this post was submitted on 26 Dec 2023
970 points (97.8% liked)
Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ
54500 readers
795 users here now
⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.
Rules • Full Version
1. Posts must be related to the discussion of digital piracy
2. Don't request invites, trade, sell, or self-promote
3. Don't request or link to specific pirated titles, including DMs
4. Don't submit low-quality posts, be entitled, or harass others
Loot, Pillage, & Plunder
📜 c/Piracy Wiki (Community Edition):
💰 Please help cover server costs.
Ko-fi | Liberapay |
founded 1 year ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
If you're not aware, the hack was performed by Arion Kurtaj, an 18 year old, who has been put in ~~prison~~ a psych ward in a uk prison. He hacked rockstar at a hotel, where he was left with no computers or phones, only to find that the TV had a chromecast, which he used to buy a phone and a keyboard (presumably by selling his monero).
This kid deserves a 7-8 digits salary as a pentester, not prison; plenty of pentesting companies would hire him in a heartbeat.
Don't get me wrong, he deserves a long and drawn out lesson on morals, but also a stellar salary where he can do what he's doing for the right side.
EDIT: I have made a mistake in my original comment, which has been pointed out. My bad, he's technically in a psych ward in a uk prison, because he's aggressive and unstable. I still stand by what I said (and what I clarified in the comments below), but I wanted to correct the record
You have to convince him first it is what he wants to do. He seems very fixated on being a cyber criminal at this time and money is unlikely to sway him.
He can learn once he understands the repercussions of his actions. Remember that he's an autistic teenager, he has a lot to learn about life and especially morality.
He'll learn great lessons in jail! /S
That’s why he’s in a prison hospital instead. I think they are called psyche wards or mental institutes in some places.
And all he has to do to get out of there is calm down and lie.
The fact he can't control himself enough to get through court without crowing on about his intent to do more crime speaks to a lack of self control, and for that reason alone, his skills are moot in any discussion of his future prospects.
His career in white hat cybersecurity is shot to fuck. No one will trust him enough after this
Well, considering the UK is not interested in helping him, and you’re probably right, we should perhaps be more concerned with Russia or a similar country picking him up for state sponsored cyberattacks or some shit.
Kid seems to be in it for the chaos and notoriety. That could cause quite a bit of harm in the right state environment.
I think you're vastly underestimating what a big stack of green can do for the morals of an 18 yo.
An 18 yo isn't gonna get fat stacks of green as a pentester.
The suits that decide salaries have different priorities. Like certs that are out of the price range of a teenager and years of professional experience.
The kid was an idiot and a dickhead. He extorted companies and sim swapped people for his private gain, and was stupid enough to continue his hacking spree while he was on bail for another hack.
He could've made 7 figures, but decided to go down the criminal route again by using Samsung Dex over Miracast (which the news liked to present as some kind of amazing hacking feat).
He's currently being held in hospital care for an indeterminate amount of time until the mental health tribunal can make up their minds. He's violent, damaging property and injuring staff.
He's going to be put away for a long time, hopefully he'll change for the better over the years. I don't get what this "he deserves a stellar salary" mentality comes from. This isn't some high schooler who found a problem and got sued because they tried to get it fixed, this is a criminal who decided to try to take a shortcut to a life of riches.
Now, he will never work in cybersecurity again, and after his release his devices will probably be monitored for some time. Don't extort companies, kids, companies don't hire the "legendary hacker" guys if they can't be trusted.
Yeah I don't think anyone here disagrees with that; his actions are objectively wrong and as I said, he definitely needs to learn morals and ethics.
I mean, duh, the media can't tell the difference between a computer and a toaster, but that's besides the point
I didn't know about this, thanks for sharing. Can I get a source?
I'm a firm believer in meritocracy and the importance of rewarding skills. He should still pay a hefty price for his crimes, including jail time, where he will hopefully learn to change his ways, but once he gets out, if he's truly remorseful for his actions and he's willing to have others monitor his device usage activities, I don't see why he shouldn't be hired by a red team
https://www.bbc.com/news/technology-67663128
Ironically, white hatting generally pays more than black hatting
So do the executives of rockstar and every major game studio.
I keep hearing this.
Find me any company that will hire someone so unstable and destructive, and I'll show you a company with bad hiring practices.
This is someone you can never count on to do anything they don't want to do. Someone who will destroy things if they don't get their way. Triple letters won't touch him.
Also, let's be clear, a lot of this was social engineering. He didn't do anything impressive, he just did things others wouldn't be brazen enough to do because they didn't want to get caught.
definitely, but people can change
people always have a high and mighty mentality when talking about social engineering, most attacks today use some form of social engineering and have for a long time, if not always.
