5 Year Old Hacks Xbox Live; Thankfully DOJ Apparently Uninterested In Prosecuting Cute Kid Under CFAA

from the cfaa-is-broken dept

There have been a bunch of stories going around about how 5-year-old Kristoffer Von Hassel figured out a way to hack the Xbox Live password system. Kristoffer’s parents noticed that their son was logging into his father’s account and playing games he wasn’t supposed to be playing. They asked him how he was doing it and he showed them:

Just after Christmas, Kristoffer’s parents noticed he was logging into his father’s Xbox Live account and playing games he wasn’t supposed to be.

“I got nervous. I thought he was going to find out,” said Kristoffer.

In video shot soon after, his father, Robert Davies, is heard asking Kristoffer how he was doing it.

A suddenly excited Kristoffer showed Dad that when he typed in a wrong password for his father’s account, it clicked to a password verification screen. By typing in space keys, then hitting enter, Kristoffer was able to get in through a back door.

Kristoffer’s father, Robert Davies, works in computer security (which, frankly, makes me a little skeptical that Kristoffer really made this discovery), and submitted the bug to Microsoft, who not only quickly fixed it, but also listed Kristoffer on their March “acknowledgements” for security researchers who helped them find bugs and vulnerabilities.

Of course, the flip side to this story is how we’ve seen the CFAA used in the past to go after people discovering similar flaws. Compare the story of Kristoffer to the story of Andrew “weev” Auernheimer. Kristoffer clearly exceeded authorized access to the Xbox Live system in order to obtain something of value (perhaps he gets off because the “something” is not worth more than $5,000, but still…). Of course, weev is an obnoxious internet troll, and Kristoffer is a cute 5-year-old. I guess that’s what’s meant by “prosecutorial discretion.”

Filed Under: , , , , , ,
Companies: microsoft

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “5 Year Old Hacks Xbox Live; Thankfully DOJ Apparently Uninterested In Prosecuting Cute Kid Under CFAA”

Subscribe: RSS Leave a comment
Violynne (profile) says:

To realize Microsoft released this console without closing the security hole is…

… ah, who the hell am I kidding. Been using Microsoft products for decades. There’s always a way to break security until it’s “patched”.

It wouldn’t surprise me if the next hack, er exploit, comes from UUDDLRLRBA while playing Netflix while Kinect sits “idly” by.

Anonymous Coward says:

Why would the DoJ pursue someone publishing the hack to a vendor, especially when the vendor accepts it?

Microsoft even has a program for this and perhaps the kid even was paid for his find.

I’ve got no clue if weev reported his flaw to AT&T or not, so don’t know if it’s relevant to his case. It was a bit of a stretch in any case to persecute him for getting the list of email addresses from a website.

FreeCultureForFreePeople says:

Re: Based on past history, the future is already written on the wall.

True, he’ll not be able to access any Xbox/Microsoft account, but it’s because ‘Microsoft’ will be a distant, unpleasant memory by the time this kid turns adult.
Snowden’s revelations greatly helped people realize that they are not to be trusted, and the Windows 8 disaster, along with the end of support for Windows XP, will surely help to make people look for alternatives – Linux, for example. Now that there’s a Steam client for Linux, it gets more attractive as a gaming platform, too.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...