The Hacker Who Found the Secrets of the Next Xbox and PlayStation

← Back to Stories (view on slashdot.org)

The Hacker Who Found the Secrets of the Next Xbox and PlayStation

Posted by Soulskill on Sunday February 24, 2013 @06:36AM from the uncovering-final-console-generation dept.

An anonymous reader writes "Stephen Totilo at Kotaku has a long article detailing the exploits of an Australian hacker who calls himself SuperDaE. He managed to break into networks at Microsoft, Sony, and Epic Games, from which he retrieved information about the PS4 and next-gen Xbox 'Durango' (which turned out to be correct), and he even secured developer hardware for Durango itself. He uncovered security holes at Epic, but notified the company rather than exploiting them. He claims to have done the same with Microsoft. He hasn't done any damage or facilitated piracy with the access he's had, but simply breaching the security of those companies was enough to get the U.S. FBI to convince Australian authorities to raid his house and confiscate his belongings. In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out. The article describes both SuperDaE's activities and a journalist's efforts to verify his claims."

28 of 214 comments (clear)

Min score:

Reason:

Sort:

Sort of interesting, but... by Frosty+Piss · 2013-02-24 06:36 · Score: 5, Insightful

In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out.
And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"? It was OK because the victims where Microsoft and Sony? Or, shall we see another case of the famous Slashdot Double Standard?

--
If you want news from today, you have to come back tomorrow.
1. Re:Sort of interesting, but... by Mitreya · 2013-02-24 06:44 · Score: 5, Interesting
  
  And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"?
  It may be ok to a degree for the cases where he broke in and then notified the company of a breach (without doing any damage or requesting a payment)
  Companies should be required by law not to pursue anyone who notified them of security holes in good faith. Instead they choose to harass such people, scaring them off and making MY data less secure.
2. Re:Sort of interesting, but... by Frosty+Piss · 2013-02-24 06:53 · Score: 5, Insightful
  
  It may be ok to a degree for the cases where he broke in and then notified the company of a breach...
  Hi, I broke into your house and ran may fingers through your dainty underthings and fondled your tooth brush.
  Don't you think you should buy a better lock and maybe an alarm system?
  Don't bother thanking me, it's what I do...
  
  --
  If you want news from today, you have to come back tomorrow.
3. Re:Sort of interesting, but... by daremonai · 2013-02-24 07:06 · Score: 4, Funny
  
  Hi, I broke into your house and ran [my] fingers through your dainty underthings
  Then you've been punished enough already.
4. Re:Sort of interesting, but... by Anonymous Coward · 2013-02-24 07:24 · Score: 2, Insightful
  
  If I'm in charge of millions of people's credit card information, THANKS! You're better than dealing with hackers who would rather take that credit card information, sell it on the black market and have to deal with legal charges for failure to properly secure financial information!
5. Re:Sort of interesting, but... by Runaway1956 · 2013-02-24 07:40 · Score: 4, Insightful
  
  Less secure than what, exactly?
  Let's use a real world analogy. I have my house locked up tight. My neighbor says that I have cruddy, worthless locks on my door. He proceeds to show me how easy it is to break into my own house. He suggests that I invest in the same type of locks that he uses.
  So, what should I do? Call the law, and have the neighbor locked up for showing me that my security is shit?
  Or, should I purchase and install the locks that he has shown me to be effective?
  In actuality, the neighbor has helped me to be MORE secure, not less secure.
  Derp, derp, derp.
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
6. Re:Sort of interesting, but... by Runaway1956 · 2013-02-24 07:42 · Score: 2
  
  I also revile business information. Revilers Unite!
  
  --
  "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
7. Re:Sort of interesting, but... by Luckyo · 2013-02-24 07:46 · Score: 5, Insightful
  
  Depends. Did he ask for your permission beforehand? If he did and you gave him OK, that's fine.
  If he didn't, he's committing a crime for obvious reasons. Else this would become a perfect excuse to burglars who didn't manage to steal YET. "But I was just showing the residents how weak their lock was!".
8. Re:Sort of interesting, but... by Ogive17 · 2013-02-24 07:54 · Score: 4, Insightful
  
  He also told you ahead of time.
  
  Let's say you came home and your neighbor was sitting on your couch watching tv while drinking one of your beers. Then he says "your locks suck, you should try the ones I use".
  
  How would you like that?
  
  Derp, derp, derp.
  
