[kreddor]

> Kurtaj managed to breach Rockstar, the company behind GTA, using an Amazon Firestick, his hotel TV and a mobile phone.

That's quite a feat.

> Rockstar Games alone told the court that the hack cost it $5m to recover from plus thousands of hours of staff time.

Either the kid is a genius or Rockstar really don't value their security much. Or maybe a bit of both?

[Nextgrid]

> That's quite a feat.

Is it? I don't see what the big deal is in installing a chrooted Linux environment (or SSH/RDP client to remote into an external machine) in an Android device?

The fact this is even mentioned really smells like they're trying to make this guy sound more skilled and evil than he really is, potentially also to cover up for the fact that the police made an oversight in letting him be around internet-connected devices even though their instructions was to not provide him internet/computer access.

I'm not downplaying the GTA hack (although I would still bet good money it was typical phishing/social engineering rather than anything more advanced), but I'm disagreeing that him doing so from a rooted TV stick or phone makes him any more of a monster than doing so from a typical computer.

[hulitu]

> I don't see what the big deal is in installing a chrooted Linux environment (or SSH/RDP client to remote into an external machine) in an Android device?

Installing it is nothing: 2 touches away. But using this crappy Android experience (where the on screen keyboard obscures half of your terminal) shows talent and dedication.

[piaste]

I imagine this is where the Firestick and TV came in - screencast termux or ConnectBot to the TV so you can use the phone in horizontal mode as a larger keyboard.

[hdjrbrbn]

To be fair: it is hard to not be around internet connected devices now

[unsupp0rted]

> I don't see what the big deal is in installing a chrooted Linux environment (or SSH/RDP client to remote into an external machine) in an Android device

Installing a Linux environment or SSH client on a Fire Stick in a hotel without access to a laptop?

Not familiar with Firesticks- is there an app in their App Store for SSH?

[mavamaarten]

Fire devices just run a flavor of Android, without Google Play Services. Getting SSH on there is trivial, especially when rooted.

[iAMkenough]

I would like to install SSH and root a Fire Stick with my phone. Where should I start?

[Nextgrid]

Second result on Kagi: https://www.firesticktricks.com/install-apk-on-firestick-fro... ?

This would at least give you the ability to install an SSH or RDP client since those don't even require root.

[zymhan]

> That's quite a feat.

> makes him any more of a monster

You're attacking a straw man.

Saying something is "a feat" is a long way from saying they're a monster.

[Nextgrid]

The statement in the article would sound to a non-technical audience like this guy is some sort of hacking magician, and I'm sure nobody minds this perception for the reason I mentioned above.

I'm just providing a counterpoint as well as a reason why there's an incentive to make this guy sound more skilled & evil than he really is.

[6stringmerc]

This is a really great angle and perspective to add in - I agree a noted habit / trend / short-hand in “severity” sometimes with technical subjects. I read through and also have heard some similar routine prep stories. Unusual? Absolutely!

Then again, it’s also unusual for a Dodge dealership in North Texas to have 7 Hellcat vehicles stolen in one night, but here we are.

So, I pick up that maybe the tech stack isn’t the most priority point - it’s the determination. The desire to continue through any avenue. Add that in with, reportedly a physical violence time in life, the persistent threat maybe can heal out of it?

[h0l0cube]

> Add that in with, reportedly a physical violence time in life

Throwing an autistic person into prison will do that. The child abuse that autistic people often receive in their childhood will do that

> the persistent threat maybe can heal out of it?

Or maybe just give them a job instead of throwing them in a padded cell for life?

[kyawzazaw]

I hope they worked out a deal at least

[jvanderbot]

From TFA, and given prior hacks, he's very skilled.

[squarefoot]

And has no empathy, which makes him a lot more dangerous.

[aszantu]

autism doesn't mean he doesn't have emotions

[rad_gruchalski]

Empathy, not emotions.

Empathy: the ability to understand and share the feelings of another.

[cassianoleal]

Autism doesn't preclude empathy at all. In fact, I would say it augments it once the other person's feelings are understood. What's generally lacking is realising the other is feeling in a certain way until it's explained to them or they have otherwise rationalised that feeling. Which, relatively ironically, will never be enough to make a neurotypical person feel empathy.

