hedben
Junior Member
Formerly: hedben2013
Posts: 2,201
|
Post by hedben on Sept 19, 2022 15:22:05 GMT
Rockstar responded
|
|
|
Post by dangerousdave on Sept 19, 2022 15:23:56 GMT
So much for my delay post, though I suspect they would deny such a thing anyway.
|
|
hedben
Junior Member
Formerly: hedben2013
Posts: 2,201
|
Post by hedben on Sept 19, 2022 15:33:02 GMT
Yeah it’s not necessarily that I don’t believe it, but that’s exactly what they’d have to say regardless of how they’re actually affected by it
|
|
|
Post by Jambowayoh on Sept 19, 2022 18:26:03 GMT
Like Derbs said there was no way they were going to delay it, it's a massive company with so many people working on it probably wasn't even an option. But you can bank on the lawyers will on all channels of law enforcement to get the person responsible.
I mean whatever your personal opinions are on Rockstar, I personally am a big fan of their stuff despite the admittedly shitty way they've conducted themselves in the past in regards to crunch, work environment and things like the Definitive Collection, it's still an incredibly shitty thing that's happened to all of the real people who exist and work there.
|
|
|
Post by Jambowayoh on Sept 19, 2022 18:38:48 GMT
Also I keep seeing stuff that says the hacker is a 16yr old kid from Oxfordshire who was also responsible for the Uber hack and his own group cut him loose.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Sept 19, 2022 18:41:03 GMT
Kinda shitty that they'd do that to a kid. These hacks happen all the time, but they don't always throw their own under the bus like that. Where was this level of victim protection during the iCloud nudes hack?
|
|
|
Post by damagedinc on Sept 19, 2022 18:41:25 GMT
Will defo be delayed, they say it won't be because of this but it will be
|
|
|
Post by Jambowayoh on Sept 19, 2022 18:46:03 GMT
Kinda shitty that they'd do that to a kid. These hacks happen all the time, but they don't always throw their own under the bus like that. Where was this level of victim protection during the iCloud nudes hack? From what I read he's had previous before with being caught. I mean if you're going to play with the big boys then get prepared for everything that comes with it.
|
|
geefe
Full Member
Short for Zangief
Posts: 8,323
|
Post by geefe on Sept 19, 2022 19:24:55 GMT
I just don't really see the point of doing it. Yes, it's interesting to see and, yes it may influence my expectations but it doesn't really sway me on buying it because it's not the finished product.
Fundamentally, there is nothing really that Rockstar can do to surprise me. They're not that sort of company. Last surprising thing they did was Red Dead back in 2010.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,627
|
Post by Bongo Heracles on Sept 19, 2022 19:49:01 GMT
Because they can and because it’s not really that hard. You trick someone into giving you access/credentials and then you’re away. The problem is that devs are know it alls and if you build a security wall they will cry until you put a door in it. If you manage to hook a dev with a phishing email or text *boom* you’ve usually got admin on a box with the lowest security restrictions in the company. They are a fucking nightmare.
|
|
deebs
New Member
So I was killing this pig with a hammer
Posts: 788
|
Post by deebs on Sept 19, 2022 19:50:12 GMT
Kinda shitty that they'd do that to a kid. Do what? What am I missing here?
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,627
|
Post by Bongo Heracles on Sept 19, 2022 19:53:04 GMT
His ‘group’ booted him and leaked his details. Presumably because he can’t keep his mouth shut and runs around with his dick out after each hack. It’s lapsus and they are quite successful so they probably don’t want someone shouting ‘HEY IM IN LAPSUS’ at anyone who will listen.
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Sept 19, 2022 19:53:59 GMT
Kinda shitty that they'd do that to a kid. These hacks happen all the time, but they don't always throw their own under the bus like that. Where was this level of victim protection during the iCloud nudes hack? From what I read he's had previous before with being caught. I mean if you're going to play with the big boys then get prepared for everything that comes with it. Let me start by saying I haven't looked too much into this apart from the headlines. So if my information is incorrect, my bad. But it sounds like rather than getting caught and identified by the authorities, his own crew turned him in? Maybe that's why it bothers me. If you're breaking the law and you get caught by the feds, fair enough. But to have your own people say "he did it, his name is, he lives here," just rubs me the wrong way. Both the lack of loyalty from his people, and the fact that the one time they turn their own in, it's a minor.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,627
|
Post by Bongo Heracles on Sept 19, 2022 19:59:01 GMT
It’s literally a criminal enterprise. It’s like when Tony Soprano kills Tony B. If Steve Buscemi was 16.
