Nintendo and Microsoft are once again making headlines together, but this time around it's not exactly what you might expect.
24-year-old security researcher Zammis Clark – also known as Slipstream or Raylee online – has pleaded guilty in London's Crown Court to hacking into Nintendo and Microsoft networks. The former Malwarebytes employee, who was also involved in the 2015 Vtech data breach, "narrowly" avoided jail time after he was charged with multiple counts of computer misuse offenses for stealing confidential information from the two companies.
Clark originally gained access to Microsoft's servers in January 2017 and was arrested in June of the same year after he uploaded malware to the company's network. Following this, he was bailed without any restrictions on computer use and took the opportunity to then hack Nintendo's internal network in March 2018.
He used Virtual Private Networks (VPNs) and similar software to gain access to game development servers at Nintendo, containing development code for unreleased games. During this period, Clark was able to obtain 2,365 usernames and passwords, until Nintendo found out its servers had been hacked a few months later in May.
The estimated costs of damages to Nintendo range between £700,000 ($913,000) and £1.4 million ($1.8 million) and Microsoft believes its own damages are somewhere around the $2 million mark. Clark was sentenced to 15 months imprisonment, suspended for 18 months. A Serious Crime Prevention Order has also been granted for five years, carrying an unlimited fine of up to five years of jail time if breached.
[source theverge.com]
Comments 49
Interesting that he'd go the blackhat route after being part of Malwarebytes development. Hm.
Edit: someone point out that it wasn't DDOS, so i've decided to change it and instead change it to "Hack"
Good.
it's sad when people have to hack stuff like this. just so they can steal stuff.
@SlyPlayr09
I think it will be eventually, as we rely more and more on technology the crime becomes increasingly serious. Look at the punishment for horse theft in 1818 vs what it is now, it used to be a death sentence.
We will see I guess but this guy was uploading malware so obviously being an idiot, glad he at least was punished but I don’t agree with the jail time suspension.
Huh. Guess it's not a bad idea to chance passwords once in a while.
Eh... this feels like a soft judgement. Prison isn't the only answer, but something that makes the person pay some sort of reparations, some sort of restrictions to protect society. The judgement as described here doesn't quite do it for me.
Missed opportunity, could have hired the man rather than sue him for pocket change.
“Security researcher” seems like a bit of a stretch and a misleading headline. I’m guessing he’s nothing more than a hacker who happened to once be employed at Malwarebytes to test for security vulnerabilities. Either way, he’s a nuisance who shouldn’t be allowed anywhere near a computer and internet connection.
@aaronsullivan What do you want? Chopped off his hands so he can't use the keyboard? These days you can use voice activated assistant to do the hacking.
@Racthet916 You didn't watched Mr Robot did you?
This is who all the smash bros 4chan leakers claim to be
Glad he was caught. I have sympathy for people who go after companies that cause harm and are destructive but what this person was doing seems to have nothing but pure personal greed.
@aaronsullivan You're right, he should be placed on a watch list of potential cyber criminals.
My thought is if people like this would put their minds towards more constructive things, humanity would have colonized the moon by now.
It would be one thing if it was this guy's first, or even second offensive. But this guy keeps doing the same thing over and over... Dude needs a longer sentence, or at least heavy monitoring, for a long time.
I was totally expecting the "narrowly avoiding jail time" to end up being a story of him getting employed because he found security flaws. But then I read that he uploaded malware to their servers, and immediately stopped rooting for him. If he's not going to jail, then they should at least restrict his computer access. Clearly, they should have done that the first time around.
I wish I was smart enough to do some of that stuff. Then I realize, it's probabaly good that im not. I wouldn't fair well in the state pen
I find it disturbing that Nintendo hasn’t said a damn thing about usernames and passwords being obtained or advising us to change them. Has anyone received emails about such? My card info is stored on my eShop account ffs.
@Majora101
This guy already caused about $2000000 damage to Microsoft and about a million damage to Nintendo. Why would they want to hire him?
@Audiobrainiac Nintendo legally has 90 days to notify users after they find out.
But I haven't heard anyone say anything about an email.
That's £3m less to be spent on games development. Bizarre sentence. I'm guessing the security services wanted him to hack Russia or something like that and that's perhaps why he avoided prison.
Potentially I guess if he is now hacking Russia etc and helping prevent wars he could be saving us all a lot more than the £3m he cost. Hopefully.
I guess anyway the costs of his damage were paid off either by insurance or by the UK State if they wanted to keep him out of prison. So hopefully it means there isn't really £3m less for games development.
@Trajan yeah, I just checked through my email history dating back god knows how many years. Nothing. Just newsletters and other things like that.
Wonder why they haven't notified people. Even if it is just 2.3/2.4k people, it's still something that they need to notify us about.
This video has been brought to you by Expr--wait, we're not on YouTube?
@Aozz101x He didn't DDOS. DDOS is crashing a server by overloading it with requests. He was stealing info.
Also WoW always shuts down when new expansions come out. There's no need to DDOS it as Blizzard servers simply cannot handle that much traffic in such a short time. Same happens to Hearthstone when new expansion launches. Millions of people is just not easy to service.
Malwarebytes is as shady as it gets. I'm not saying they're pure evil, but they're easily one of the most marketing heavy anti malware companies, and the flashier one of those is, the further you should run. These kinds of companies have been exposed to be hacker dens dozens of times over computing history. I wouldn't be surprised if this isn't the only employee there who does questionable stuff.