[rad_gruchalski]

I don’t understand why you explain this to me. I just answered empty vs emotion. I am not discussing anything.

[imtringued]

I don't know about you, but if I said someone doesn't have empathy I would think that I'm the one lacking it, since I can't possibly imagine understanding that person or their feelings.

[rad_gruchalski]

I feel empathetic to you.

[ghusto]

No, but empathy is something autistic people famously struggle with

[aszantu]

is it the same for male and female autists?

[squarefoot]

He may have emotions but certainly he doesn't care about those of others and the damage he can provoke. He actually wants to continue to be a criminal.

FTA: A mental health assessment used as part of the sentencing hearing said he "continued to express the intent to return to cyber-crime as soon as possible. He is highly motivated."

The guy needs help because he's autistic, and watched closely because he's also a sociopath.

[BobaFloutist]

Plenty of people want to commit crimes that aren't sociopaths.

[6stringmerc]

A valid diagnosis of one condition doesn’t preclude a litany of seriously dangerous other ones, either, correct?

[rainonmoon]

You might as well say "He has psoriasis, he might also be an axe murderer." No, one fact doesn't preclude the existence of other facts, very good. That doesn't mean that making stigmatising connections is reasonable.

[Dx5IQ]

There was no connection made, GP merely pointed out their observation based on what he has done so far

[mathgradthrow]

"empathy impairment" is a fundamental feature of autism. It's not stigma. It'a not universal, but it is a major part of why it's a disorder in the first place.

[RecycledEle]

As someone with autism, I lack empathy for (most) fake situations. Once I realized therapists and their ilk were lying about sad stories, I stopped having empathy for those sad situations.

Ditto for fake news stories.

Only mentally unfit people can pass a therapist's tests and be empathetic for people they know do not exist.

[FireInsight]

I'm not saying what you're saying is invalid, but I do have empathy for people that don't exist. It's called fiction and I find it quite enjoyable.

[pushfoo]

TL;DR: that's an outdated idea with an ever-growing body of research refuting it

Autistic and neurotypical people can empathize with others like them, but have trouble between the groups [1]. This is called the "double-empathy problem" by the paper which proposed the idea [2]. More recent papers explore subjects such as information transfer accuracy [3] with the same results: autistic participants understand each other perfectly well when allowed to use their preferred means of communication, as do neurotypicals. However, the two groups have trouble understanding each other. Further work extends this to a generalized model with extremely unsurprising results: people tend to be closer with people who think like them [4].

[1] https://link.springer.com/article/10.1007/s10803-015-2662-8

[2] https://kar.kent.ac.uk/62639/

[3] https://journals.sagepub.com/doi/10.1177/1362361320919286

[4] https://academic.oup.com/scan/article/16/1-2/222/5940490

[imglorp]

Someone should hire him as a white hat. Maybe they have some kind of custodial guardianship where the employer can monitor him staying clean.

[CaptainOfCoit]

It's tough though, how do you know that they won't use those skills against you? The individual seems relatively unstable and violent, even saying during a sentencing hearing that they'll continue to do illegal breaches whenever they can.

Would be great to have them on the "good" side, but would probably take a lot of energy and resources as well.

Hopefully this story will have a somewhat happy ending, because it seems to not end yet.

[Freak_NL]

He'd need a dedicated handler, and even then judging from the article's portrayal he seems like a hopelessly unmanageable type. He'd fit in with a modern-day A-team, come to think of it.

[lamontcg]

Could set him to work on hacking official state enemies, but you'd have to expect that he'd still engage in side-projects against whoever pissed him off or he had contempt for.

[RecycledEle]

> The individual seems relatively unstable and violent, even saying during a sentencing hearing that they'll continue to do illegal breaches whenever they can.

Admitting you will continue to fight evil is not evil.

[chris_wot]

It’s not going to happen. He’s going to be closely supervised in a hospital indefinitely.

[hnbad]

Having seen that play out in real life before, I don't think he'd be as much of an asset as a liability. The problem with white hats is they need to have an interest in following some set of rules. With this guy it sounds more like his rule set is defined by whatever he finds interesting with little concern for legality or what others might find acceptable.

