5 Year Old Hacks Xbox Live; Thankfully DOJ Apparently Uninterested In Prosecuting Cute Kid Under CFAA

from the cfaa-is-broken dept

There have been a bunch of stories going around about how 5-year-old Kristoffer Von Hassel figured out a way to hack the Xbox Live password system. Kristoffer's parents noticed that their son was logging into his father's account and playing games he wasn't supposed to be playing. They asked him how he was doing it and he showed them:
Just after Christmas, Kristoffer's parents noticed he was logging into his father's Xbox Live account and playing games he wasn't supposed to be.

“I got nervous. I thought he was going to find out,” said Kristoffer.

In video shot soon after, his father, Robert Davies, is heard asking Kristoffer how he was doing it.

A suddenly excited Kristoffer showed Dad that when he typed in a wrong password for his father’s account, it clicked to a password verification screen. By typing in space keys, then hitting enter, Kristoffer was able to get in through a back door.
Kristoffer's father, Robert Davies, works in computer security (which, frankly, makes me a little skeptical that Kristoffer really made this discovery), and submitted the bug to Microsoft, who not only quickly fixed it, but also listed Kristoffer on their March "acknowledgements" for security researchers who helped them find bugs and vulnerabilities.
Of course, the flip side to this story is how we've seen the CFAA used in the past to go after people discovering similar flaws. Compare the story of Kristoffer to the story of Andrew "weev" Auernheimer. Kristoffer clearly exceeded authorized access to the Xbox Live system in order to obtain something of value (perhaps he gets off because the "something" is not worth more than $5,000, but still...). Of course, weev is an obnoxious internet troll, and Kristoffer is a cute 5-year-old. I guess that's what's meant by "prosecutorial discretion."
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: cfaa, doj, kristoffer von hassel, security, vulnerabilities, xbox, xbox live
Companies: microsoft


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    silverscarcat (profile), 7 Apr 2014 @ 11:25am

    On the other hand...

    Had the DoJ gone after the kid, we might see some real push to reform the CFAA.

    ...

    Which is probably why they didn't do it.

    link to this | view in thread ]

  2. icon
    James Jensen (profile), 7 Apr 2014 @ 11:32am

    It's said that the second half of the title was necessary.

    link to this | view in thread ]

  3. identicon
    Anonymous Coward, 7 Apr 2014 @ 11:38am

    ireally am surprised that DoJ was uninterested in the little man because of his age. normally, it's 'no holds barred' or so i thought

    link to this | view in thread ]

  4. icon
    KevinEHayden (profile), 7 Apr 2014 @ 11:52am

    Good thing it wasn't a PS4!!!

    He's just lucky it was an xbox and not a PS4. Based on some of their earlier actions, Sony would probably be demanding confiscation of the gaming system, full prosecution and maximum jail time.

    link to this | view in thread ]

  5. icon
    ECA (profile), 7 Apr 2014 @ 11:55am

    NOT A HACK

    This is an EXPLOIT..
    This is a FAILURE for xbox..

    link to this | view in thread ]

  6. icon
    Violynne (profile), 7 Apr 2014 @ 12:12pm

    To realize Microsoft released this console without closing the security hole is...

    ...

    ... ah, who the hell am I kidding. Been using Microsoft products for decades. There's always a way to break security until it's "patched".

    It wouldn't surprise me if the next hack, er exploit, comes from UUDDLRLRBA while playing Netflix while Kinect sits "idly" by.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 7 Apr 2014 @ 12:27pm

    Not interested, but the day still isn't over. If we try hard enough, we can apply the law evenly against all infringers

    link to this | view in thread ]

  8. icon
    John William Nelson (profile), 7 Apr 2014 @ 12:28pm

    DoJ prosecutor somewhere thinks . . .

    "Hmmm, I could get another easy conviction belt notch. 5 year old kids roll over easy. Just have to find a way to get him charged as an adult. I mean, he knows how to use a computer, so that must mean he is mature enough to be charged as an adult. I don't even know how to use my web box of tubes."

    link to this | view in thread ]

  9. identicon
    Anonymous Coward, 7 Apr 2014 @ 12:30pm

    Why would the DoJ pursue someone publishing the hack to a vendor, especially when the vendor accepts it?

