this post was submitted on 26 Dec 2023
971 points (97.8% liked)

Piracy: ꜱᴀɪʟ ᴛʜᴇ ʜɪɢʜ ꜱᴇᴀꜱ

55056 readers
244 users here now

⚓ Dedicated to the discussion of digital piracy, including ethical problems and legal advancements.

Rules • Full Version

1. Posts must be related to the discussion of digital piracy

2. Don't request invites, trade, sell, or self-promote

3. Don't request or link to specific pirated titles, including DMs

4. Don't submit low-quality posts, be entitled, or harass others



Loot, Pillage, & Plunder

📜 c/Piracy Wiki (Community Edition):


💰 Please help cover server costs.

Ko-Fi Liberapay
Ko-fi Liberapay

founded 2 years ago
MODERATORS
 

The full GTA V source code has been leaked The leak contains GTA V source code and stuff from Bully 2 and GTA VI Leaked in a discord server by a random British guy in the 360 modding community known to get sued by Rockstar multiple times

"Now i am expecting a open source version of gta to arrive soon on linux natively . Tired of playing supertuxcart."

Here is the source. Another one.

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 414 points 1 year ago* (last edited 1 year ago) (35 children)

If you're not aware, the hack was performed by Arion Kurtaj, an 18 year old, who has been put in ~~prison~~ a psych ward in a uk prison. He hacked rockstar at a hotel, where he was left with no computers or phones, only to find that the TV had a chromecast, which he used to buy a phone and a keyboard (presumably by selling his monero).

  • He hacked into all major uk telcom providers: EE, BT and Orange.
  • He hacked into nvidia

This kid deserves a 7-8 digits salary as a pentester, not prison; plenty of pentesting companies would hire him in a heartbeat.

Don't get me wrong, he deserves a long and drawn out lesson on morals, but also a stellar salary where he can do what he's doing for the right side.

EDIT: I have made a mistake in my original comment, which has been pointed out. My bad, he's technically in a psych ward in a uk prison, because he's aggressive and unstable. I still stand by what I said (and what I clarified in the comments below), but I wanted to correct the record

[–] [email protected] 161 points 1 year ago (2 children)

You have to convince him first it is what he wants to do. He seems very fixated on being a cyber criminal at this time and money is unlikely to sway him.

[–] [email protected] 77 points 1 year ago (2 children)

He can learn once he understands the repercussions of his actions. Remember that he's an autistic teenager, he has a lot to learn about life and especially morality.

[–] [email protected] 33 points 1 year ago (2 children)

He'll learn great lessons in jail! /S

[–] [email protected] 50 points 1 year ago (1 children)

That’s why he’s in a prison hospital instead. I think they are called psyche wards or mental institutes in some places.

[–] [email protected] 11 points 1 year ago* (last edited 1 year ago) (1 children)

And all he has to do to get out of there is calm down and lie.

The fact he can't control himself enough to get through court without crowing on about his intent to do more crime speaks to a lack of self control, and for that reason alone, his skills are moot in any discussion of his future prospects.

load more comments (1 replies)
load more comments (1 replies)
[–] [email protected] 16 points 1 year ago (1 children)

His career in white hat cybersecurity is shot to fuck. No one will trust him enough after this

[–] [email protected] 10 points 1 year ago

Well, considering the UK is not interested in helping him, and you’re probably right, we should perhaps be more concerned with Russia or a similar country picking him up for state sponsored cyberattacks or some shit.

Kid seems to be in it for the chaos and notoriety. That could cause quite a bit of harm in the right state environment.

[–] [email protected] 21 points 1 year ago (1 children)

I think you're vastly underestimating what a big stack of green can do for the morals of an 18 yo.

[–] [email protected] 22 points 1 year ago (2 children)

An 18 yo isn't gonna get fat stacks of green as a pentester.

The suits that decide salaries have different priorities. Like certs that are out of the price range of a teenager and years of professional experience.

load more comments (2 replies)
[–] [email protected] 89 points 1 year ago* (last edited 1 year ago) (2 children)

The kid was an idiot and a dickhead. He extorted companies and sim swapped people for his private gain, and was stupid enough to continue his hacking spree while he was on bail for another hack.

He could've made 7 figures, but decided to go down the criminal route again by using Samsung Dex over Miracast (which the news liked to present as some kind of amazing hacking feat).

He's currently being held in hospital care for an indeterminate amount of time until the mental health tribunal can make up their minds. He's violent, damaging property and injuring staff.

He's going to be put away for a long time, hopefully he'll change for the better over the years. I don't get what this "he deserves a stellar salary" mentality comes from. This isn't some high schooler who found a problem and got sued because they tried to get it fixed, this is a criminal who decided to try to take a shortcut to a life of riches.

Now, he will never work in cybersecurity again, and after his release his devices will probably be monitored for some time. Don't extort companies, kids, companies don't hire the "legendary hacker" guys if they can't be trusted.

