Sophos Cloud Optix
A 12-year-old Canadian boy has pleaded guilty to hacking government and police websites during the 2012 student uprising in Quebec under affiliation with the Anonymous brand of hacktivists.
According to the Toronto Sun, the fifth grader, who lives in the Montreal suburb of Notre-Dame-de-Grâce, appeared in youth court on Thursday, accompanied by his father.
The boy pleaded guilty to three charges related to hacking websites that included those of Montreal police, the Quebec Institute of Public Health, the Chilean government and some non-public sites.
The attacks took some of the sites offline for up to two days, at what police estimated as a cost of $60,000 in damages. A more detailed report will be handed over next month when the boy is sentenced, according to the Toronto Sun.
The student uprising of spring 2012, which lasted into that fall, was sparked by outrage at a proposed tuition hike and spiraled into a have v. have-nots version of Occupy Wall Street, marked by the use of Molotov cocktails on one occasion, police use of rubber bullets and tear gas, and serious injuries to both police and protesters.
Be that as it may, the boy’s lawyer told the court that the 12-year-old’s actions in hacking the sites weren’t politically motivated:
He saw it as a challenge, he was only 12 years old. … There was no political purpose.
The paper reports that the young hacker has been involved with computers since he was 9.
The court was told that the targeted sites suffered three types of attack:
- Distributed denial of service (DDoS) attack: An attack wherein the aggressors bombard a target with requests designed to consume so much of its resources that it becomes unusable.
- Defacement of pages. See Pastebin for a message posted on the Montreal police’s website in French and English.
- Exploiting security holes in order to access database servers.
Others have reportedly been arrested for the attacks, but it was the boy who opened the door to enable them, the court was told.
The young hacker reportedly managed to get at personal information belonging to the sites’ users and administrators.
According to the Toronto Sun, he traded the pirated information to Anonymous in exchange for video games.
He also taught others how to hack, police experts told the court, though he reportedly warned them against going overboard, lest they get caught.
The Toronto Sun says that the court heard testimony from somebody who said that the tween put it this way:
It's easy to hack but do not go there too much, they will track you down.
I guess he went there too much, because they certainly did track him down.
Is he the youngest hacker ever to be caught?
Mafiaboy – the Canadian hacker who DOS’ed Yahoo, eBay and E*TRADE wound up in jail at the tender age of 15.
Canada: they grow more than maple trees up there!
Michael Calce – Mafiaboy’s real name – would go on to write in his book – “Mafiaboy: A Portrait of the Hacker as a Young Man” – that the attacks he unleashed in 2000 were “illegal, reckless and, in many ways, simply stupid.”
He wrote:
At the time, I didn't realize the consequences of what I was doing.
Calce wound up pleading guilty to 56 counts stemming from hacking and attacking the sites and was sentenced to eight months in “open custody” at a rehabilitation home for youths, with another year spent on probation.
Parents, are your kids extremely talented with computers?
What are you doing to ensure they’re chatting rather than DDoSing? Programming for good instead of draining databases like some kind of cyber Dracula?
Please feel free to share with us how, exactly, you’re managing to rein in technical talent so you and your child stay out of court.
Um, if a 12 year old can hack into their system then why is the 12 year old getting punished?
Either A) The kid needs to be offered a job or a full scholarship…
or B) The security/IT team for the police/government sites need to be fired. He's 12.
Because only an idiot thinks that you reward someone who commits a crime with a job. Not to mention, only an idiot thinks that someone who exploits a very easy exploit is some sort of computer genius.
Well clearly he's brighter than you. I agree with Daniel, if a 12 year old can outsmart the security he should be given a full scholarship or a job for his skills, and if the security was that bad then obviously the iT team needs to be looked at.
Some of them use free hacking software, thats why it easy to caught them.
I believe there lot people capable to do the same thing but they known as white hat.
Real hacker give it clean without no trace. that boy leaving trace anywhere and to believe TOR is funny things except he develop his own onion network using stolen cc and stolen devices with a cclean new unix or non enterprise linux, create his own army bot/badware, and automated server then its'll clean as stun!x did in Iran.
But I give my aplause for this boy who seemed so passionate to computer security. Maybe if Sophos give him schoolarship then he will write some articles in this blog…haha just kiddos…
Crime? its the internet … the internet is “crime” . It’s a damn 12 year old… this kid should be rewarded!
Only an idiot thinks that it’s a crime. They tell us that once you’re on the internet, all your rights go out the door. I guess it must be a one-way door, huh? Ten to one says that the NSA will be offering this kid a job someday.
I hope not.
You should give him a job, if he is that good at age 12!!
