Slashdot Mirror
The Hacker Who Found the Secrets of the Next Xbox and PlayStation
An anonymous reader writes "Stephen Totilo at Kotaku has a long article detailing the exploits of an Australian hacker who calls himself SuperDaE. He managed to break into networks at Microsoft, Sony, and Epic Games, from which he retrieved information about the PS4 and next-gen Xbox 'Durango' (which turned out to be correct), and he even secured developer hardware for Durango itself. He uncovered security holes at Epic, but notified the company rather than exploiting them. He claims to have done the same with Microsoft. He hasn't done any damage or facilitated piracy with the access he's had, but simply breaching the security of those companies was enough to get the U.S. FBI to convince Australian authorities to raid his house and confiscate his belongings. In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out. The article describes both SuperDaE's activities and a journalist's efforts to verify his claims."
In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out.
And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"? It was OK because the victims where Microsoft and Sony? Or, shall we see another case of the famous Slashdot Double Standard?
If you want news from today, you have to come back tomorrow.
It starts out like this, a hacker looking for the latest games, then it leads to Global Thermonuclear War.
Man, if you're going to get fucked by the authorities anyway, you might as well exploit everything you can to make some money and GTFO.
There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
> he retrieved information about the PS4 and next-gen Xbox 'Durango' (which turned out to be correct)
"Durango" hasn't been revealed yet. How do we know his info is correct?
"simply breaching the security of those companies was enough to get the U.S. FBI to convince Australian authorities to raid his house"
Simply? Yes, simply breaking the law will get you the attention of the police... This must be the first /. post by a 8yr old... (a stupid 8yr old)
Ugh.
If some surfer dude from Oz can do this imagine what the Chinese Army and the TLAs have gotten into.
I don't know is this is good or bad, Mutually Assured Destruction can be a good thing, as well as can be the dissemination of information.
However it sure should give people pause when they put a server online. Or make their bank accounts available on the web.
It might be a case of not if but when.
Kids. KIDS. Don't do stuff like this through an identifiable Internet connection.
I think that obtaining the info on the Xbox and the PS just served as a proof of his feat. He infiltrated the networks of two mega-corps that spend millions on security and employ hundreds of experts using his skills and knowledge. Maybe he didn't even care about the specs of the consoles. He just wanted the kind of information that would prove that he had actually gained access.
The one with the twisted perspective on the subject is you in this case. You completely ignore the black/gray/white-hat categorization and try to make us believe that this guy should be treated like a common criminal. Well, he should not. Depending on the way he gained access, MS and Sony should probably consider hiring him.
So, it's okay for the u.s government and even corporations to spy on our communications(facebook, phone calls, chats), emails, and whatever we upload to the cloud without a court warrant but when somebody does it to a corporation or government it's time for the feudal u.s system to go bat shit crazy on his/her ass. If u.s does not follow the constitution why should we, remember by the people for the people. Hah, who cares it's a feudal system. People just stop hacking it's not worth losing your life over.
Because no one seems to be blaming the companies like usual, no one is blindly angry for no reason and no one seems pissed off. Why? Because he stole information that users here find interesting.
I mean he did the same thing that hackers have done to companies before and you people lined up to spout the same comments and blame the companies for being hacked many many many times but now all the sudden you change your tune simply because he wasnt trying to steal personal information about you. He commited the same crime. Its like saying someone who breaks in your home to steal your wallet is bad, but if he breaks in and steals nothing then youre perfectly fine with it.
You would think that after Geohot showed the way (not!), that people would leave
Sony alone to wither on the vine.
Friends don't let friends buy Sony Products.
Summary: Kid breaks in networks of corporate entities, accesses trade secrets, purchases development hardware using fraudulent information, brags about it on the internet and then cries about being "ruined".
There is nothing "ethical" about any of this kid's shenanigans. He cried about them taking his toys away, and doesn't even realize he's going to pound-me-in-the-ass prison yet.
Moral of the story: Common sense eludes hacker.
Haven't we seen this movie before?
Be a pirate. Exploit every hole ye shall find. Gives nothing back!
Arrrr.
to gather information to 'one-up' your competition or to make yourself look good to your friends then you aren't very good. And in this case, breaking the law by breaking into companies is cheating.
this nation, under God, shall have a new birth of freedom. -- Lincoln, Gettysburg Address
banking fraud can get you time in a FPMITA and he did it on the International level.
"May your wishes come true, and may you live in interesting times."
default passwords + open IP is a big issue and you don't even need to be a be good hack to pull that off.