    Microsoft even has a program for this and perhaps the kid even was paid for his find.
    http://technet.microsoft.com/en-us/security/dn425036

    I've got no clue if weev reported his flaw to AT&T or not, so don't know if it's relevant to his case. It was a bit of a stretch in any case to persecute him for getting the list of email addresses from a website.

    link to this | view in thread ]

  10. icon
    Scott Yates (profile), 7 Apr 2014 @ 12:33pm

    Re: NOT A HACK

    Not even really an exploit maybe. I would call this more discovery of a back door.

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 7 Apr 2014 @ 12:54pm

    Re:

    IIRC, he got in trouble when he reported it to ATT.

    link to this | view in thread ]

  12. identicon
    DogBreath, 7 Apr 2014 @ 12:55pm

    Based on past history, the future is already written on the wall.

    Can't wait for the kid to turn 18... and he finds out he has a lifetime ban on any Xbox/Microsoft account he tries to set up, for "Hacking".

    link to this | view in thread ]

  13. identicon
    Loki, 7 Apr 2014 @ 3:06pm

    Re: Based on past history, the future is already written on the wall.

    Don't know about that, but I'd be willing to put a small sum that he's on some government watch list somewhere now.

    link to this | view in thread ]

  14. icon
    James Jensen (profile), 7 Apr 2014 @ 3:22pm

    Re: Good thing it wasn't a PS4!!!

    Yeah, Sony scares me way more than Microsoft when it comes to what they'll do to their console customers.

    link to this | view in thread ]

  15. identicon
    Anonymous, 7 Apr 2014 @ 3:34pm

    If you don't stop him now, by the age of 7 he'll be knocking over liquor stores!

    link to this | view in thread ]

  16. icon
    G Thompson (profile), 7 Apr 2014 @ 8:39pm

    Re: On the other hand...

    Actually I'd go as far as to say they probably thought of going after the kid then realised.. oh wait criminal responsibility starts at 6yrs old only in the USA (11 for federal crimes).. Crap!

    Thinking they care about what the public actually think has proven now to be absolute folly.

    link to this | view in thread ]

  17. identicon
    FreeCultureForFreePeople, 8 Apr 2014 @ 2:33am

    Re: Based on past history, the future is already written on the wall.

    True, he'll not be able to access any Xbox/Microsoft account, but it's because 'Microsoft' will be a distant, unpleasant memory by the time this kid turns adult.
    Snowden's revelations greatly helped people realize that they are not to be trusted, and the Windows 8 disaster, along with the end of support for Windows XP, will surely help to make people look for alternatives - Linux, for example. Now that there's a Steam client for Linux, it gets more attractive as a gaming platform, too.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 8 Apr 2014 @ 8:49am

    I wonder if a 5 year old hasn't just discovered an NSA back door.

    link to this | view in thread ]

  19. identicon
    Anonymous Coward, 8 Apr 2014 @ 12:04pm

    Hacked By Chinese!

    Now we have an even bigger insult... Hacked by a 5 year old!

    link to this | view in thread ]

  20. identicon
    Anonymous Coward, 9 Apr 2014 @ 8:52pm

    I suppose the flaw was created on purpose.

    link to this | view in thread ]

  21. identicon
    Pragmatic, 11 Apr 2014 @ 5:47am

    Re: Re: On the other hand...

    Call me cynical, but do you think Daddy claimed his li'l boy did it so he could report the bug without the possibility of sharing a cell with weev?

    Something something "I dare you to court bad publicity by going after a 5 year old, you jerks!"

    link to this | view in thread ]

  22. identicon
    Pragmatic, 11 Apr 2014 @ 5:49am

    Re: Re: Based on past history, the future is already written on the wall.

    We'll find out when Daddy books a trip to Disneyland.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.