21-Year-Old British Man Arrested In Connection With VTech Hack (ibtimes.co.uk)

← Back to Stories (view on slashdot.org)

21-Year-Old British Man Arrested In Connection With VTech Hack (ibtimes.co.uk)

Posted by timothy on Tuesday December 15, 2015 @02:36AM from the on-a-lark dept.

Ewan Palmer writes: A man has been arrested in connection with the alleged hacking of electronic toy manufacturer VTech which affected millions worldwide. The 21-year-old was arrested in Berkshire, South East England, on suspicion of unauthorized access to computers to facilitate the commission of an offence and suspicion of causing a computer to perform function to secure/enable unauthorized access to a program/data following the data breach in November. From the BBC's coverage of the arrest: In the attack, servers used to support VTech's Learning Lodge app were compromised. ... The Learning Lodge database logged names, email addresses, encrypted passwords, IP (internet protocol) numbers and other personal data. Some of the information was about children including names, dates of birth and gender. No credit card data was stored in the compromised database. Details on customers from all over world, including the US, UK, France and China, were taken. Some of the data is believed to have been posted briefly online before being removed. When details about the extent of the data loss became known security expert Troy Hunt said he had "run out of superlatives to even describe how bad" it was.

23 of 53 comments (clear)

Min score:

Reason:

Sort:

Hope the bastard gets a nice long stretch by Viol8 · 2015-12-15 02:40 · Score: 1

I dread to think what could happen to some of the information about those kids and who might use it to target youngsters if he's sold it. VTech have been criminally negligent here too so one would hope some heads role, but this little turd really deserves the book thrown at him.
1. Re:Hope the bastard gets a nice long stretch by The-Ixian · 2015-12-15 03:05 · Score: 1
  
  The article doesn't really go into what the intent was.
  I don't think that the book should be thrown at somebody for exposing criminally negligent security practices.
  If anything, VTech should be happy the guy was apparently novice enough to leave a clear trail which exposed their security weaknesses.
  
  --
  My eyes reflect the stars and a smile lights up my face.
2. Re:Hope the bastard gets a nice long stretch by Anonymous Coward · 2015-12-15 03:17 · Score: 1
  
  so if I go to your house and smash your window, you wont press charges because I am just exposing your security weaknesses?
3. Re:Hope the bastard gets a nice long stretch by sycodon · 2015-12-15 03:32 · Score: 1
  
  I guess you didn't see the post directly above yours.
  Unbelievable.
  
  --
  When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
4. Re:Hope the bastard gets a nice long stretch by The-Ixian · 2015-12-15 03:49 · Score: 1
  
  I am not saying VTech shouldn't be annoyed with him and even sue him for damages.
  But I don't condone "throwing the book" at him... as in "lock him away and throw away the key"
  In your analogy, I would certainly pursue damages from you, but I would also learn from the incident and perhaps move away or install a better security system.
  
  --
  My eyes reflect the stars and a smile lights up my face.
5. Re: Hope the bastard gets a nice long stretch by tommyjcarpenter · 2015-12-15 03:51 · Score: 1
  
  At least this is one of the few hacks we've seen where the passwords were encrypted... So, not as negligent as say, Sony.
6. Re:Hope the bastard gets a nice long stretch by Anonymous Coward · 2015-12-15 03:51 · Score: 1
  
  Calm down buddy. The "compromised" information is all freely available with services such as intelius anyway. This honestly isn't a big deal....
7. Re:Hope the bastard gets a nice long stretch by The-Ixian · 2015-12-15 03:53 · Score: 1
  
  What? The "Reeeeesearcher" post?
  What is that supposed to mean? Is he a researcher? It doesn't state that in TFA.
  
  --
  My eyes reflect the stars and a smile lights up my face.
8. Re:Hope the bastard gets a nice long stretch by Lumpy · 2015-12-15 03:59 · Score: 1
  
  The rich never pay for their crimes.
  
  --
  Do not look at laser with remaining good eye.
9. Re:Hope the bastard gets a nice long stretch by dotancohen · 2015-12-15 04:44 · Score: 4, Insightful
  
  I dread to think what could happen to some of the information about those kids and who might use it to target youngsters if he's sold it. VTech have been criminally negligent here too so one would hope some heads role, but this little turd really deserves the book thrown at him.
  My daughter just this week received a VTech tablet as a gift. We could not connect it to the network due to this hack, and it took me a few minutes to put one and one together to realize that _this_toy_ was the one whose network was hacked. Of course, I had just warned her a few minutes beforehand about entering personal information into the device.
  
  As a parent of a child with this tablet, I am _happy_ that this guy broke in. The VTech company is completely negligent, and I'm furious that they would not encrypt the communications and have such egregious flaws. I'm a software developer and I know that all software has bugs, but this isn't a bug. This was a choice by VTech to use unencrypted communications and to not use best practices in their DB communications (prepared queries). If this Brit hadn't broken in, somebody with worse intentions would have.
  
