12-year-old boy admits to hacking government sites for Anonymous

  • The boy, from Montreal, Canada, gained access to multiple sites, including that of the Chilean government, and ‘bombarded them with requests to consume so much of its resources that they become unusable’, court was told

  • He was working for hacking group Anonymous during the Quebec student uprising of 2012

  • Lawyers say the boy was not politically motivated but saw it ‘as a challenge’

  • He also taught others how to hack

A 12-year-old Canadian boy has pleaded guilty to hacking government and police websites during the 2012 student uprising in Quebec under affiliation with the Anonymous brand of hacktivists.

According to the Toronto Sun, the fifth grader, who lives in the Montreal suburb of Notre-Dame-de-Grâce, appeared in youth court on Thursday, accompanied by his father.

12 year old anonymous

12 year old anonymous

The boy pleaded guilty to three charges related to hacking websites that included those of Montreal police, the Quebec Institute of Public Health, the Chilean government and some non-public sites.

The attacks took some of the sites offline for up to two days, at what police estimated as a cost of $60,000 in damages. A more detailed report will be handed over next month when the boy is sentenced, according to the Toronto Sun.

The student uprising of spring 2012, which lasted into that fall, was sparked by outrage at a proposed tuition hike and spiraled into a have v. have-nots version of Occupy Wall Street, marked by the use of Molotov cocktails on one occasion, police use of rubber bullets and tear gas, and serious injuries to both police and protesters.

Be that as it may, the boy’s lawyer told the court that the 12-year-old’s actions in hacking the sites weren’t politically motivated:

He saw it as a challenge, he was only 12 years old. … There was no political purpose.

The paper reports that the young hacker has been involved with computers since he was 9.

The court was told that the targeted sites suffered three types of attack:

  • Distributed denial of service (DDoS) attack: An attack wherein the aggressors bombard a target with requests designed to consume so much of its resources that it becomes unusable.
  • Defacement of pages. See Pastebin for a message posted on the Montreal police’s website in French and English.
  • Exploiting security holes in order to access database servers.

Others have reportedly been arrested for the attacks, but it was the boy who opened the door to enable them, the court was told.

The young hacker reportedly managed to get at personal information belonging to the sites’ users and administrators.

According to the Toronto Sun, he traded the pirated information to Anonymous in exchange for video games.

He also taught others how to hack, police experts told the court, though he reportedly warned them against going overboard, lest they get caught.

The Toronto Sun says that the court heard testimony from somebody who said that the tween put it this way:

It's easy to hack but do not go there too much, they will track you down.

I guess he went there too much, because they certainly did track him down.

Is he the youngest hacker ever to be caught?

Mafiaboy – the Canadian hacker who DOS’ed Yahoo, eBay and E*TRADE wound up in jail at the tender age of 15.

Canada: they grow more than maple trees up there!

Michael Calce – Mafiaboy’s real name – would go on to write in his book – “Mafiaboy: A Portrait of the Hacker as a Young Man” – that the attacks he unleashed in 2000 were “illegal, reckless and, in many ways, simply stupid.”

He wrote:

At the time, I didn't realize the consequences of what I was doing.

Calce wound up pleading guilty to 56 counts stemming from hacking and attacking the sites and was sentenced to eight months in “open custody” at a rehabilitation home for youths, with another year spent on probation.

Parents, are your kids extremely talented with computers?

What are you doing to ensure they’re chatting rather than DDoSing? Programming for good instead of draining databases like some kind of cyber Dracula?

Please feel free to share with us how, exactly, you’re managing to rein in technical talent so you and your child stay out of court.

About these ads

Adobe confirms customer data stolen in security breach

Adobe Confirms Security Breach, Hackers Steal Source Code and 2.9 Million Customer’s Detail

The attackers accessed encrypted customer passwords and payment card numbers, the company said.

But it does not believe decrypted debit or credit card data was removed.

Adobe Security Breech

Adobe Security Breech

Adobe also revealed that it was investigating the “illegal access” of source code for numerous products, including Adobe Acrobat and ColdFusion.

“We deeply regret that this incident occurred,” said Brad Arkin, Adobe’s chief security officer.

“Based on our findings to date, we are not aware of any specific increased risk to customers as a result of this incident,” he said.

But Chester Wisniewski, senior adviser at internet security company Sophos, told the BBC: “Access to the source code could be very serious.

“Billions of computers around the world use Adobe software, so if hackers manage to embed malicious code in official-looking software updates they could potentially take control of millions of machines.

“This is on the same level as a Microsoft security breach,” he added.

Adobe said it had been helped in its investigation by internet security journalist Brian Krebs and security expert Alex Holden.

The two discovered a 40GB cache of Adobe source code while investigating attacks on three US data providers, Dun & Bradstreet, Kroll Background America, and LexisNexis.

Mr Krebs said the Adobe code was on a server he believed the hackers used.

 Adobe said it is resetting customer passwords of those who were affected by the attack. Adobe said it’s also in the process of notifying customers whose credit or debit card information might have been compromised, as well as getting in touch with the banks processing customer payments.

“We deeply regret that his incident occurred,” Adobe said in a blog post. “We’re working diligently internally, as well as with external partners and law enforcement, to address the incident.”