[–] [email protected] 25 points 1 year ago (2 children)

The kid was an idiot and a dickhead. He extorted companies and sim swapped people for his private gain, and was stupid enough to continue his hacking spree while he was on bail for another hack.

Yeah I don't think anyone here disagrees with that; his actions are objectively wrong and as I said, he definitely needs to learn morals and ethics.

Samsung Dex over Miracast (which the news liked to present as some kind of amazing hacking feat)

I mean, duh, the media can't tell the difference between a computer and a toaster, but that's besides the point

He’s violent, damaging property and injuring staff.

I didn't know about this, thanks for sharing. Can I get a source?

I don’t get what this “he deserves a stellar salary” mentality comes from

I'm a firm believer in meritocracy and the importance of rewarding skills. He should still pay a hefty price for his crimes, including jail time, where he will hopefully learn to change his ways, but once he gets out, if he's truly remorseful for his actions and he's willing to have others monitor his device usage activities, I don't see why he shouldn't be hired by a red team

[–] [email protected] 24 points 1 year ago* (last edited 1 year ago)

I didn’t know about this, thanks for sharing. Can I get a source?

The court heard that Kurtaj had been violent while in custody with dozens of reports of injury or property damage.

https://www.bbc.com/news/technology-67663128

load more comments (1 replies)
[–] [email protected] 15 points 1 year ago

Ironically, white hatting generally pays more than black hatting

[–] [email protected] 85 points 1 year ago (1 children)

Don't get me wrong, he deserves a long and drawn out lesson on morals,

So do the executives of rockstar and every major game studio.

load more comments (1 replies)
[–] [email protected] 69 points 1 year ago* (last edited 1 year ago) (5 children)

This kid deserves a 7-8 digits salary as a pentester, not prison; plenty of pentesting companies would hire him in a heartbeat.

I keep hearing this.

Find me any company that will hire someone so unstable and destructive, and I'll show you a company with bad hiring practices.

This is someone you can never count on to do anything they don't want to do. Someone who will destroy things if they don't get their way. Triple letters won't touch him.

Also, let's be clear, a lot of this was social engineering. He didn't do anything impressive, he just did things others wouldn't be brazen enough to do because they didn't want to get caught.

[–] [email protected] 33 points 1 year ago (5 children)

This is someone you can never count on to do anything they don’t want to do. Someone who will destroy things if they don’t get their way. Triple letters won’t touch him.

definitely, but people can change

a lot of this was social engineering

people always have a high and mighty mentality when talking about social engineering, most attacks today use some form of social engineering and have for a long time, if not always.

load more comments (5 replies)
[–] [email protected] 17 points 1 year ago

Social engineering, arguably, is one of the harder things to learn.

It's a collection of soft skills, and if you've been paying attention to rank and file tech jobs, places are looking for people with soft skills because they're so impractical to train.

This goes down to your basic help desk tech.

Anyone with an interest in computers can sit down and learn how to analyze and exploit weakness in code. In fact, it's a fun puzzle. Dealing with other people, let alone establishing oneself as another person and fucking SELLING that character enough to get what you need?

People write off social engineering far too quickly. It's quick, it's effective, and if done well, the person you exploited doesn't even realize they've been tricked.

[–] [email protected] 15 points 1 year ago (2 children)

Social engineering is a major part of pen-testing and of hacking. It's still impressive despite any carelessness.

[–] [email protected] 13 points 1 year ago

This wasn't carelessness. This was a deliberate.

load more comments (1 replies)
[–] [email protected] 10 points 1 year ago* (last edited 1 year ago)

Are you kidding me? Aggressive, unstable and destructive seem to be core tenants for the CEOs of many large scale blue chip firms.

If you want actual penetration defense, you absolutely hire the unstable person. I'm not saying you put him or her in the centre desk on the main floor, let him or her work from an environment where they are most comfortable, and one that supports them best.

If you want window dressing, hire the neat and tidy person, who couldn't actually penetrate an Excel sheet.

load more comments (1 replies)
[–] [email protected] 68 points 1 year ago* (last edited 1 year ago) (3 children)

This kid deserves a 7-8 digits salary as a pentester, not prison; plenty of pentesting companies would hire him in a heartbeat.

You're forgetting a vitally important part of being a pentester.

Namely that they need to be trusted not to leak billions of dollars worth of trade secrets.

This kid is a prodigy as a black hat, but he'd be an embarrassment as a pentester.

[–] [email protected] 31 points 1 year ago (7 children)

I agree with you in principle, you are definitely objectively correct, however people can redeem themselves.

To name two:

  • Mitnick (RIP) started as a black hat
  • Gollumfun started as a twisted criminal
[–] [email protected] 27 points 1 year ago (3 children)

I used to work as a pentester. It's an open secret that like a good chunk of people in the industry are former criminals. But former is kind of the keyword. Not only is he doing crime after being arrested and still under surveillance, but he can't even lie and say he won't do it again. The kid is unhireable, at least not until he can get his compulsions under control.