  I don't personally verify that my bank has good locks, and I don't personally verify that my health care provider's employees have each received proper certification. I have to trust many entities in my life, VTech was one, but when the bank doesn't even bother to lock the safe, or the health care provider slaps a Dr badge on anybody with a white coat, then we have justified reason to be angry not with those who opened the safe but rather with those who left it unguarded.
  
  --
  It is dangerous to be right when the government is wrong.
10. Re:Hope the bastard gets a nice long stretch by GuB-42 · 2015-12-15 04:51 · Score: 2
  
  I dread to think what could happen to some of the information about those kids and who might use it to target youngsters if he's sold it.
  Like what? Targeted advertising?
  If you are thinking about things like child rape, I don't know what a criminal could do with this data that he couldn't do much more effectively by logging into Facebook or just hanging around your local school. Some retarded parents just love to put all details about their kids life online, which has the effect of boring to death everyone except people you absolutely don't want to be interested.
  Anyways, child abuse online is a vastly overblown problem, used by governments to justify intrusive measures. In reality, the worst offenders are parents, followed by familiar people (family, friends, nannies, teachers, caretakers, ...).
11. Re:Hope the bastard gets a nice long stretch by tehcyder · 2015-12-16 02:31 · Score: 1
  
  I don't think that the book should be thrown at somebody for exposing criminally negligent security practices.
  You would not need to release the information you obtained on to the internet to demonstrate this.
  
  --
  To have a right to do a thing is not at all the same as to be right in doing it
Ohmygod! The world is falling apart! by Anonymous Coward · 2015-12-15 02:45 · Score: 5, Insightful

Am I alone in this uneasy feeling about so-called security pundits putting their breathlessness on display over some stupid, embarrasing and perhaps sometimes obnoxious hoaxes -- but far from "tragic", "catastrophic" or whatever superlatives?
C'mon. Tragic is that there are still people starving out there. Catastrophic is what's going on in Syria at the moment while the "developed countries" is quabbling in their disgusting powerplay over whatever.
But some compromised servers? Cool down, folks.
1. Re:Ohmygod! The world is falling apart! by DNS-and-BIND · 2015-12-15 03:51 · Score: 1
  
  Well, that's modern journalism for you. They are more interested in promoting a viewpoint and reciting a narrative than reporting the facts. Just watch some old BBC from 70s/80s on youtube...it's just a clipped glass accent telling you what happened, when, and to whom. A far cry from today.
  
  --
  Shutting down free speech with violence isn't fighting fascism. It IS fascism!
Squeeze him by Anonymous Coward · 2015-12-15 02:46 · Score: 1

He'll rat out on all of his "anonymous" accomplices. Those cowardly nerds always do.
1. Re:Squeeze him by Galactic+Dominator · 2015-12-15 02:50 · Score: 1
  
  Who are your accomplices then?
  
  --
  brandelf -t FreeBSD /brain
Superlatives by Rik+Sweeney · 2015-12-15 02:56 · Score: 1

When details about the extent of the data loss became known security expert Troy Hunt said he had "run out of superlatives to even describe how bad" it was.
He should have invented a new word, such as badest.
"The breach was the badest I've ever seen."

--
Summation 2
1. Re:Superlatives by wardrich86 · 2015-12-15 08:01 · Score: 2
  
  When details about the extent of the data loss became known security expert Troy Hunt said he had "run out of superlatives to even describe how bad" it was. He should have invented a new word, such as badest. "The breach was the badest I've ever seen."
  "The breach was the 9/11est I've ever seen. It was like 9/11 times one million."
Re:UK doesn't seem to care about ACTUAL Child Rape by Viol8 · 2015-12-15 03:29 · Score: 1

The police go for the low hanging fruit and make a big song and dance about it.
Arrested for... by CimmerianX · 2015-12-15 04:02 · Score: 2

... embarrassing a large corporation by showing how easy it was to bypass security and releasing the proof to the media.
We can't have large corporations' money flows placed at risk now.....
... about children ... by future+assassin · 2015-12-15 04:05 · Score: 3, Insightful

that right there requires a full scale assault on the perpetrators and 100 years of jail time. Think of the children, said the person who required the kids names be in the db and the parents who wilfully gave that info out to access a toy.

--
by TheSpoom (715771) Uncaring Linux user here. I have nothing to add to this but please continue. *munches popcorn*
Re:Police breaking laws by Hognoxious · 2015-12-15 07:38 · Score: 1

So how exactly do they know the web history of teens?
From reading posts like "dudez check out www.haxor.ro/sickit2theman.vba" on the twitbooks.

--
Confucius say, "Find worm in apple - bad. Find half a worm - worse."
Re:UK doesn't seem to care about ACTUAL Child Rape by tehcyder · 2015-12-16 02:48 · Score: 1

Although the Rotherham case does not cast a great light on anyone involved, the fact is that the men responsible were eventually prosecuted.
The real scandal was not the fact that a group of paedophiles had brown instead of white skin, it was that the social services allowed it to happen because they didn't want to interfere with the "human rights" of twelve year olds to have sex.

--
To have a right to do a thing is not at all the same as to be right in doing it