What Security Professionals Can Learn From The 5-Year Old Xbox Hacker

What Security Professionals Can Learn From The 5-Year Old Xbox Hacker
Sometimes news of poor security hits and it sends the whole web-o-sphere into panic. Heartbleed was an example of one such story. Other times, one can't help but to get a laugh out of weak security. A story that hit last week worth a laugh involved an Xbox account being hacked not by a teenager with a lot of time on his hands, not by a world class hacker or cyber criminals, but by a five year old kid who wanted to play some games he didn't have access to.

Shortly after Christmas last year, the child's parents caught him playing games on the Xbox that he shouldn't have been able to play, having somehow hacked his father's account to buy any game he pleased.

When asked how he broke into the account, the method used turned out to be... well, kind of ridiculous. He had tried guessing a password to his father's account. When that didn't work, he was taken to a password verification screen where... he hit the space-bar a bunch of times and logged in.

Interestingly, Microsoft actually offers a $10,000 bounty to hackers who can crack their system. Given that this seems to have been more of a fluke than a targeted hack, the family didn't get to reap the rewards, but it's kind of funny that educated, technical-minded hackers looking for backdoors and weak points have nothing on a little kid who really wants to play Minecraft.

Microsoft has fixed the hack, so don't bother trying to score some free games. In the future, a few tips that security professionals might want to keep in mind:
  • Don't Just Rely on Professionals
A professional coder is thinking from a professional perspective. They're not looking for dumb hacks that any five year old kid could employ, they're looking for, well, a challenge. When you put a $10,000 bounty on finding security flaws, hackers are looking for a ten thousand dollar hack.
  • Keep a Five Year Old on the Payroll
Child labor laws probably won't allow this, but rewarding children and casual gamers who can hack the system with free games or whatever prizes are appropriate to your website or gaming service wouldn't be a bad idea. You never know who's going to discover your weak points, so extending bounties to anyone who can find them can help to bring these weaknesses to light in the future.
  • Double Verification Can be Annoying, but Necessary
We might not like typing our credit card number in for every single purchase, but adding an extra security wall after login, at least where money is involved, can help to prevent unauthorized payments, so that even if someone can hack your Xbox Live or Steam account, they won't necessarily be able to make purchases in your name.

"Sometimes security science may seem like it's more, well, art than science," said Jason Hope, tech expert (https://medium.com/@jasonhope) "but with a rigorous approach to developing and testing systems for passwords, verification and online signatures, it's not impossible to build a rock-solid security setup." The five year old hacker doesn't get to keep all the games he bought, but if he keeps at it, he may one day land a job as a professional White Hat hacker. Companies like Sony and Facebook are known to hire professional hackers on a part time and full time basis in order to explore their security systems' flaws and offer tips to improve their verification processes.

Fortunately, it doesn't seem as if the hack has been discovered prior to now, as nobody seems to be coming forward with stories of having their accounts hijacked with the spacebar hack. Most of all, the whole affair has just been a little embarrassing for Microsoft, who generally has a better track record than this when it comes to online security.

In the aftermath of this, it's easy to imagine hundreds of gamers trying similar hacks on the PlayStation Network, Steam and Xbox Live in hopes of scoring a bounty, or at least a few games.

The History of Hacking Culture

Hacking culture is changing and developing all the time


Hacking culture is changing and developing all the time. The modern world is full of flaws to discover and secret places to explore. It makes sense that people are fascinated with the subject, but how has it progressed over time?

In 1975 the “Robin Hood and Friar Tuck” programs were installed on Xerox machines by Motorola staff which meant every time the program was deleted, it would re-appear after the computer rebooted.  This virus was the first of its kind and paved the way for a long line of internet virus hacks that we see today.
As for today, hacking culture has matured and more recently the ‘free online school’ hack believed that ‘information wants to be free’ and so this saw a rise in code literacy and naturally made people even more aware of computer security, which can only be beneficial.

What will happen in the future? Will the elite hackers go underground and start working for the government? Who knows! Either way it’s clear that hacking will always have security perks. If there weren’t people to uncover pitfalls, we wouldn’t be making online security tighter.

By James Duval, business and technology editor at GKBCInc.