5 Year Old Hacks Xbox Live; Thankfully DOJ Apparently Uninterested In Prosecuting Cute Kid Under CFAA

from the cfaa-is-broken dept

There have been a bunch of stories going around about how 5-year-old Kristoffer Von Hassel figured out a way to hack the Xbox Live password system. Kristoffer's parents noticed that their son was logging into his father's account and playing games he wasn't supposed to be playing. They asked him how he was doing it and he showed them:
Just after Christmas, Kristoffer's parents noticed he was logging into his father's Xbox Live account and playing games he wasn't supposed to be.

“I got nervous. I thought he was going to find out,” said Kristoffer.

In video shot soon after, his father, Robert Davies, is heard asking Kristoffer how he was doing it.

A suddenly excited Kristoffer showed Dad that when he typed in a wrong password for his father’s account, it clicked to a password verification screen. By typing in space keys, then hitting enter, Kristoffer was able to get in through a back door.
Kristoffer's father, Robert Davies, works in computer security (which, frankly, makes me a little skeptical that Kristoffer really made this discovery), and submitted the bug to Microsoft, who not only quickly fixed it, but also listed Kristoffer on their March "acknowledgements" for security researchers who helped them find bugs and vulnerabilities.
Of course, the flip side to this story is how we've seen the CFAA used in the past to go after people discovering similar flaws. Compare the story of Kristoffer to the story of Andrew "weev" Auernheimer. Kristoffer clearly exceeded authorized access to the Xbox Live system in order to obtain something of value (perhaps he gets off because the "something" is not worth more than $5,000, but still...). Of course, weev is an obnoxious internet troll, and Kristoffer is a cute 5-year-old. I guess that's what's meant by "prosecutorial discretion."

Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    silverscarcat (profile), Apr 7th, 2014 @ 11:25am

    On the other hand...

    Had the DoJ gone after the kid, we might see some real push to reform the CFAA.

    ...

    Which is probably why they didn't do it.

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    James Jensen (profile), Apr 7th, 2014 @ 11:32am

    It's said that the second half of the title was necessary.

     

    reply to this | link to this | view in thread ]

  3.  
    identicon
    Anonymous Coward, Apr 7th, 2014 @ 11:38am

    ireally am surprised that DoJ was uninterested in the little man because of his age. normally, it's 'no holds barred' or so i thought

     

    reply to this | link to this | view in thread ]

  4.  
    icon
    KevinEHayden (profile), Apr 7th, 2014 @ 11:52am

    Good thing it wasn't a PS4!!!

    He's just lucky it was an xbox and not a PS4. Based on some of their earlier actions, Sony would probably be demanding confiscation of the gaming system, full prosecution and maximum jail time.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    ECA (profile), Apr 7th, 2014 @ 11:55am

    NOT A HACK

    This is an EXPLOIT..
    This is a FAILURE for xbox..

     

    reply to this | link to this | view in thread ]

  6.  
    icon
    Violynne (profile), Apr 7th, 2014 @ 12:12pm

    To realize Microsoft released this console without closing the security hole is...

    ...

    ... ah, who the hell am I kidding. Been using Microsoft products for decades. There's always a way to break security until it's "patched".

    It wouldn't surprise me if the next hack, er exploit, comes from UUDDLRLRBA while playing Netflix while Kinect sits "idly" by.

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Apr 7th, 2014 @ 12:27pm

    Not interested, but the day still isn't over. If we try hard enough, we can apply the law evenly against all infringers

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    John William Nelson (profile), Apr 7th, 2014 @ 12:28pm

    DoJ prosecutor somewhere thinks . . .

    "Hmmm, I could get another easy conviction belt notch. 5 year old kids roll over easy. Just have to find a way to get him charged as an adult. I mean, he knows how to use a computer, so that must mean he is mature enough to be charged as an adult. I don't even know how to use my web box of tubes."

     

    reply to this | link to this | view in thread ]

  9.  
    identicon
    Anonymous Coward, Apr 7th, 2014 @ 12:30pm

    Why would the DoJ pursue someone publishing the hack to a vendor, especially when the vendor accepts it?