It's similar to the problem with the asshole genius programmer. You can keep him around because he's a genius but being an asshole in a position of authority over others (by virtue of being a genius) will result in people not wanting to work for you and this can easily mean you're missing out in individuals or teams that would vastly outmatch the asshole genius.

[throwaway5959]

I’ve seen the opposite, the worthless manager, way more than the asshole genius.

[hnbad]

To be fair, there are very few actual geniuses and a lot more unremarkable assholes.

[make3]

That wouldn't work, you could never trust him at all, as he's expressed zero remorse and actually intent to continue to do crime, and is apparently very strongly autistic & doesn't understand the complex nuances of what is acceptable and what is not acceptable as a white hat hacker

[hnbad]

> very strongly autistic & doesn't understand the complex nuances of what is acceptable and what is not acceptable

This is a popular framing of autistic people but this assumes the problem is complex nuances. Most of the time it's not very nuanced at all. The problem is that autistic people are less likely to follow rules they don't agree with or see as arbitrary - in the positive this is sometimes described as a "strong sense of justice" but that phrase ignores that the perception of what is or isn't just or unjust can vary.

Studies have actually shown what is dismissively described as "moral rigidity", i.e. autistic people are more likely to follow ethical rules they profess even when they believe they can get away with breaking them and when nobody would find out. The problem is that "normal" people are much more "morally flexible" and thus share an implicit understanding of what rules are important (i.e. actual rules) and which ones you're supposed to say you follow but aren't expected to.

[RecycledEle]

> Studies have actually shown what is dismissively described as "moral rigidity", i.e. autistic people are more likely to follow ethical rules they profess even when they believe they can get away with breaking them and when nobody would find out. The problem is that "normal" people are much more "morally flexible" and thus share an implicit understanding of what rules are important (i.e. actual rules) and which ones you're supposed to say you follow but aren't expected to.

Very true.

[make3]

>>> The problem is that "normal" people are much more "morally flexible" and thus share an implicit understanding of what rules are important (i.e. actual rules) and which ones you're supposed to say you follow but aren't expected to.

This is exactly what I was referring to. We agree.

[RecycledEle]

Maybe the only thing more dangerous than holding someone in a "hospital" as a sentence is to allow an employer to decide if they should be allowed out or sent back to serve their life sentence. It's just as bad as H-1 visas, or allowing illegal aliens into the USA with babies who are not given US citizenship. (I am not taking sides on whether we should give US citizenship to those people, deport them, or what. I am pointing out that making someone the slave of their employer is bad for society.)

[s1artibartfast]

That would be interested, but is impossible as long as they refuse to avoid crime and state that they plan to commit more at the first opportunity

[ungamedplayer]

No company will do this because you can hire competent, non violent white hat hackers that don't need monitoring.

[drivingmenuts]

How about the British intelligence apparatus? Seems like a person they would be very interested in acquiring.

[arp242]

Also seems like the sort of person who would leak everything, and not just for some principled whistleblower reasons, but "for teh lulz" or whatever.

Trust is more important than ability.

[DoItToMe81]

Each hack was going into a company Slack server and saying "hell o i am the admin gibe me password". I'm not impressed.

[jvanderbot]

Personally, I think that a skilled exploiter is the one who finds such an easy loophole and exploits it efficiently and first; not the one who writes the most impressive code or finds the deepest algorithmic backdoor. I respect social engineering as much as anything when it comes to this domain.

[kazinator]

An genius would not only pull of the heist but get away with it.

There is no physical evidence: DNA, fingerprints.

[gdsdfe]

shouldn't they at least try to use this kid for good instead of locking him up ? but then who know maybe a 3 letter gov agency will take him to a bunker somewhere

[Cthulhu_]

"Use" implies control / coercion, given that this guy doesn't seem to respect authority, that's not going to work. You can't make anyone work for you or "do good".

[getwiththeprog]

Conversely, it seems pretty easy to pay people to do bad things.

[gdsdfe]

They have lions in zoos and circus for decades, just saying

[dharmab]

He's violent and uncooperative:

> The court heard that Kurtaj had been violent while in custody with dozens of reports of injury or property damage.

The TLA aren't hurting for talent these days either.

[HackeNewsFan234]

If he didn't have a keyboard and typed on his phone like I do, they could also say that he "hacked them using only his thumbs".