@SlyPlayr09 [Good. Hacking is a serious offense when used like this, so the guy deserves to be punished. Too bad it isn't a more serious penalty.]
Hacking is always a serious offence though. No matter how you try to write it off - someone always ends up worse off because of it.
@Audiobrainiac I wondered the same thing, but there is also the possibility that they were employee usernames and passwords. The article doesn't say either way and neither does the linked article.
Why would you do this when you can make a *(****)* ton of money as a whitehat hacker? Every big tech company would pay a ton of money for someone with his skill.
*(You used some not so lovely language - Matthew010)*
@Audiobrainiac - the article says he hacked game development servers so the usernames and passwords are probably all employees and not something that needs public announcement
Hacking is pretty cool.
@Pod I mean, I agree... But not when you're messing with little baby Nintendo games that haven't had the chance to grow up into big strong evergreen titles.
He might learn a new meaning for "backdoor" if he goes to prison.
That sentence is way too lite! You got a crack down on this stuff or it is going to get way out of hand! Hackers should spend one year in jail with no computer Wi-Fi or Internet. Then be on probation for five years.
@Desrever
True. Please think of the children.
@Gerbwmu ah ok. Well that’s somewhat reassuring.
@LordGeovanni It's worth noting the company he worked for was fine. The man leans blackhat but he won't fart in his own cereal.
@Majora101
That would be like hiring the person that kidnapped your daughter as a bodyguard. He didn't just get into their network he put malware there. He caused harm.
@tseliot I get that you are not a cyber security specialist and do not want to see the benefit in making friends of enemies, but there is a grey area to this field you are trying to paint as black and white. The company the hacker worked for was not hacked — if you hire the man, he will help protect you against guys like him and more than make up for the pocket change in damages he caused. There is demand from major tech companies for white and black hat hackers they can get on their payroll who have the clandestine skills they need to identify faults in their systems. Nintendo themselves are paying hackers to report security flaws right now.
https://mashable.com/2017/04/12/nintendo-switch-security-bounty/
https://www.raconteur.net/technology/black-hat-hackers
https://www.wsj.com/articles/what-i-learned-from-the-hacker-who-spied-on-me-11549559728
it's always disappointing to see how vicious commenters are. such bloodlust. it was a non-violent offense. given his compulsivity, it sounds like the guy may be mentally ill. in which case, yeah, prison is not the right penalty for him. he just needs therapy.
@Majora101 I run an IT department and work with a managed security service provider. According to this article he dumped malware into their network. I get that you can't read but have someone read it to you.
@tseliot You definitely "run an IT department", and I'm former president Barack Obama.
Meanwhile on planet Earth, nowhere in this article nor the linked source article is there any mention of the individual having infected his employer's network. My point stands despite your bizarre overly-confrontational non-argument to a point no one made: the company he worked for was not affected. The companies that were affected would be wise to employ the blackhat hacker, who has no history of defecating where he eats, and utilize his knowledge of their data systems to patch the security flaws he or someone like him can take advantage of, rather than putting him in prison only for him to be released after a year and change, free to resume his usual blackhat routine on companies he doesn't work for.
@Majora101 You don’t know me mouth breather. I could prove it to you but I’m not doxxing myself for an internet tough guy. You’re first reply was confrontational and I merely repeated your idiotic insult. Your qualm is this guy only harms other networks? Uhmm ok. By the way, it would be President Obama, former isn’t required . You can’t be over 12 and if you ask nicely maybe your mom would build you a small window it that basement because you apparently need some sunlight (and probably a better diet.)
@tseliot Ooph, psychopath. Hope you have a good day, buddy!
Hopefully he didn't kill of some awesome games that where in the making!!
SERIOUS MINDED PEOPLE SHOULD CONTACT
Need a hacker?was in a bit of some really embarrassing cyber issues which led me to meeting some scammers as well but my will to solve my issue eventually paid off when i met Cryto Cyber Hacker,his work rate,professionalism and discretion is top-class. Hit him up at [email protected]. he's kinda picky though so make mention of the reference. Tell him i referred you. You're welcome.
I thought this hacking thing was a joke until I needed someone to hack into my inheritance. I was introduced to [email protected] by a Friend , He hacked through my cheating husband Facebook account and Instagram dm to reveal his secrets, first he shows you proof and guarantee that your job will be done. He has helped most of my friends whose name i can't mention on here, feel free to reach him.I know a real professional hacker who has worked for me once in this past month. He is very good at hacking. He offers legit services such as clearing of bad records online without it being traced backed to you, he clones phones, hacks facebook ,instagram, whatsapp, emails, twitter, bank accounts,FIXES CREDIT REPORTS, tracks calls. He also helps to retrieve accounts that have been taken by hackers. His charges are affordable, reliable, 100% safe. Contact him via address below…
Email: [email protected]
Nobody seems to recall he started out as a whitehat hacker and was punished for it before going to the dark side. He's the same guy who revealed what VTech was up to and chose to NOT sell the information of children and get someone to fix the major security issue before someone far less ethical than him exploited it and could sell all of that info. Was what he did the best route? Honestly, it probably was. If he had gone the legal route there is a good chance nothing would have been done until it was too late. Was it legal? No. And he was punished. This is how super heroes turn into super villains. =) Do right and nobody remembers. Do wrong and nobody forgets. Let's be nobodies together ❤️
https://www.vice.com/amp/en/article/xygg9w/vtech-hacker-explains-why-he-hacked-the-toy-company
Tap here to load 49 comments
Leave A Comment
Hold on there, you need to login to post a comment...