[–] [email protected] 22 points 1 year ago (1 children)

My GF works with autistic individuals and for a majority of them they simply cannot lie, at least not big lies. He may not even see it as being that wrong (probably does know to some extent that it is wrong), especially with all the (correct) rhetoric that companies are scum bastards obscuring the truth. The kid is indeed unhireable for the time being but he could be helped to understand the morals, ethics and laws surrounding his interests to integrate him into the capitalistic world he finds himself in.

[–] [email protected] 9 points 1 year ago (1 children)

I certainly didn't mean to make any moral judgments about the kid. I'm not even sure that I think it's morally wrong (unwise and legally wrong, no doubt, I just don't think his actions hurt any person and I don't care if an action hurts a corporation). The kid is clearly talented and I hope he gets the treatment he needs. I sure hope he can eventually make a living with his talents and perhaps eventually use his talents towards positive change.

load more comments (1 replies)
load more comments (2 replies)
[–] [email protected] 13 points 1 year ago* (last edited 1 year ago)

To be fair to those two:

  • Mitnick did much what he did before hacking was even a crime, and almost all of it before offensive cybersecurity was even a viable career option.

  • the damage caused by the entirety of ShadowCrew (4000 odd members) was a drop in the bucket compared to that caused by this single kid

  • neither of them had compulsion issues that would cause them to attempt to hack even while under surveillance.

[–] [email protected] 13 points 1 year ago

eight months in solitary

Jesus shit

load more comments (4 replies)
load more comments (2 replies)
[–] [email protected] 61 points 1 year ago (2 children)

He’s talented, but the problem is jobs like pen testing require a LOT of trust to work in. So far this guy has said and shown that he intents on staying in cybercrime rather than doing legitimate work.

As it stands, given how he’s acted, I can’t see a single company that would let him pen test their systems or a red team that would take that risk to their reputation.

load more comments (2 replies)
[–] [email protected] 52 points 1 year ago (2 children)

I want to bet this dude is a giant asshole. Not sure why people keep making a hero out of him, he sounds like an awful person.

[–] [email protected] 12 points 1 year ago (6 children)

Maybe, I've never met him, but that changes nothing.

Linus Torvalds is a giant asshole and he doesn't know how to talk to people, he's still one of the most important people in tech.

[–] [email protected] 54 points 1 year ago (1 children)

Torvalds isn't an asshole because of a nonexistent moral compass. He just has strong opinions, and he's usually right, anyway.

[–] [email protected] 15 points 1 year ago

Absolutely, didn't mean to imply otherwise

[–] [email protected] 12 points 1 year ago

Linus Torvalds never extorted anyone. I don't see the comparison here.

Yes, you can be a massive dick and have power. You generally need to do something useful first, though, or get born into money.

load more comments (4 replies)
load more comments (1 replies)
[–] [email protected] 41 points 1 year ago* (last edited 1 year ago) (3 children)

As far as I recall he actively seeks to commit cybercrimes and even says so himself.

It's not the first young hacker on the spectrum that has urges to hack stuff.

It's a whole different question when someone is conscious he is doing something illegal and actively seeks to do it.

This is not another Aaron Swartz story imo. It's an autistic individual that doesn't hack out of curiosity but in order to damage businesses, and people or benefit himself.

[–] [email protected] 9 points 1 year ago (1 children)

he actively seeks to commit cybercrimes and even says so himself.

In 5-10 years he would change his mind. As of now - kid had no idea about life.

[–] [email protected] 6 points 1 year ago

Yea, I mean he's an 18 year old autistic kid. He's going to be a bit slower than his peers to develop adult skills and fit in to society. People in here are talking as if he's unredeemable. He's still just a kid who has some maturing to do.

load more comments (2 replies)
[–] [email protected] 15 points 1 year ago

He deserved (past tense) all that opportunity before he proved his willingness to use it to do damage. Given his dedication to committing crime, I can't imagine who would ever trust him enough to want his talents.

[–] [email protected] 9 points 1 year ago (12 children)

Unfortunate that society punishes those that can do things that a lot of people don't understand

[–] [email protected] 8 points 1 year ago

Social engineering, SIM swapping, and basic data extortion is understood perfectly well, though. It happens all the time, whether it's North Korean APTs, the Ukrainian Cyber Army or some idiot kid in his basement.

There are plenty of stories about "genius hacker kid tries to do the right thing but gets arrested", but this isn't one of them.

load more comments (11 replies)
[–] [email protected] 7 points 1 year ago (5 children)

From what I've read the kid is a genius but also has mental issues that makes him want to perform criminal acts all the time

load more comments (5 replies)
load more comments (24 replies)