Kournikova.

    I count at least 4 mistakes in this one sentence alone!

  6. How Hilton Was Hacked by airherbe · · Score: 5, Informative


    An explanation of how Paris Hilton's Sidekick was hacked can be found here. A pretty interesting read.

    //J

  7. Re:Cue the apologists by Shakrai · · Score: 5, Funny

    Maybe during his probation period he should be required to listen to Paris Hilton's commentaries on current events, nonstop.

    Amendment VIII

    Excessive bail shall not be required, nor excessive fines imposed, nor cruel and unusual punishments inflicted.
    --
    I want peace on earth and goodwill toward man.
    We are the United States Government! We don't do that sort of thing.
  8. 'Social engineering' is not hacking! by Prophetic_Truth · · Score: 5, Insightful

    its being a good con artist! So what, this guy was able to sound like paris hilton, and she picked a stupid 'password reminder' that he used to get the real info from a phone jockey at T-mobile. Calling this kid a hacker is JUST WRONG.

    --
    time is a perception of a being's consciousness
    time is your 6th sense, the wierd ones are 7+
    1. Re:'Social engineering' is not hacking! by Burning1 · · Score: 5, Insightful

      What are you talking about? Social engineering is the greatest tool in a hackers leatherman. What this kid did was not a difficult, and he probably doesn't deserve the term "hacker." However, what he did is certainly a valid hack.

  9. "Hacker"? by HugePedlar · · Score: 5, Insightful

    Some kid guessed her password reminder and we're calling him a hacker? Even "cracker" would be too good for this feat of leetness.

    Not sure I'd even deign to call him a script-kiddie.

    --
    Argh.
  10. Re:Hmm by Titusdot+Groan · · Score: 5, Interesting
    the SEC doesn't hire fraudsters

    Actually they do. The famous example was Joe Kennedy who headed the SEC when it was first created. Roosevelt said it "took a thief to catch a thief." He basically outlawed every dirty trick he used to become rich himself.

  11. Re:YRO? by general_re · · Score: 5, Funny

    It's true - those bastards at the Enquirer never come around any more, since I stopped having drug-fueled weekend-long threesomes with Jennifer Aniston and Gwyneth Paltrow. sniff

    --
    ABSURDITY, n.: A statement or belief manifestly inconsistent with one's own opinion.
  12. Re:Honestly by dabigpaybackski · · Score: 5, Funny
    I admire him. Anything bad that happens to that filthy whore the better. I'm not one to encourage the moral degredation of society.

    Oh man. You condemn hedonism as immoral and then condone another sort of bad behavior, all in the same breath. Way to go, Socrates.

    --
    "OH SHIT, THERE'S A HORSE IN THE HOSPITAL!"
  13. "Hacking" by pete-classic · · Score: 5, Funny

    Hacking Paris Hilton's box would seem to be its own punishment. One is sure to contract a virus.

    -Peter

  14. Re:To coin a phrase... by nomadic · · Score: 5, Insightful

    And of course Mitnick waiving his right to a speedy trial and his defense team requesting delays during the trial had NOTHING to do with why it took so long, right?

  15. First Hand Experience by 1nt3lx · · Score: 5, Interesting

    I have first hand experience with this particular individual. I wanted to reply to every post I've read on this page and address each point individually. However, there are too many points to address and too many of my own to add.

    My Experiences
    My first experience with this kid was three years ago. I am a consultant for the school department in which he was attending high school.

    One afternoon I got wind of a report that a couple of computers were "operating themselves." Of course, they were not, they were being controlled by VNC. We took the computers out of the library, found the backdoor, and analyzed all the files. We were also able to identify the backdoor that was installed, as well as the many utilities that were downloaded from a file-serving website he had setup.

    Many of the files contained portions or the entirety of a first name. The website the files were downloaded from contained the same first name.

    The backdoor was installed on the premesis. It was installed before the start of school. The utilities were downloaded during school hours.

    We did a first name search in the SIS system, we found five or so individuals with the same first name. None were enrolled in a class that had a computer in the classroom. We then did an attendence search on those individuals. Only one was absent the date the utilities were downloaded. We had our guy, we were confident, but the evidence was circumstantial.

    We decided to put the compromised (Windows 98) systems back on the network under surveillance, or specifically tethereal. The systems immediately connected to irc.mircx.com and joined a channel with the first name, again.

    For a few days nothing happened. No activity, other than the PING/PONG of IRC. That weekend, however, he bit. He bit hard, too. He searched the names and phone numbers of guidance counsellors, secretaries, and other school personnelle. He obviously conducted some rather trivial social engineering. He was able to gain access to the SIS system, which runs on OpenVMS.

    We tracked his every move, I laughed and laughed as he struggled with VMS. Time after time he would break the telnet connection because he was stuck in EDT, or because he confounded the DEC Basic application. He queried himself multiple times, tried to change information about his enemies, I assumed, and made unsuccessful attempts to change his own grades.

    The administration didn't buy it. He cried foul, denied any knowledge of computers, claimed he was botted, claimed hackers were out to get him. They didn't pursue the issue, but we 'secured' the network. We dropped all IRC traffic and all VNC traffic. The next day we were subjected to a crippling DDOS, and a bomb threat was called into the school. We couldn't prove it was related and got no support from above.

    A few months later, he was cought red handed trying to break into an attendance-entry web interface, by a librarian. He was suspended and removed from computer classes. Case closed, at least from our perspective. A few more days of DDOSes, but that ended quickly.

    The next school year, bizarre things started happening again. The High School's network was secured, but the middle schools were not locked down as well. Again, the SIS system was being accessed after hours from backdoored systems. Again, social engineering had taken place. We locked down that building, but the accesses were still happening. It was determined that an unsecured WAP had been installed on site and he was sitting outside the building accessing the network. (Sometimes I wonder why they pay me when they do things like that despite my objections).

    Of course, we had even less evidence this time to point to him but it was obviously him. The IRC backdoors were the same, the names were the same, the passwords were the same, but the administration still refused to act. We secured that network and the after hours accesses stopped, but unusual activities continued to arouse suspicions.

    U

    --
    The List of Grievances with Slashdot.