Slashdot Mirror
Security Researcher Pleads Guilty To Hacking Into Microsoft and Nintendo (theverge.com)
24-year-old security researcher Zammis Clark pleaded guilty today to hacking into Microsoft and Nintendo servers and stealing confidential information. Clark, known online as Slipstream or Raylee, "was charged on multiple counts of computer misuse offenses in a London Crown Court on Thursday, and pleaded guilty to hacking into Microsoft and Nintendo networks," reports The Verge. From the report: Prosecutors revealed that Clark had gained access to a Microsoft server on January 24th, 2017 using an internal username and password, and then uploaded a web shell to remotely access Microsoft's network freely for at least three weeks. Clark then uploaded multiple shells which allowed him to search through Microsoft's network, upload files, and download data. In total, around 43,000 files were stolen after Clark targeted Microsoft's internal Windows flighting servers. These servers contain confidential copies of pre-release versions of Windows, and are used to distribute early beta code to developers working on Windows. Clark targeted unique build numbers to gain information on pre-release versions of Windows in around 7,500 searches for unreleased products, codenames, and build numbers.
Clark then shared access to Microsoft's servers through an Internet Relay Chat (IRC) server chatroom, allowing other individuals to access and steal confidential information. Prosecutors say other hackers from France, Germany, the United Arab Emirates, and other countries were then able to access Microsoft's servers. Police found the stolen files on Clark's home computer after a joint investigation involving Microsoft's cyber team, the FBI, EUROPOL, and the NCA's National Cyber Crime Unit (NCCU). [...] The Microsoft intrusion ended when Clark uploaded malware onto Microsoft's network, and he was subsequently arrested in June, 2017. Clark was then bailed without any restrictions on his computer use, and went on to hack into Nintendo's internal network in March last year. Clark gained access through Virtual Private Networks (VPNs) and used similar software to hack into Nintendo's highly confidential game development servers. These servers store development code for unreleased games, and Clark was able to steal 2,365 usernames and passwords until Nintendo eventually discovered the breach in May 2018. Nintendo estimates the cost of damages between $913,000 and $1.8 million, and Microsoft previously provided the court with a vague estimate of around $2 million in damages. 26-year-old Thomas Hounsell, known in the Windows community for running the now discontinued BuildFeed website, appeared alongside Clark in court on Thursday for using Clark's Microsoft server breach to conduct more than 1,000 searches for products, codenames, and build numbers over a 17-day period, the report adds.
Clark then shared access to Microsoft's servers through an Internet Relay Chat (IRC) server chatroom, allowing other individuals to access and steal confidential information. Prosecutors say other hackers from France, Germany, the United Arab Emirates, and other countries were then able to access Microsoft's servers. Police found the stolen files on Clark's home computer after a joint investigation involving Microsoft's cyber team, the FBI, EUROPOL, and the NCA's National Cyber Crime Unit (NCCU). [...] The Microsoft intrusion ended when Clark uploaded malware onto Microsoft's network, and he was subsequently arrested in June, 2017. Clark was then bailed without any restrictions on his computer use, and went on to hack into Nintendo's internal network in March last year. Clark gained access through Virtual Private Networks (VPNs) and used similar software to hack into Nintendo's highly confidential game development servers. These servers store development code for unreleased games, and Clark was able to steal 2,365 usernames and passwords until Nintendo eventually discovered the breach in May 2018. Nintendo estimates the cost of damages between $913,000 and $1.8 million, and Microsoft previously provided the court with a vague estimate of around $2 million in damages. 26-year-old Thomas Hounsell, known in the Windows community for running the now discontinued BuildFeed website, appeared alongside Clark in court on Thursday for using Clark's Microsoft server breach to conduct more than 1,000 searches for products, codenames, and build numbers over a 17-day period, the report adds.
...is calling him a "security researcher".
They are all just hackers up to no good.
The guy hacked into Microsoft's network, and enjoyed access for more than five months, including sharing logon credentials with the hacker community, and Microsoft only seemed to find out after he uploaded malware to their network?
to github, signed as coming from Microsoft as part of their new 'open source corporate strategy' :)
If he'd done that and kept from getting caught, it all could've ended well for him and everyone else.
Why would someone start a website with build strings? What would you use it for?
He clearly failed the subject of "Ethical Hacking" and should go to prison in order to complete his remedial learning. With that said, I'm a bit curious to know what certifications he obtained to be recognized as a "security researcher".
..
whats up with that? microsoft paid someone 2 million to look into the hack? or nintendo got someone on their payroll and paid 2 million in actual bills to someone to look at the logs?
UNFUCKING LIKELY.
it's just made up.
world was created 5 seconds before this post as it is.
I find it humorous that there are actually people out there that think its OK when the government breaks into other peoples computers, but takes a moral stance its not OK when others do it.
I have little concern for this particular individual, given his own lack of self preservation, but the government is doing no one a favor by persecuting people like this. Government can't solve 'hacking'. I have sympathy for those who take measures to secure there own systems and those who protect themselves from the abuse that is government via whatever means are at there disposal. A real 'hacker' has no excuse for leaving behind evidence on his own computer. Short of a no knock raid with a live forensic investigation anyway.
Nothing was "stolen". Data was copied. "Stolen" has a very specific meaning and that means to "take something without permission and with the intent to deprive the owner the use of the thing taken." Unless the files were copied and then deleted, they were not stolen -- the original was merely copied.
"Hacker" is even less informative, seeing the things that get called "hacks" and what actions get called "hacking". Neither is warranted, IMO, but what can you expect from idiot editors? Yes, not just the slashdot ones either.
This guy demonstrated issues wirh MS [lack of] security
and they cried uncle.
Do you support free security research, or Microsoft?
Note: if you're not part of the security community please put "idiod" in your response subject so as not to bias valid results.
E
WTF? how is this guy in anyway a "security researcher", he was nothing of the fucking sort, he was a straight up hacker/thief.
WTF? how is this guy in anyway a "security researcher", he was nothing of the fucking sort, he was a straight up hacker/thief.
Bonus point for having used "Hacker": the previous word that used to mean something else but was eventually cooped into meaning the malicious attacker that apparently called "security researcher" nowadays by the press.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
If it wasn't for those pesky kids.
Kids he shared the access with on the internet in a large scale.
Why do kids these days feel the need to publicly confess to their crimes in celebration?
"I'm a humble person really,
I'm actually much greater than I think I am"
... around the same point they soured the term 'hacker' with the mass media and public.
Just imagine if this happened to GNU+=Linux!
Dude deserves what he got if he was stupid enough to leave stolen data on his home computer, unencrypted. Also, how did they know to even search his house? He obviously failed to use tor/socks/tunnels/etc. Sounds like a huge noob to me. He probably just tried random VPN logins and got lucky. Doesn't sound like he coded or exploited anything whatsoever other than VPN logins. Far from a real hacker. This is just poor security on Microsoft and Nintendos part.