…and the job should be community service. If he's that good with computers at age 12, that likely means there are significant parts of his development that are lacking attention. He probably needs to develop a few more hobbies/interests.
If he continues to be good at computer things when he graduates high school at age 19 (if he was in grade 5 at age 12), he'll likely have his pick of scholarships based on academic performance.
see this is where most of the best government working people come from the ones that hack the systems. Really and truly most of the best hackers out there that have gotten caught get offered jobs it keeps them on top of most issues and they will wind up working with others to help keep things from going to far out of hand.
so fbi,cops,agents,government can all hack our emails,blogs,facebook,ext but when a 12 year old does it its a crim. dumb baster ds. ive had the fbi contact me about telling a guy in Africa to piss off when he told me he wants to give me millions of dollars.
LMAO … so much stress over nothing…
It's actually quite impressive that he's so young and he did this…
Now instead of fining him, sticking him in jail – why don't you give him a job to work for a security company that stops hacking?
Or maybe get him to maintain the sites he hacked? Especially that he knows the vulnerabilities …
Hacking is a crime …
But so is ignorance…
Failure to properly secure a site is plain stupidity…
Yeah! REWARD criminals with jobs! THART'S how to send a message to other criminals!
excellent idea use his talents and brains.
he isn’t hacking, hes a script kiddie, hes using simple tactics that anyone can look up and he defiantly should not be given a job or anything, thats something you here about in the ’90s and with people like kevin mitnick. and you cant really secure a site from ddos-ing because its all legitimate traffic just too much for the system process. the most you can do is block the traffic via firewalls and IDPS’s. besides hes hacking govenment computers which i believe utilize an application sever as a medium to accessing their site.
the previous commentators do not understand technology or the security measures utilized in them. and far to many people believe that because somebody did a single hack on a lot of systems that they are godly computer experts that can get past any security measure. but the truth is government databases typically are setup and used for decades and aren’t kept up to date with constant security checks and updates. BUT every day their are new vulnerabilities and patches released! any kid in the world can go and look up a vulnerability (that a real security expert / programmer found) then exploit it on every system that he can find that has this security hole open. its a simple process that a 12 year could do.
I seriously doubt anyone on this site thought that he found his own vulnerabilities and wrote code to exploit them… but I deal with people every day twice his age and older that wouldn't have the slightest idea of how to do this… So yes, the fact that he's 12 and doing this means that he's on the right track to "understand technology or the security measures utilized in them" if he was allowed to further progress in the security field (which he seems to like).
Giving him a job and or scholarships would help him to further his knowledge and get him to use it for the right reasons. Throwing him in jail helps no one.
I believe that he used SQLi to hack the sites.
If he did it manualy, and if there was any protection he bypassed, if there was anything in his way to not make it simple, the kid may have a future as a white/grey hat.
You sound put out that he is only 12 years old, I myself am amazed that he could do this.
It is the problem of the companies if they do not update their systems for decades, do you happen to be a security expert/programmer?
I strongly agree with you.
Ahhh…the DDoS attacks. Something these pathetic kids claim is a hack to make them seem like they are some great computer genius.
He did not only DDoS right ;).
It is immaterial if what he did is not a hack in your estimation, it did work on government websites — therefore was effective. Obviously the best person who can point out the weaknesses in a network's security are those who have the talents to find it.
Its not about rewarding criminals with a job — rather focusing their talents in a positive direction that benefits society while simultaneously placing them where they can be monitored. The height of stupidity is to toss them in a cage for a couple of years and call it rehabilitation. Why ignorantly waste natural talents?
Not all 12 year old kids know how to do what this one did — the derisive sneering that I witness in this thread has transparent colors of envy.
How can u say it was Effective it was just a goverment site after all ^^
Regardless whether you consider him a hacker or not he DEFINITELY DOES NOT BELONG IN JAIL!!!! He is 12 and needs to be educated not jailed. He will only learn how to become a criminal in jail and not a productive member of society…………….
Just a thought, I think you should give him a job in community service, some redundant data processing job on a stand alone system that has a virus specifically put in it that makes his job frustrating and impossible for him to fix so he can understand what people go through when a computer system they use for work is glitchy (without his knowing this of course). But after he serves his time give him a chance to be legit with his talents provided he understands what his malicious myschief does to people. I think it should be a learning experience first with counseling before he is committed to incarceration and given a criminal record. All I can say is I'm glad we didnt have PCs when I was 12, us boys created enough mischief without them.
Hello, I believe that he used SQLi to hack the sites. If he did it manualy, and if there was any protection he bypassed, if there was anything in his way to not make it simple, the kid may have a future as a white/grey hat. 🙂