|
|
deebs
New Member
So I was killing this pig with a hammer
Posts: 788
|
Post by deebs on Sept 19, 2022 19:59:05 GMT
Its basically a leg up for their competitors, who have been a few leaps behind in terms of open world GTA-like games. GTA games have a lot of world detail in regards to AI interaction and such and now that code is freely available. Whilst developers can't just directly copy that source code, its now all out there to be to be referenced. It'll shorten the workload for companies interested in expanding and structuring their GTA like games. No one in the industry, at least the legitimate part of it, would touch it with a barge pole. It's one thing to emulate game mechanics or driving physics you see in another game, it's something else entirely to just rip the code that makes it happen. Not to mention paying 230k for stolen goods isn't a look anyone is interested in acquiring. The shadier Chinese or Russian end might make use of it though.
|
|
deebs
New Member
So I was killing this pig with a hammer
Posts: 788
|
Post by deebs on Sept 19, 2022 20:00:13 GMT
His ‘group’ booted him and leaked his details. Presumably because he can’t keep his mouth shut and runs around with his dick out after each hack. It’s lapsus and they are quite successful so they probably don’t want someone shouting ‘HEY IM IN LAPSUS’ at anyone who will listen. Oh, good. Dumb little fuck needs a slap.
|
|
|
Post by Dougs on Sept 19, 2022 20:04:06 GMT
I have virtually no experience with this sort of thing, but as nick says, they do it because they can. Finding exploits has been sport for hackers ever since they were enabled to do so. Very rarely is there a specific reason other than to feel self-important. And I'm not surprised he was chucked under a bus if that's what he does after any success.
|
|
deebs
New Member
So I was killing this pig with a hammer
Posts: 788
|
Post by deebs on Sept 19, 2022 20:06:42 GMT
He only has the one vector - Slack. His group might have been whitehat sec con hackers who had some element of legitimacy.
|
|
|
Post by Jambowayoh on Sept 19, 2022 20:11:45 GMT
From what I read he's had previous before with being caught. I mean if you're going to play with the big boys then get prepared for everything that comes with it. Let me start by saying I haven't looked too much into this apart from the headlines. So if my information is incorrect, my bad. But it sounds like rather than getting caught and identified by the authorities, his own crew turned him in? Maybe that's why it bothers me. If you're breaking the law and you get caught by the feds, fair enough. But to have your own people say "he did it, his name is, he lives here," just rubs me the wrong way. Both the lack of loyalty from his people, and the fact that the one time they turn their own in, it's a minor. If you're going to roll with the leopard face eating party don't be shocked when they eat your face. It's a criminal organisation I don't think they deal in loyalty as a rule especially if your antics threatens the whole operation.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,627
|
Post by Bongo Heracles on Sept 19, 2022 20:21:08 GMT
He only has the one vector - Slack. His group might have been whitehat sec con hackers who had some element of legitimacy. Nah, they go after data and then pivot to blackmail/extortion. We keep a ‘top 5’ threat actor list and they are one of the few non-nation state backed groups that always appear on it. I’m assuming R* had a ransom note last week and knew this was likely to be coming and probably isn’t all of it. If you have access to get 10k lines of code, you likely have access to pretty much everything. 20 quid they got in with an MS account without MFA turned on. You spend all this money on firewalls and some idiots gives them the keys on a text message
|
|
deebs
New Member
So I was killing this pig with a hammer
Posts: 788
|
Post by deebs on Sept 19, 2022 20:32:37 GMT
No honor amongst thieves then. His extortion posts are on twitter for all so see, but he got the assets from links posted on the slack chatlog, so he would only have access to whatever was there.