Slashdot is linking to Kotaku content? Why not just link directly to blogspam (which, frankly, would be better quality than the link-bait drivel on Kotaku)?
at least have whistleblower protection and other stuff like company who use eula's to make you at fault for bugs or even website typo's that let you get pass security with out even trying to hack.
whistleblower protection is needed to cover stuff like what happened to Stephen Heller and others like him.
http://en.wikipedia.org/wiki/Premier_Election_Solutions
infiltrated or used some ones log on and password that maybe been in a other system that did not have millions sent on security
WE make sure that no good deed goes unpunished. no matter where you are in the world, do something good and we will find you and punish you.
Do not look at laser with remaining good eye.
Its don't talk about it.
Guess what the second rule is?
Anyhow this guy has learned that no good deed goes unpunished.
In other less safer times, mistakes would have been easily solved by hiring this guy. And so, knowing not only how to solve the mistakes but also how he hacked their sites.
But, today seems that these companies, not only don't need to solve anything. But are also interested in showing the world who rules. And how we should all obey them...
you are all talking about the network intrusion. in the article, they say he (or his "friends") got at least 2 free development devices that would have cost 7500 each, by entering fake addresses and intercepting the delivery. he also tried to sell these on ebay. the search warrant was related to ebay.
Your computers and other electronic devices can be confiscated without warrants or your "permission" within 100 miles of the U.S. border without cause or suspicion because you have no right to privacy, and the contents of your phone can be examined by a police officer during a traffic stop, but their computers are private and protected by people with guns?
Right. Got it.
In the past, people would never have tolerated this. They'd have risen up against it and the evil bastards who propagated it.
Now, we're just weak little serfs in the new feudalism.
I would argue that he may have done a great deal of damage. Releasing plans for future products can tip off competitors. Information regarding future products can also result in a customer not purchasing what is currently available in anticipation for a future product. Both of these can mean millions of dollars in losses for a company.
Never, ever leak to the companies! They will in incredibly quick order, become rat bastards! Sony, microsoft, pick your company. If you gain access to their system, you are a criminal! If you find a security hole, dig, find out all you can, then report all the stuff, and the security hole, anonymously. If they find out who you are, they will make your life a living hell. If you tell them in confidence about a potential security hole, they will have the cops on speed dial breaking down your door! Its far better to publish as widely and broadly as possible how to break into their site! Only after 100,000 skript-kiddies pave the path should you describe (also anonymously) potential fixes (if you dare). They don't know about 'good guys' and 'bad guys'. To them, you are a bad guy. Your intentions are unimportant. Look at Julian Assange! Look at Bradley Manning! They *all* shoot the messenger. If they have a problem, demonstrate the problem! Remember anonymity is your only friend. They will assume Chinese hackers broke in, especially if you lay some Chinese characters onto the site! The companies have lawyers who are assholes! The companies have bosses who are assholes! They don't like someone from outside telling them problems. Its better to break a companies entire site and bring all their data to utter ruin, rather than tell them about a security vulnerability. Is everyone out there dumb? Look at geohot! Sony made his life shit. Likewise Manning and Assange! How is anonymously breaking a site utterly worse for the hacker when they can go out for pizza and beer later without looking over their shoulder, than being an upright and ethical computing professional with the fucking FBI kicking down your door and threating your life, liberty and pursuit of happiness for doing the right thing? THINK!
WOW !! GREAT !! you hear that h4x0r from around the world !! this will teach you to stay true to your manifesto !! never inform anyone !! stay low do your magic and live/die by your codename !!
Let this be a lesson to you boys and girls. If you discover an exploit, release it to the community covertly and make sure you remain ANONYMOUS.
Remember. Good hackers are known by many.
Great hackers are known by everyone.
But the best hackers, are known by noone.
The kid was dumb to hack these companies in the first place, and even more stupid to openly keep on doing it after companies and authorities were aware of him (not to mention the boasting), but their response here is still pretty overkill; the US in general has a tendency to far too heavily come down on anyone remotely associated with hacking in any form.
Microsoft aught to have offered the guy a job, not sent the FBI after him; good to see Epic were nice enough about it though, sending him off a signed poster as thanks.
You know for sure that there are some very bad neighbours in your neigbourhood that want to break into your house and steal your stuff. You protect yourself with locks. A neigbour breaks into your house and touches your stuff and drinks you beer but doesn't steal anything. He shows you how bad are you locks.
1) You are gonna punish him and in doing so scaring other neighbours from showing you how bad your locks are.
2)You are gonna thank him and secretly swear that he's a bastard, but follow his advice and secure you locks to further prevent break-ins (from "good" or "bad" neighbours).
Do 1.
You're a moron. Youre house will surely be attacked again by bad guys.Wouldn't be nice if you knew your weak spots.
Do 2.
You're a moron because your locks suck. But you're willing to improve them and become less moron.