A lot of hackers are just kids that make a stupid mistake. During their time in jail, their skills get soft or they'll get hardened by their time there. My hope is to let them know that people on the outside still are thinking of them and to help them keep their skills up-to-date.
I'm a bit overwhelmed with a startup at the moment, but I anticipate the non-profit to be formed and to launch sometime in the fall.
The judge sentenced him to two years' probation, citing his
rough childhood and the way he had worked to turn his life
around as considerations when it came to deciding on the
relatively lenient punishment.
I was cringing the whole time reading about the interrogation. I can imagine this whole thing would have ended so much worse for Gembe if he had actually gone for that job interview. Just try and compare Gembe to Weev, you might start pining for good ol Schönau im Schwarzwald.
There are no buts here. Non-violent offenders shouldn't be arrested at gun point. And it's not just a matter of scaring someone, it's a matter of public safety. I don't get why whenever an issue like that comes out, there is always someone jumping to defend dangerous practices like that.
And this guy also stole people's software keys.
If they were talented coders, they could've found less destructive ways to make money. But he decided to go the greedy route.
Let me guess: you are a US citizen, or anyway live in a country where developer positions abound. Well, not everyone is. Some people live in small towns where the cool programming positions are adapting invoice management software for small businesses.
Also this was before Freelancer.com, before code.org. And he was a boy, he couldn't just relocate. Also, before the App Store.
This is exactly the curiosity that people who enter the InfoSec world feel, coupled with real skills. Often too much skills and too little to do to start.
Then you stumble upon a IRC channel and a world of challenges opens in front of you.
By the way, he asked Valve to hire him. Maybe he just didn't find "less destructive ways to make money" yet.
Don't judge if people are oppressed (or better, repressed) if you have never been, please, either because at that age YOU had the occasions or guidance, or because you hadn't that curiosity or talent.
I don't think it's particularly farfetched to expect relatively socially ostracised teenaged boys to not make the best judgement decisions right as they are developing their computer science skills. Most of them end up becoming relatively well-adjusted (within the scope of an introverted computer nerd) people so why not help them in that development?
Few people in US prisons [1] deserve what they're getting. It takes a cold-hearted prick to honestly believe what you've written.
[1] While this guy wasn't, the sort of people deftnerd is talking about are.
By the time I was 21, I certainly wouldn't have done something like what he did. But, just a few years earlier, say at 18, yes, I did stupid things. In his position I probably could have done what he did. At that age many "boys" brains just aren't developed enough to truly understand right and wrong.
I'm not saying they shouldn't be punished. But I am saying they definitely shouldn't be punished harshly. In this case he was lucky to receive two years of probation as punishment. Something like that, or perhaps what we call "community service", is certainly more appropriate than throwing him in adult jail with hardened criminals.
Depends what you mean by that. In this guy's case, had he boarded the plane he would have gotten two decades in an American jail, versus two years of probation in Germany. I think he should be held accountable, but somehow, given the nature of the crime and the surrounding context, I think Germany got it right.
Not everybody does it for money actually his motivation was quite clear he liked the games but couldn't afford to buy them legit.
A situation i can relate with given I've been in a similar one.
Nowhere in this article was there a mention of hacking in order to make money.
Fortunately he was apprehended by the German Police, but things would've been way different had took that plane.
[1] There's a great presentation from him on video, including analysis of OPSEC failures from other hacker groups: https://www.youtube.com/watch?v=9XaYdCdwiWU
[2] Another timeless classic: "Don't talk to [the] police", which explains why it is never in your interest to talk to the police when you are suspected of a crime (even if you are innocent): https://www.youtube.com/watch?v=6wXkI4t7nuc
Not allowed to send books for UK prisoners as it contravenes their new "incentives and earned privileges scheme". Books are a luxury to be earned, apparently. http://www.theguardian.com/society/2014/mar/24/ban-books-pri...
I was lucky and got a slot that provided the full 80kbyte/s. I finished the download first, but my PC was pretty old back then so I didn't even bother trying to run it. Instead, I removed my hard drive (my system drive!), picked up a friend and we drove to another friend who had the fastest PC at the time. About 30 mins later all of us (I believe 5 or 6 guys) gathered in a tiny dorm and just stood in awe as we booted up HL2.
There was barely any gameplay present. You could just walk around in some maps and admire the graphics. It didn't matter. If we hadn't been stoked before, we were now.
In hindsight, this all was just an amazing PR stunt. Fun times.
That Valve worked with the FBI to get him sufficient permission to enter the US with the false pretense of getting a job seems to make this feel like much more personal than anything else.
And I'm left scratching my head as to what it really would have accomplished...
The Source engine is also licensed to other games. If the code is public, other engines could copy their features.
Also it is very annoying to re-secure all your computers after you have been breached. Every single person has to change their password and you don't know what backdoors the guy has installed without a full wipe sometimes.
Like other commenters said, they used him as a scapegoat; he did zero damage except make poor ol' Gabe worry.
Also, can't say I buy the hypothetical piracy cost. Does anyone have any examples of other engines copying Source features from the source code?
Also, who else had access to their network? This kid getting caught may have saved Valve from other breaches...
"Valve time" was already universally accepted. Between Half-Life, TFC, and Counterstrike, there was an enormous amount of good will towards this company even back then. Plus, we were already used to "Valve time" because it was actually "id time." Id had been doing it for nearly a decade before HL2 game out.
>Additionally they had demo'd at E3 and claimed the demo was not scripted, whereas the leak showed it was almost entirely so.
The guy who obtained the source code himself said that there were so many builds on valve's servers he had no way of knowing whether or not he had the most current build.
I think that if he wasn't German, but from another 'major' or 'minor' EU country, Austrilia and many others he would have been extradited at no time to the US.
I don't know where the cycle goes from here. Maybe the real wisdom is feeling bad for both?
"This was actually one of the interview questions, don't know why they didn't use the answer. I work as a software developer and a bit of a system administrator. I work in a company that does physical security, like fire alarms and such. Most of the work I do is programming PC control software for our systems and also quite some firmware development for various uCs. I know quite a bit of different assemblers. Measurement and automation is another field that I'm currently learning more and more."
What was done, is done. Wish you all the best in your life.
http://www.reddit.com/r/gaming/comments/fpkav/the_boy_who_st...
I think the German police officer was right. If you got arrested on US soil, (your side of) the story could have been very, very different.
Valve's use of SourceSafe at the time is another black mark, though not related to the security breach.
Developers != System Administrators != Security Experts
ps. The most important part however, are the developers, without them the other two groups wouldn't exist. :-)
The difference in the way he was treated by police and the justice system (and how different it is than what we've come to expect in America) is what struck me the most about this story.
Swartz was NOT facing anywhere near 35 years in prison. He was facing, if he went to trail and lost on all charges, and the court decided that he had caused a large amount of monetary damage, around 7 years. If he had taken the plea bargain that was on the table, he was facing a few months.
Prior discussion with more detail: https://news.ycombinator.com/item?id=7004640
It's almost as though, by treating criminals so harshly as we do here ("tough on crime" is a popular slogan for politicians), that instead of reducing crime, we reduce our society's recognition of each individual's humanity and value, and thus cause crime to rise.
The fact that they were setting a trap for him was also relatively shocking. Don't they have to follow due process?
Its Valve's fault for letting a 16 y/o install malwares on their computers... When you are developing something you got to be serious about its security as well if you want it to remain a secret. It feels to me like their employees and IT department had no actual sense of what security was (Employees going off installing whatever on their computer, and IT team not being able to track down malware and outgoing packets to unknown sources...)