Might have been an ftp with everything, but it should be more compartmentalised these days.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,627
|
Post by Bongo Heracles on Sept 19, 2022 20:41:11 GMT
The videos are from the slack channel but I can’t imagine he is dumping code from there. If it’s the same methodology as the Uber hack, he had the slack channel and admin on a fairly flat network.
|
|
deebs
New Member
So I was killing this pig with a hammer
Posts: 788
|
Post by deebs on Sept 19, 2022 20:44:23 GMT
Depends, most of R* works remotely so who knows what they're tossing back and forth. However, he also said he has the GTAV source as well, so you're probably right.
|
|
|
Post by Jambowayoh on Sept 19, 2022 20:48:39 GMT
He only has the one vector - Slack. His group might have been whitehat sec con hackers who had some element of legitimacy. Nah, they go after data and then pivot to blackmail/extortion. We keep a ‘top 5’ threat actor list and they are one of the few non-nation state backed groups that always appear on it. I’m assuming R* had a ransom note last week and knew this was likely to be coming and probably isn’t all of it. If you have access to get 10k lines of code, you likely have access to pretty much everything. 20 quid they got in with an MS account without MFA turned on. You spend all this money on firewalls and some idiots gives them the keys on a text message . When you put it like that it really does make these hacks seem rather mundane rather than these Hollywood scenarios you imagine.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Sept 19, 2022 20:50:18 GMT
Let's face it, lots of companies are still miles, years behind on this stuff. Flat networks, unencrypted shares, cloud access without controls, admin access. There still this attitude of "it won't happen to us".
Til it does.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,627
|
Post by Bongo Heracles on Sept 19, 2022 20:53:23 GMT
It shouldn’t matter where devs work, really. I’ve seen a few people say this is a reason to get people back in the office but you should be on a VPN back to base, a VPN to AWS, maybe a Citrix desktop or something and there should be corp security controls on box. Certainly at our place it doesn’t really make a difference if you’re sat in the building or in a McDonalds and you’d hope it would be the same for a company like take2.
Obviously something is wrong but I would bet my kidney on it being a dev account compromise which led to unfettered network access. And that’s where the problem is, really. Like you say, there should be network segmentation and managed passwords for doing elevated stuff. Which is exactly how they dicked Uber. Agile workplace = shit security because it’s a blocker.
|
|
deebs
New Member
So I was killing this pig with a hammer
Posts: 788
|
Post by deebs on Sept 19, 2022 20:55:10 GMT
Let's face it, lots of companies are still miles, years behind on this stuff. Flat networks, unencrypted shares, cloud access without controls, admin access. There still this attitude of "it won't happen to us". Til it does. It's really just a convenience thing, the more layers of security you add, the harder it is to work.
|
|
Bongo Heracles
Junior Member
Technically illegal to ride on public land
Posts: 4,627
|
Post by Bongo Heracles on Sept 19, 2022 20:58:06 GMT
When you put it like that it really does make these hacks seem rather mundane rather than these Hollywood scenarios you imagine. We have two full time people who do literally nothing other than run down suspicious emails. It’s fucking insane. People scrape LinkedIn literally weekly, compromise email servers of small third party suppliers to send ‘invoices’….. all kinds of stuff. I do this for a living and I’ve had stuff I’ve nearly clicked on.
|
|
dogbot
Full Member
Posts: 8,738
|
Post by dogbot on Sept 19, 2022 21:00:35 GMT
Let's face it, lots of companies are still miles, years behind on this stuff. Flat networks, unencrypted shares, cloud access without controls, admin access. There still this attitude of "it won't happen to us". Til it does. It's really just a convenience thing, the more layers of security you add, the harder it is to work. *sad noises from the security professionals as the multi billion dollar source code is on Pastebin"
|
|
Deleted
Deleted Member
Posts: 0
|
Post by Deleted on Sept 19, 2022 21:02:24 GMT
Let me start by saying I haven't looked too much into this apart from the headlines. So if my information is incorrect, my bad. But it sounds like rather than getting caught and identified by the authorities, his own crew turned him in? Maybe that's why it bothers me. If you're breaking the law and you get caught by the feds, fair enough. But to have your own people say "he did it, his name is, he lives here," just rubs me the wrong way. Both the lack of loyalty from his people, and the fact that the one time they turn their own in, it's a minor. If you're going to roll with the leopard face eating party don't be shocked when they eat your face. It's a criminal organisation I don't think they deal in loyalty as a rule especially if your antics threatens the whole operation. I didn't think the leopards would eat my face! Hacking is dumb, though.
|
|