    Microsoft even has a program for this and perhaps the kid even was paid for his find.
    http://technet.microsoft.com/en-us/security/dn425036

    I've got no clue if weev reported his flaw to AT&T or not, so don't know if it's relevant to his case. It was a bit of a stretch in any case to persecute him for getting the list of email addresses from a website.

     

    reply to this | link to this | view in thread ]

  10.  
    icon
    Scott Yates (profile), Apr 7th, 2014 @ 12:33pm

    Re: NOT A HACK

    Not even really an exploit maybe. I would call this more discovery of a back door.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Anonymous Coward, Apr 7th, 2014 @ 12:54pm

    Re:

    IIRC, he got in trouble when he reported it to ATT.

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    DogBreath, Apr 7th, 2014 @ 12:55pm

    Based on past history, the future is already written on the wall.

    Can't wait for the kid to turn 18... and he finds out he has a lifetime ban on any Xbox/Microsoft account he tries to set up, for "Hacking".

     

    reply to this | link to this | view in thread ]

  13.  
    identicon
    Loki, Apr 7th, 2014 @ 3:06pm

    Re: Based on past history, the future is already written on the wall.

    Don't know about that, but I'd be willing to put a small sum that he's on some government watch list somewhere now.

     

    reply to this | link to this | view in thread ]

  14.  
    icon
    James Jensen (profile), Apr 7th, 2014 @ 3:22pm

    Re: Good thing it wasn't a PS4!!!

    Yeah, Sony scares me way more than Microsoft when it comes to what they'll do to their console customers.

     

    reply to this | link to this | view in thread ]

  15.  
    identicon
    Anonymous, Apr 7th, 2014 @ 3:34pm

    If you don't stop him now, by the age of 7 he'll be knocking over liquor stores!

     

    reply to this | link to this | view in thread ]

  16.  
    icon
    G Thompson (profile), Apr 7th, 2014 @ 8:39pm

    Re: On the other hand...

    Actually I'd go as far as to say they probably thought of going after the kid then realised.. oh wait criminal responsibility starts at 6yrs old only in the USA (11 for federal crimes).. Crap!

    Thinking they care about what the public actually think has proven now to be absolute folly.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    FreeCultureForFreePeople, Apr 8th, 2014 @ 2:33am

    Re: Based on past history, the future is already written on the wall.

    True, he'll not be able to access any Xbox/Microsoft account, but it's because 'Microsoft' will be a distant, unpleasant memory by the time this kid turns adult.
    Snowden's revelations greatly helped people realize that they are not to be trusted, and the Windows 8 disaster, along with the end of support for Windows XP, will surely help to make people look for alternatives - Linux, for example. Now that there's a Steam client for Linux, it gets more attractive as a gaming platform, too.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Apr 8th, 2014 @ 8:49am

    I wonder if a 5 year old hasn't just discovered an NSA back door.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Apr 8th, 2014 @ 12:04pm

    Hacked By Chinese!

    Now we have an even bigger insult... Hacked by a 5 year old!

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Anonymous Coward, Apr 9th, 2014 @ 8:52pm

    I suppose the flaw was created on purpose.

     

    reply to this | link to this | view in thread ]

  21.  
    identicon
    Pragmatic, Apr 11th, 2014 @ 5:47am

    Re: Re: On the other hand...

    Call me cynical, but do you think Daddy claimed his li'l boy did it so he could report the bug without the possibility of sharing a cell with weev?

    Something something "I dare you to court bad publicity by going after a 5 year old, you jerks!"

     

    reply to this | link to this | view in thread ]

  22.  
    identicon
    Pragmatic, Apr 11th, 2014 @ 5:49am

    Re: Re: Based on past history, the future is already written on the wall.

    We'll find out when Daddy books a trip to Disneyland.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
Advertisement
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
Advertisement
Recent Stories
Advertisement
Support Techdirt - Get Great Stuff!

Close

Email This

This feature is only available to registered users. Register or sign in to use it.