  --
  "Action without philosophy is a lethal weapon; philosophy without action is worthless."
9. Re:Sort of interesting, but... by Truekaiser · 2013-02-24 08:10 · Score: 2
  
  Actually you got it half right. Right now it's okay for Companies and the government to look into your life and control it in a way he did to them, getting all your private information to make sure you're not a 'terrorist'* or to sell that information to others. It's though a high crime to do it to companies, even if they had the digital equivalent of an in plain sight open and unlocked second story window.
  *exact definition of the word will be determined by the political climate, but will always be scapegoats for real problems.
10. Re:Sort of interesting, but... by Ardyvee · 2013-02-24 08:20 · Score: 2
  
  The real issue here is why we, as a society, couldn't put his skills to good, lawful use. (There is also unlawful good, but I won't go there, since what matters is the lawfulness) He seems like somebody with the skills. Why isn't he working for a security firm? Why isn't he making software more secure through lawful methods?
  To follow the physical lock analogy, instead of him going around your neighborhood checking locks/doors, why wasn't he a locksmith? A locksmith should be able to obtain access through any/most locks. He should also be able to tell the flaws of each lock and help build a more secure lock. Thus, why wasn't this guy working as a security specialist? It seems to me that not only did he fail in finding a good, lawful use to his skills, but we as a society failed to point him to those areas.
  So yes, he's probably going to get a harsh sentence. According to law, he deserves it. Instead of simply saying "it's illegal, so he gets punished", let's go a bit further: how can we turn the next guy like him that seem like a grey hat into a full fledged white hat? There is a reason ethics exist, and we use them.
  
  --
  I don't care if I'm wrong. I only care about everyone obtaining something from the discussion.
11. Re:Sort of interesting, but... by Cassini2 · 2013-02-24 08:35 · Score: 2
  
  Actually, it is like having a house on a busy street with the door standing open, only you don't know it. Would you rather:
  a) Your neighbour pop in, check if you are still alive, and remind you to close the door?
  b) or just wander in and out like everyone else does on the street.
  The problem isn't that people are breaking into your house. It's that people are breaking into your house, sleeping over, and you don't know it.
  Physical property has definite levels of trespass. Walking through an open door is not trespassing in many jurisdictions. Things are way more nebulous on-line. If I can pull data from your webserver without a password, where was the closed door exactly? (People have been charged with pulling open-access data from a webserver, and it really shouldn't have been as easy as knowing which web page to call up.)
12. Re:Sort of interesting, but... by sycodon · 2013-02-24 09:35 · Score: 2
  
  The ends rarely justifies the means.
  And while the world isn't black and white, we have processes that are set up to mitigate that fact.
  Viewing the breaking into a system, and then notifying the owners, as some kind altruistic act is at best misguided and more likely a sorry excuse for illegal behavior.
  
  --
  When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
13. Re:Sort of interesting, but... by Bert64 · 2013-02-24 09:38 · Score: 4, Insightful
  
  The closest analogy is the spirit of the law vs the letter of the law...
  Hackers generally obey the letter of the law, that is they are only making a computer do what it was programmed to do. Wether that programming was intentional, or the result of a bug comes down to the spirit in which the program was written.
  A similar scenario is the law... There are many loopholes (ie bugs) in the law which allow people to legally perform acts which were never intended by the people who wrote those laws.
  So why then is it legal for a lawyer to exploit loopholes in the law, but not legal for a hacker to exploit loopholes in program code?
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
14. Re:Sort of interesting, but... by Bert64 · 2013-02-24 09:49 · Score: 2
  
  The problem in many countries, is that while this guy has skills he may not necessarily have the paperwork to prove his skills.
  As such, companies simply won't hire him, and will never give him the chance to prove what skills he has.
  Also, if he gets convicted he will have a criminal record, which will be yet another reason why companies won't hire him.
  So the end result is that once all the dust settles, his only way of earning a living will be to use his skills for illegal purposes. And if he goes to jail, he will meet all manner of people who can introduce him to organised crime gangs who may want his services.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
15. Re:Sort of interesting, but... by TapeCutter · 2013-02-24 10:42 · Score: 4, Interesting
  
  Why do they feel the need for a battering ram to serve a warrant on a kid stealing plans for a toy? Why did they take his credit and bank cards and leave him without access to his own accounts? What he did was wrong but it does not warrant a jackboot response from the authorities.
  
  --
  And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
16. Re:Sort of interesting, but... by Max+Littlemore · 2013-02-24 10:58 · Score: 3, Insightful
  
  That's my concern in this. Seizing his bank access seems punitive to me and he hasn't been found guilty of anything. The alleged offenses don't even seem to warrant that action.
  I really hope his legal team can set some kind of precedent to keep a tighter leash on prosecution agencies.
  
