5 Year Old Hacks Xbox Live; Thankfully DOJ Apparently Uninterested In Prosecuting Cute Kid Under CFAA
from the cfaa-is-broken dept
There have been a bunch of stories going around about how 5-year-old Kristoffer Von Hassel figured out a way to hack the Xbox Live password system. Kristoffer’s parents noticed that their son was logging into his father’s account and playing games he wasn’t supposed to be playing. They asked him how he was doing it and he showed them:
Just after Christmas, Kristoffer’s parents noticed he was logging into his father’s Xbox Live account and playing games he wasn’t supposed to be.
“I got nervous. I thought he was going to find out,” said Kristoffer.
In video shot soon after, his father, Robert Davies, is heard asking Kristoffer how he was doing it.
A suddenly excited Kristoffer showed Dad that when he typed in a wrong password for his father’s account, it clicked to a password verification screen. By typing in space keys, then hitting enter, Kristoffer was able to get in through a back door.
Kristoffer’s father, Robert Davies, works in computer security (which, frankly, makes me a little skeptical that Kristoffer really made this discovery), and submitted the bug to Microsoft, who not only quickly fixed it, but also listed Kristoffer on their March “acknowledgements” for security researchers who helped them find bugs and vulnerabilities.
Filed Under: cfaa, doj, kristoffer von hassel, security, vulnerabilities, xbox, xbox live
Companies: microsoft
Comments on “5 Year Old Hacks Xbox Live; Thankfully DOJ Apparently Uninterested In Prosecuting Cute Kid Under CFAA”
On the other hand...
Had the DoJ gone after the kid, we might see some real push to reform the CFAA.
…
Which is probably why they didn’t do it.
Re: On the other hand...
Actually I’d go as far as to say they probably thought of going after the kid then realised.. oh wait criminal responsibility starts at 6yrs old only in the USA (11 for federal crimes).. Crap!
Thinking they care about what the public actually think has proven now to be absolute folly.
Re: Re: On the other hand...
Call me cynical, but do you think Daddy claimed his li’l boy did it so he could report the bug without the possibility of sharing a cell with weev?
Something something “I dare you to court bad publicity by going after a 5 year old, you jerks!”
It’s said that the second half of the title was necessary.
ireally am surprised that DoJ was uninterested in the little man because of his age. normally, it’s ‘no holds barred’ or so i thought
Good thing it wasn't a PS4!!!
He’s just lucky it was an xbox and not a PS4. Based on some of their earlier actions, Sony would probably be demanding confiscation of the gaming system, full prosecution and maximum jail time.
Re: Good thing it wasn't a PS4!!!
Yeah, Sony scares me way more than Microsoft when it comes to what they’ll do to their console customers.
NOT A HACK
This is an EXPLOIT..
This is a FAILURE for xbox..
Re: NOT A HACK
Not even really an exploit maybe. I would call this more discovery of a back door.
To realize Microsoft released this console without closing the security hole is…
…
… ah, who the hell am I kidding. Been using Microsoft products for decades. There’s always a way to break security until it’s “patched”.
It wouldn’t surprise me if the next hack, er exploit, comes from UUDDLRLRBA while playing Netflix while Kinect sits “idly” by.
Not interested, but the day still isn’t over. If we try hard enough, we can apply the law evenly against all infringers
DoJ prosecutor somewhere thinks . . .
“Hmmm, I could get another easy conviction belt notch. 5 year old kids roll over easy. Just have to find a way to get him charged as an adult. I mean, he knows how to use a computer, so that must mean he is mature enough to be charged as an adult. I don’t even know how to use my web box of tubes.”
Why would the DoJ pursue someone publishing the hack to a vendor, especially when the vendor accepts it?
Microsoft even has a program for this and perhaps the kid even was paid for his find.
http://technet.microsoft.com/en-us/security/dn425036
I’ve got no clue if weev reported his flaw to AT&T or not, so don’t know if it’s relevant to his case. It was a bit of a stretch in any case to persecute him for getting the list of email addresses from a website.
Re: Re:
IIRC, he got in trouble when he reported it to ATT.
Based on past history, the future is already written on the wall.
Can’t wait for the kid to turn 18… and he finds out he has a lifetime ban on any Xbox/Microsoft account he tries to set up, for “Hacking”.
Re: Based on past history, the future is already written on the wall.
Don’t know about that, but I’d be willing to put a small sum that he’s on some government watch list somewhere now.
Re: Re: Based on past history, the future is already written on the wall.
We’ll find out when Daddy books a trip to Disneyland.
Re: Based on past history, the future is already written on the wall.
True, he’ll not be able to access any Xbox/Microsoft account, but it’s because ‘Microsoft’ will be a distant, unpleasant memory by the time this kid turns adult.
Snowden’s revelations greatly helped people realize that they are not to be trusted, and the Windows 8 disaster, along with the end of support for Windows XP, will surely help to make people look for alternatives – Linux, for example. Now that there’s a Steam client for Linux, it gets more attractive as a gaming platform, too.
If you don’t stop him now, by the age of 7 he’ll be knocking over liquor stores!
I wonder if a 5 year old hasn’t just discovered an NSA back door.
Hacked By Chinese!
Now we have an even bigger insult… Hacked by a 5 year old!
I suppose the flaw was created on purpose.