Uncategorized

Security Researcher Arrested for Hacking Into Microsoft and Nintendo

A 24-year old security researcher who worked for the Malwarebytes security company was arrested and narrowly avoided jail for hacking into Microsoft and then hacking into Nintendo while on bail.

As reported by The Verge, Zammis Clark, also known as Slipstream or Raylee, admitted to hacking into Microsoft and Nintendo servers and stealing confidential information, including 43,000 files from Microsoft’s internal Windows flighting servers which contain pre-release versions of Windows.

Clark gained access to a Microsoft server on January 24, 2017, and proceeded to upload a “web shell to remotely access Microsoft’s network freely for at least three weeks. Clark then uploaded multiple shells which allowed him to search through Microsoft’s network, upload files, and download data.”

He shared access of these through a Internet Relay Chat (IRC) server chatroom which allowed other hackers from around the world to also gain access to Microsoft servers.

429 Mashing buttons will get you nowhere!

Error 429 Mashing buttons will get you nowhere!

Mashing buttons will get you nowhere!

Guru Meditation:

XID: 710738597


Varnish cache server

Clark was finally discovered in June 2017 when he uploaded malware on Microsoft’s network and police found the stolen files on his home computer after Microsoft’s cyber team, the FBI, EUROPOL, and the NCA’s National Cyber Crime Unit (NCCU) all worked together to find him.

Clark was arrested and was posted bail and was given no restrictions as far as computer use. Shortly after he was back home, he hacked into Nintendo’s internal network in March of 2018 and gained access through VPNs to “Nintendo’s highly confidential game development servers.”

These are the servers Nintendo uses to store its development code for unreleased games. Clark stole 2,365 usernames and passwords but was discovered in May of 2018 and plead guilty today, March 28, to “multiple accounts of computer misuse offenses in a London Crown Court.”

The cost of damages associated with Zammis Clark’s hacking was estimated to be about $913,000 to $1.8 million for Nintendo and around $2 million for Microsoft.

429 Mashing buttons will get you nowhere!

Error 429 Mashing buttons will get you nowhere!

Mashing buttons will get you nowhere!

Guru Meditation:

XID: 710738598


Varnish cache server

This wasn’t even the beginning of Clark’s hacking career, as he was also arrested in 2015 for his role in a Vtech data breach and also uncovered flaws in certain internet monitoring software and preinstalled apps on laptops.

In court, Zammis’ defense argue that because he is autistic and has face blindness, he would be highly vulnerable to violence in jail and would have “a greater risk of reoffending if imprisoned for his crimes.”

Judge Alexander Milne “compared the offenses to that of a common burglar who had entered a house, stolen goods, and altered a home.” While serious, he felt Clark would be much better suited for rehabilitation, especially taking into consideration his parent’s support, as his mother quit her day job to help her son through rehabilitation.

Clark was sentenced to 15 months imprisonment, which was suspended for 18 months, meaning he won’t have to spend time in jail if he does not reoffend.

429 Mashing buttons will get you nowhere!

Error 429 Mashing buttons will get you nowhere!

Mashing buttons will get you nowhere!

Guru Meditation:

XID: 710738599


Varnish cache server

However, a “Serious Crime Prevention Order was also granted for five years, which carries an unlimited fine and up to five years in prison if breached.”

This all come to light a day after a man plead guilty to stealing $122 million from Google and Facebook by simply sending invoices for items they haven’t ordered alongside forged paperwork.

Have a tip for us? Want to discuss a possible story? Please send an email to [email protected].

Adam Bankhurst is a news writer for IGN who thinks Zammis probably saw some pretty cool stuff. You can follow him on Twitter @AdamBankhurst.