Slashdot Mirror

← Back to Stories (view on slashdot.org)

The Hacker Who Found the Secrets of the Next Xbox and PlayStation

Posted by Soulskill on from the uncovering-final-console-generation dept.

An anonymous reader writes "Stephen Totilo at Kotaku has a long article detailing the exploits of an Australian hacker who calls himself SuperDaE. He managed to break into networks at Microsoft, Sony, and Epic Games, from which he retrieved information about the PS4 and next-gen Xbox 'Durango' (which turned out to be correct), and he even secured developer hardware for Durango itself. He uncovered security holes at Epic, but notified the company rather than exploiting them. He claims to have done the same with Microsoft. He hasn't done any damage or facilitated piracy with the access he's had, but simply breaching the security of those companies was enough to get the U.S. FBI to convince Australian authorities to raid his house and confiscate his belongings. In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out. The article describes both SuperDaE's activities and a journalist's efforts to verify his claims."

14 of 214 comments (clear)

  1. Sort of interesting, but... by Frosty+Piss · · Score: 5, Insightful

    In an age where many tech-related 'sources' are just empty claims, a lot of this guy's information has checked out.

    And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"? It was OK because the victims where Microsoft and Sony? Or, shall we see another case of the famous Slashdot Double Standard?

    --
    If you want news from today, you have to come back tomorrow.
    1. Re:Sort of interesting, but... by Mitreya · · Score: 5, Interesting

      And he still broke into other people's networks without permission. But I suppose that's OK here since the private info that he released was of interest to Slashdotters and was "accurate"?

      It may be ok to a degree for the cases where he broke in and then notified the company of a breach (without doing any damage or requesting a payment)
      Companies should be required by law not to pursue anyone who notified them of security holes in good faith. Instead they choose to harass such people, scaring them off and making MY data less secure.

    2. Re:Sort of interesting, but... by Frosty+Piss · · Score: 5, Insightful

      It may be ok to a degree for the cases where he broke in and then notified the company of a breach...

      Hi, I broke into your house and ran may fingers through your dainty underthings and fondled your tooth brush.

      Don't you think you should buy a better lock and maybe an alarm system?

      Don't bother thanking me, it's what I do...

      --
      If you want news from today, you have to come back tomorrow.
    3. Re:Sort of interesting, but... by daremonai · · Score: 4, Funny

      Hi, I broke into your house and ran [my] fingers through your dainty underthings

      Then you've been punished enough already.

    4. Re:Sort of interesting, but... by Runaway1956 · · Score: 4, Insightful

      Less secure than what, exactly?

      Let's use a real world analogy. I have my house locked up tight. My neighbor says that I have cruddy, worthless locks on my door. He proceeds to show me how easy it is to break into my own house. He suggests that I invest in the same type of locks that he uses.

      So, what should I do? Call the law, and have the neighbor locked up for showing me that my security is shit?
      Or, should I purchase and install the locks that he has shown me to be effective?

      In actuality, the neighbor has helped me to be MORE secure, not less secure.

      Derp, derp, derp.

      --
      "Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
    5. Re:Sort of interesting, but... by Luckyo · · Score: 5, Insightful

      Depends. Did he ask for your permission beforehand? If he did and you gave him OK, that's fine.

      If he didn't, he's committing a crime for obvious reasons. Else this would become a perfect excuse to burglars who didn't manage to steal YET. "But I was just showing the residents how weak their lock was!".

    6. Re:Sort of interesting, but... by Ogive17 · · Score: 4, Insightful

      He also told you ahead of time.

      Let's say you came home and your neighbor was sitting on your couch watching tv while drinking one of your beers. Then he says "your locks suck, you should try the ones I use".

      How would you like that?

      Derp, derp, derp.

      --
      "Action without philosophy is a lethal weapon; philosophy without action is worthless."
    7. Re:Sort of interesting, but... by Bert64 · · Score: 4, Insightful

      The closest analogy is the spirit of the law vs the letter of the law...

      Hackers generally obey the letter of the law, that is they are only making a computer do what it was programmed to do. Wether that programming was intentional, or the result of a bug comes down to the spirit in which the program was written.

      A similar scenario is the law... There are many loopholes (ie bugs) in the law which allow people to legally perform acts which were never intended by the people who wrote those laws.

      So why then is it legal for a lawyer to exploit loopholes in the law, but not legal for a hacker to exploit loopholes in program code?

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    8. Re:Sort of interesting, but... by TapeCutter · · Score: 4, Interesting

      Why do they feel the need for a battering ram to serve a warrant on a kid stealing plans for a toy? Why did they take his credit and bank cards and leave him without access to his own accounts? What he did was wrong but it does not warrant a jackboot response from the authorities.

      --
      And did you exchange a walk on part in the war for a lead role in a cage? - Pink Floyd.
    9. Re:Sort of interesting, but... by Max+Littlemore · · Score: 3, Insightful

      That's my concern in this. Seizing his bank access seems punitive to me and he hasn't been found guilty of anything. The alleged offenses don't even seem to warrant that action.

      I really hope his legal team can set some kind of precedent to keep a tighter leash on prosecution agencies.

      --
      I don't therefore I'm not.
  2. Need to nip it in the bud by Anonymous Coward · · Score: 5, Funny

    It starts out like this, a hacker looking for the latest games, then it leads to Global Thermonuclear War.

  3. Chinese Army by the+eric+conspiracy · · Score: 4, Insightful

    Ugh.

    If some surfer dude from Oz can do this imagine what the Chinese Army and the TLAs have gotten into.

    I don't know is this is good or bad, Mutually Assured Destruction can be a good thing, as well as can be the dissemination of information.

    However it sure should give people pause when they put a server online. Or make their bank accounts available on the web.

    It might be a case of not if but when.

  4. Re:No damage? by K.+S.+Kyosuke · · Score: 5, Insightful

    There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.

    There seems to be this common misconception that having to fix a network to remove holes and backdoors is somehow worse than having lived with it for some time without knowing it Not to mention the fact that your second sentence does not substantiate the first, also known as the non sequitur fallacy: not having caused any damage and being under suspicion for having caused some are two completely independent things.

    --
    Ezekiel 23:20
  5. Re:No damage? by Jah-Wren+Ryel · · Score: 4, Insightful

    There seems to be this common misconception that a network can be broken into without causing any damage. Tell that to the IT department that has to re-flash and re-image every damn machine on the network to make sure no backdoors were left behind.

    Those actions and associated costs are not the result of having your network broken into. They are the result of being told your network is vulnerable - even if you have no knowledge that the network was actually broken into.

    --
    When information is power, privacy is freedom.