Social engineering, arguably, is one of the harder things to learn.
It's a collection of soft skills, and if you've been paying attention to rank and file tech jobs, places are looking for people with soft skills because they're so impractical to train.
This goes down to your basic help desk tech.
Anyone with an interest in computers can sit down and learn how to analyze and exploit weakness in code. In fact, it's a fun puzzle. Dealing with other people, let alone establishing oneself as another person and fucking SELLING that character enough to get what you need?
People write off social engineering far too quickly. It's quick, it's effective, and if done well, the person you exploited doesn't even realize they've been tricked.
Social engineering is a major part of pen-testing and of hacking. It's still impressive despite any carelessness.
This wasn't carelessness. This was a deliberate.
Are you kidding me? Aggressive, unstable and destructive seem to be core tenants for the CEOs of many large scale blue chip firms.
If you want actual penetration defense, you absolutely hire the unstable person. I'm not saying you put him or her in the centre desk on the main floor, let him or her work from an environment where they are most comfortable, and one that supports them best.
If you want window dressing, hire the neat and tidy person, who couldn't actually penetrate an Excel sheet.
You're forgetting a vitally important part of being a pentester.
Namely that they need to be trusted not to leak billions of dollars worth of trade secrets.
This kid is a prodigy as a black hat, but he'd be an embarrassment as a pentester.
I agree with you in principle, you are definitely objectively correct, however people can redeem themselves.
To name two:
I used to work as a pentester. It's an open secret that like a good chunk of people in the industry are former criminals. But former is kind of the keyword. Not only is he doing crime after being arrested and still under surveillance, but he can't even lie and say he won't do it again. The kid is unhireable, at least not until he can get his compulsions under control.
My GF works with autistic individuals and for a majority of them they simply cannot lie, at least not big lies. He may not even see it as being that wrong (probably does know to some extent that it is wrong), especially with all the (correct) rhetoric that companies are scum bastards obscuring the truth. The kid is indeed unhireable for the time being but he could be helped to understand the morals, ethics and laws surrounding his interests to integrate him into the capitalistic world he finds himself in.
I certainly didn't mean to make any moral judgments about the kid. I'm not even sure that I think it's morally wrong (unwise and legally wrong, no doubt, I just don't think his actions hurt any person and I don't care if an action hurts a corporation). The kid is clearly talented and I hope he gets the treatment he needs. I sure hope he can eventually make a living with his talents and perhaps eventually use his talents towards positive change.
To be fair to those two:
Mitnick did much what he did before hacking was even a crime, and almost all of it before offensive cybersecurity was even a viable career option.
the damage caused by the entirety of ShadowCrew (4000 odd members) was a drop in the bucket compared to that caused by this single kid
neither of them had compulsion issues that would cause them to attempt to hack even while under surveillance.
Jesus shit
He’s talented, but the problem is jobs like pen testing require a LOT of trust to work in. So far this guy has said and shown that he intents on staying in cybercrime rather than doing legitimate work.
As it stands, given how he’s acted, I can’t see a single company that would let him pen test their systems or a red team that would take that risk to their reputation.
I want to bet this dude is a giant asshole. Not sure why people keep making a hero out of him, he sounds like an awful person.
Maybe, I've never met him, but that changes nothing.
Linus Torvalds is a giant asshole and he doesn't know how to talk to people, he's still one of the most important people in tech.
Torvalds isn't an asshole because of a nonexistent moral compass. He just has strong opinions, and he's usually right, anyway.
Absolutely, didn't mean to imply otherwise
Linus Torvalds never extorted anyone. I don't see the comparison here.
Yes, you can be a massive dick and have power. You generally need to do something useful first, though, or get born into money.
As far as I recall he actively seeks to commit cybercrimes and even says so himself.
It's not the first young hacker on the spectrum that has urges to hack stuff.
It's a whole different question when someone is conscious he is doing something illegal and actively seeks to do it.
This is not another Aaron Swartz story imo. It's an autistic individual that doesn't hack out of curiosity but in order to damage businesses, and people or benefit himself.
In 5-10 years he would change his mind. As of now - kid had no idea about life.
He deserved (past tense) all that opportunity before he proved his willingness to use it to do damage. Given his dedication to committing crime, I can't imagine who would ever trust him enough to want his talents.
Unfortunate that society punishes those that can do things that a lot of people don't understand
Social engineering, SIM swapping, and basic data extortion is understood perfectly well, though. It happens all the time, whether it's North Korean APTs, the Ukrainian Cyber Army or some idiot kid in his basement.
There are plenty of stories about "genius hacker kid tries to do the right thing but gets arrested", but this isn't one of them.
From what I've read the kid is a genius but also has mental issues that makes him want to perform criminal acts all the time