21-Year-Old British Man Arrested In Connection With VTech Hack (ibtimes.co.uk) 53
Ewan Palmer writes: A man has been arrested in connection with the alleged hacking of electronic toy manufacturer VTech which affected millions worldwide. The 21-year-old was arrested in Berkshire, South East England, on suspicion of unauthorized access to computers to facilitate the commission of an offence and suspicion of causing a computer to perform function to secure/enable unauthorized access to a program/data following the data breach in November.
From the BBC's coverage of the arrest: In the attack, servers used to support VTech's Learning Lodge app were compromised. ... The Learning Lodge database logged names, email addresses, encrypted passwords, IP (internet protocol) numbers and other personal data. Some of the information was about children including names, dates of birth and gender.
No credit card data was stored in the compromised database.
Details on customers from all over world, including the US, UK, France and China, were taken.
Some of the data is believed to have been posted briefly online before being removed.
When details about the extent of the data loss became known security expert Troy Hunt said he had "run out of superlatives to even describe how bad" it was.
Hope the bastard gets a nice long stretch (Score:2)
I dread to think what could happen to some of the information about those kids and who might use it to target youngsters if he's sold it. VTech have been criminally negligent here too so one would hope some heads role, but this little turd really deserves the book thrown at him.
Re: (Score:2)
The article doesn't really go into what the intent was.
I don't think that the book should be thrown at somebody for exposing criminally negligent security practices.
If anything, VTech should be happy the guy was apparently novice enough to leave a clear trail which exposed their security weaknesses.
Re: (Score:1)
so if I go to your house and smash your window, you wont press charges because I am just exposing your security weaknesses?
Re: (Score:2)
I am not saying VTech shouldn't be annoyed with him and even sue him for damages.
But I don't condone "throwing the book" at him... as in "lock him away and throw away the key"
In your analogy, I would certainly pursue damages from you, but I would also learn from the incident and perhaps move away or install a better security system.
Re: (Score:2)
I guess you didn't see the post directly above yours.
Unbelievable.
Re: (Score:1)
Calm down buddy. The "compromised" information is all freely available with services such as intelius anyway. This honestly isn't a big deal....
Re: (Score:2)
What? The "Reeeeesearcher" post?
What is that supposed to mean? Is he a researcher? It doesn't state that in TFA.
Re: (Score:2)
I don't think that the book should be thrown at somebody for exposing criminally negligent security practices.
You would not need to release the information you obtained on to the internet to demonstrate this.
Re: (Score:2)
The police go for the low hanging fruit and make a big song and dance about it.
Re: (Score:2)
The real scandal was not the fact that a group of paedophiles had brown instead of white skin, it was that the social services allowed it to happen because they didn't want to interfere with the "human rights" of twelve year olds to have sex.
Re: Hope the bastard gets a nice long stretch (Score:1)
Re: (Score:2)
The rich never pay for their crimes.
Re:Hope the bastard gets a nice long stretch (Score:5, Insightful)
I dread to think what could happen to some of the information about those kids and who might use it to target youngsters if he's sold it. VTech have been criminally negligent here too so one would hope some heads role, but this little turd really deserves the book thrown at him.
My daughter just this week received a VTech tablet as a gift. We could not connect it to the network due to this hack, and it took me a few minutes to put one and one together to realize that _this_toy_ was the one whose network was hacked. Of course, I had just warned her a few minutes beforehand about entering personal information into the device.
As a parent of a child with this tablet, I am _happy_ that this guy broke in. The VTech company is completely negligent, and I'm furious that they would not encrypt the communications and have such egregious flaws. I'm a software developer and I know that all software has bugs, but this isn't a bug. This was a choice by VTech to use unencrypted communications and to not use best practices in their DB communications (prepared queries). If this Brit hadn't broken in, somebody with worse intentions would have.
I don't personally verify that my bank has good locks, and I don't personally verify that my health care provider's employees have each received proper certification. I have to trust many entities in my life, VTech was one, but when the bank doesn't even bother to lock the safe, or the health care provider slaps a Dr badge on anybody with a white coat, then we have justified reason to be angry not with those who opened the safe but rather with those who left it unguarded.
Re: (Score:3)
I dread to think what could happen to some of the information about those kids and who might use it to target youngsters if he's sold it.
Like what? Targeted advertising?
If you are thinking about things like child rape, I don't know what a criminal could do with this data that he couldn't do much more effectively by logging into Facebook or just hanging around your local school. Some retarded parents just love to put all details about their kids life online, which has the effect of boring to death everyone except people you absolutely don't want to be interested.
Anyways, child abuse online is a vastly overblown problem, used by governments to
Ohmygod! The world is falling apart! (Score:5, Insightful)
Am I alone in this uneasy feeling about so-called security pundits putting their breathlessness on display over some stupid, embarrasing and perhaps sometimes obnoxious hoaxes -- but far from "tragic", "catastrophic" or whatever superlatives?
C'mon. Tragic is that there are still people starving out there. Catastrophic is what's going on in Syria at the moment while the "developed countries" is quabbling in their disgusting powerplay over whatever.
But some compromised servers? Cool down, folks.
Re: (Score:1)
Well said, my friend.
Re: (Score:1)
Squeeze him (Score:1)
He'll rat out on all of his "anonymous" accomplices. Those cowardly nerds always do.
Re: (Score:2)
Who are your accomplices then?
Superlatives (Score:2)
When details about the extent of the data loss became known security expert Troy Hunt said he had "run out of superlatives to even describe how bad" it was.
He should have invented a new word, such as badest.
"The breach was the badest I've ever seen."
Re: (Score:1)
That's right, "scrumtrulescent" is a perfectly cromulent word.
Re: (Score:3)
"The breach was the 9/11est I've ever seen. It was like 9/11 times one million."
Re: (Score:2)
From reading posts like "dudez check out www.haxor.ro/sickit2theman.vba" on the twitbooks.
Arrested for... (Score:3)
... embarrassing a large corporation by showing how easy it was to bypass security and releasing the proof to the media.
We can't have large corporations' money flows placed at risk now.....
... about children ... (Score:4, Insightful)
that right there requires a full scale assault on the perpetrators and 100 years of jail time. Think of the children, said the person who required the kids names be in the db and the parents who wilfully gave that info out to access a toy.