Did The MPAA Hire A Hacker To Break Into TorrentSpy?

MySpace... The Social Network For Extortion Scammers

from the how-many-make-a-trend? dept

Wed, May 24th 2006 11:49pm — Mike Masnick

There's just something about MySpace that seems to bring out the criminal element in some people. Way back before MySpace was even that well known, someone was arrested for trying to blackmail MySpace into giving him a job, or he would reveal to everyone on MySpace how to spam everyone else at MySpace. That guy ended up going to jail, but apparently some of the other kids out there didn't quite get the message. Two teenagers apparently broke into the MySpace back end and stole some personal info of users. When MySpace realized this and kicked them out, they threatened to reveal how they hacked into MySpace... unless MySpace paid them $150,000. Of course, that's called extortion, which is exactly the charge the two kids will be facing in court following their arrest last week. Of course, it's this kind of case that makes life so difficult for legitimate security researchers who are trying to help by finding vulnerabilities. Too many of the people poking around really do have malicious intent.

17 Comments

If you liked this post, you may also be interested in...

Reader Comments

Subscribe: RSS

View by: Time | Thread

Sam, 25 May 2006 @ 12:20am

It was just a matter of time. Ever since Myspace was out i was just waiting for this to happen.
[ link to this | view in chronology ]
Anonymous Coward, 25 May 2006 @ 12:24am

i've emailed a few vulnerabilities to myspace and they don't ever respond :-/ I ended up finding one of the developers myspace pages and emailing them directly and they finally got fixed.
[ link to this | view in chronology ]
TriZz, 25 May 2006 @ 5:15am

Vulnerabilities
XSS Scripting. MmmMmmmm cookies.
[ link to this | view in chronology ]
Patrick Mullen, 25 May 2006 @ 6:50am

In terms of reporting vulnerabilities the second poster did it right. I think there is a difference between finding a problem and reporting it to the owner and finding a problem and running to the media.

If its reported to the site or owner and they do nothing, then contacting the media or issuing a press release is fine, but doing so without contacting the owner is just wrong.
[ link to this | view in chronology ]
yoadrienne, 25 May 2006 @ 6:53am

there will always be these sorts of problems. teenagers and boredom are a bad combo.
[ link to this | view in chronology ]
Alecks, 25 May 2006 @ 6:57am

MySpace . . . .
I've got myspace just because friends asked me to get it - I'm still a freshman in high school and I've noticed that my grades have gotten worse ever since I've been with mypsace - hmmmm.
[ link to this | view in chronology ]
- cmon now, 25 May 2006 @ 7:58am
  
  Re: MySpace . . . .
  Dont blame your bad grade on Myspace.....Study more
  [ link to this | view in chronology ]
- Ben, 25 May 2006 @ 10:55am
  
  Re: MySpace . . . .
  Maybe your getting dumber as you get older.
  [ link to this | view in chronology ]
- Ashley, 25 May 2006 @ 2:36pm
  
  Re: MySpace . . . .
  You cant blame a website for your bad grades, its your choice to be on the site in the first place, and noone can make you do it. There are always going to be people who misuse Myspace. People especially teenagers are bored.
  [ link to this | view in chronology ]
Pariah, 25 May 2006 @ 7:01am

Again..........
Last I heard MySpace had nearly 80 million users.
With that sort of population you have to expect that there is going to be criminals JUST LIKE ANY OTHER community, be it virtual or real.
This hysterical fear mongering over ever little god damned thing that happens online is going to cripple us unless we get a little perspective and act like adults instead of cringing, stupid children.

I am sad to see Tech Dirt contributing to the tabloid coverage of Teh Evil Intarwebs.
[ link to this | view in chronology ]
- Dan Rather, 25 May 2006 @ 7:24am
  
  Re: Again..........
  While driving into work the other day I heard an advertisement for a local news station promoting a story... Tune in at 8 to find out what in your house could kill you in 8 seconds...."Fear mongering" gets your attention and thats what news reporters want .. get use to it.
  [ link to this | view in chronology ]
- TriZz, 25 May 2006 @ 7:37am
  
  Re: Again..........
  80 million users is a bit much. You have to consider how many "celebrity" profiles, fake profiles, and role-playing profiles are on there.
  
  Yes, role-playing profiles...some of the most viewed blogs on there are "parties" held by members of myspace with names of Harry Potter characters...it's quite strange.
  
  I think that if you actually took a look at how many "real" users there are - the number would be close to/if not more than half...
  [ link to this | view in chronology ]
unibomber, 25 May 2006 @ 8:03am

boohoo
"Of course, it's this kind of case that makes life so difficult for legitimate security researchers who are trying to help by finding vulnerabilities. Too many of the people poking around really do have malicious intent. "

People with malicious intent are the ENTIRE reason that security researchers exist. Don't cry to me about how it is making life so hard for them.
[ link to this | view in chronology ]
rijit (profile), 25 May 2006 @ 8:36am

News reports get exaggerated
Heh, lots of opinionated readers, looks like we could see a flame war today, gotta love it ;) I am surprised bad parenting or video games were not blamed for this, blame the kids who did it. I just gotta say, I am an admin/owner of a mud, which is a MMORPG of sorts, just a text based multi-user game. We have players who do nothing but find and exploit bugs. We find and banish the exploiters. I have had my server taken down by DOS attacks, been threatened with real life violence, and even been threatened with this kind of thing. Know what? In the end I am still there and they are gone, the mud is up and running and nothing has really changed. My point, I guess, is these kind of people always get caught or go away quietly when someone calls em on their threats and in the end, with a bit of time, all the damage they might do can be fixed. The media blows things way out proportion, including bloggers who circulate rumor. People just need to take a bit of responsibility for their actions. Me first.
[ link to this | view in chronology ]
DittoBox, 25 May 2006 @ 9:29am

MySpace pages are bad
MySpace pages are bad. I have a few friends who I've helped try and fix problems in their profiles (knowing CSS/XHTML I can at least try one last ditch effort to piece together the toilet code they employ).

You can use as much JS as you want. You can link to external anything. Meaning you can embed all sorts of nasty files.

This is almost as bad eBay, where they allow JS in the pages. That's not cool, because I've seen numerous listings that REDIRECT to phishing pages that ask for you to "login" before viewing the listing.

I stopped using eBay after I discovered this and found that even though they know about it, they don't fix it. They need to remove everything but simple xhtml and css. Then they need require that people host any and all images (the only other allowed external resource than CSS) with them.

If you can't sell a product with regular CSS/XHTML then you don't deserve my $$$.
[ link to this | view in chronology ]
anonymous coward, 25 May 2006 @ 12:56pm

all i know is that the average age of the women i date has continued to drop since i started using myspace. money, a nice apartment, and a car is catnip to an eighteen-year-old. well, it's catnip to a 40-year-old soccer mom too, but who the hell cares...
[ link to this | view in chronology ]
Chris Longley, 26 May 2006 @ 6:46pm

Forget My Space What's the thing in your house
that can kill you in 8 seconds???????? I wanna know. I'm hooked in.
[ link to this | view in chronology ]