  --
  I don't therefore I'm not.
17. Re:Sort of interesting, but... by bogie · 2013-02-24 14:24 · Score: 2
  
  "It should be up to the courts to decide whether this deserves just a slap on the wrist. Until that time, it should be treated seriously."
  No, he should be treated innocent UNTIL proven guilty in a court. That mean bail unless he is a flight risk or danger to the public at large. Also it does not mean freezing his bank accounts.
  
  --
  If you wanna get rich, you know that payback is a bitch
18. Re:Sort of interesting, but... by Mashiki · 2013-02-24 14:49 · Score: 2
  
  Why do people cling to the perception that committing a clearly illegal act is somehow/sometimes justified for some reason?
  Short answer? Sometimes a single person committing a single illegal act, and 'saving face' for someone else. Is better in the long run than an issue existing and 300 people using the same breach a few months down the road. There are reasonable expectation in case law at least in my country on such things. Both in things relating to physical property, and to computer crime.
  
  --
  Om, nomnomnom...
19. Re:Sort of interesting, but... by shentino · 2013-02-24 16:55 · Score: 2
  
  Trespassing online is whatever a big corporation with an army of lawyers says it is.
Need to nip it in the bud by Anonymous Coward · 2013-02-24 06:39 · Score: 5, Funny

It starts out like this, a hacker looking for the latest games, then it leads to Global Thermonuclear War.
Chinese Army by the+eric+conspiracy · 2013-02-24 06:52 · Score: 4, Insightful

Ugh.
If some surfer dude from Oz can do this imagine what the Chinese Army and the TLAs have gotten into.
I don't know is this is good or bad, Mutually Assured Destruction can be a good thing, as well as can be the dissemination of information.
However it sure should give people pause when they put a server online. Or make their bank accounts available on the web.
It might be a case of not if but when.
Re:No damage? by K.+S.+Kyosuke · 2013-02-24 07:09 · Score: 5, Insightful

There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
There seems to be this common misconception that having to fix a network to remove holes and backdoors is somehow worse than having lived with it for some time without knowing it Not to mention the fact that your second sentence does not substantiate the first, also known as the non sequitur fallacy: not having caused any damage and being under suspicion for having caused some are two completely independent things.

--
Ezekiel 23:20
Re:No damage? by Jah-Wren+Ryel · 2013-02-24 07:12 · Score: 4, Insightful

There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.
Those actions and associated costs are not the result of having your network broken into. They are the result of being told your network is vulnerable - even if you have no knowledge that the network was actually broken into.

--
When information is power, privacy is freedom.
who cares by Vince6791 · 2013-02-24 07:28 · Score: 2

So, it's okay for the u.s government and even corporations to spy on our communications(facebook, phone calls, chats), emails, and whatever we upload to the cloud without a court warrant but when somebody does it to a corporation or government it's time for the feudal u.s system to go bat shit crazy on his/her ass. If u.s does not follow the constitution why should we, remember by the people for the people. Hah, who cares it's a feudal system. People just stop hacking it's not worth losing your life over.
Really? by Anonymous Coward · 2013-02-24 07:57 · Score: 2, Insightful

Summary: Kid breaks in networks of corporate entities, accesses trade secrets, purchases development hardware using fraudulent information, brags about it on the internet and then cries about being "ruined".
There is nothing "ethical" about any of this kid's shenanigans. He cried about them taking his toys away, and doesn't even realize he's going to pound-me-in-the-ass prison yet.
Moral of the story: Common sense eludes hacker.
Re:No damage? by Namarrgon · 2013-02-24 08:07 · Score: 2

Your front door lock is broken, but you didn't realise it. A passer-by tells you that is broken. Do you blame him for the "damage" to your wallet that comes from fixing it?
Or how about this: You're understandably unhappy that he pushed your door open and poked his head in. He claims he didn't take anything (and given how he volunteered the information about your door, there's no reason to disbelieve him), but are you angry at him that you now feel the need to double-check everything you own, just in case he (or someone else) took something?

--
Why would anyone engrave "Elbereth"?
"He hasn't done any damage" by Memroid · 2013-02-24 14:05 · Score: 2

I would argue that he may have done a great deal of damage. Releasing plans for future products can tip off competitors. Information regarding future products can also result in a customer not purchasing what is currently available in anticipation for a future product. Both of these can mean millions of dollars in losses for a company.