Feeds

back to article 11-YEAR-OLD code wizard hacks Greedy RuneScape geeks

A Trojan that promises RuneScape players gold but instead steals their passwords was developed by an 11-year-old, researchers claim. Antivirus biz AVG said it made the discovery after studying a piece of code masquerading as a cheat tool for the wizards'n'warriors online role-playing game. The malware asks victims for their …

COMMENTS

This topic is closed for new posts.

Page:

Bronze badge

He'd better go into hideing then.

Before some government tries to prosecute him as a cyber-terrorist.

1
2
Silver badge
Facepalm

Re: Suckyou Raven Re: He'd better go into hideing then.

"Before some government tries to prosecute him as a cyber-terrorist." OMG, you're so right! Them dastardly, scheming G-men and NSA Nazis are everywhere, just waiting for an excuse to slap the irons on some innocent guy just because he tried to steal from others. In fact, they probably won't like you pointing out their nefarious plans, probably best you cut off all communications and go into hiding too! Don't forget to wrap your mobile in at least twelve layers of foil, and don't just disconnect your modem, rip the cable out at the junction box 'cos I hear they have alien tech that means they can see you through the wires.....

/If you need a sarc tag you are too stupid to be using a computer.

0
9
Silver badge

Re: Suckyou Raven He'd better go into hideing then.

Forgot your pills AGAIN, Matt?

2
0
Facepalm

Re: Suckyou Raven He'd better go into hideing then.

"/If you need a sarc tag you are too stupid to be using a computer."

Yes Matt, you are...

0
0

Writing a fake program that asks stupid people to enter their login details != hacking.

18
4
(Written by Reg staff) Silver badge

Re: Oliver Mayes

"Writing a fake program that asks stupid people to enter their login details != hacking"

Tut, I knew someone would say that. For the purposes of a short and snappy headline, it is. The article lays it all out. What do you think the kid had planned for those passwords?

C.

2
4
Silver badge

'phishing' is only one letter longer than 'hacking'

13
0

Re: Oliver Mayes

I hope you alerted Jagex that people are hacking their game!

0
0
JDX
Gold badge

@Oliver

Typical software geek response... it's not about the end result, only how technically good the implementation.

Whereas to the rest of the world... the guy sitting on a beach drinking champagne with your money for example,,, it's the exact opposite.

0
7
Silver badge
Thumb Up

Re: Re: Oliver Mayes

Since he wrote code this is actually the original and proper "hacking". If he had just downloaded other people's scripts then he'd just be a skiddie.

1
3

Re: Oliver Mayes

Some company should hire him as a security consultant.

1
0
Anonymous Coward

"Writing a fake program that asks stupid people to enter their login details != hacking."

Actually, using the proper definition of hacking it sort of does. One of my first forays into 'fun' programs I made in college was something that simulated the network's login process, it captured what people entered and presented them with an error that encouraged them to use a different machine, after a few attempts it shut itself down and let people log on normally.

This was 20ish years ago though, when this sort of thing was harmless fun.

1
2
Anonymous Coward

"...One of my first forays into 'fun' programs I made in college was something that simulated the network's login process..."

That's about the third time you've told us that anecdote now. Assuming you're the same AC each time.

0
0
Silver badge

> This was 20ish years ago though, when this sort of thing was harmless fun.

Right. I remember people getting booted from uni for that. Not so "harmless".

0
0
Silver badge
Thumb Down

@RDX

Typical software geek response... it's not about the end result, only how technically good the implementation. ...the guy sitting on a beach drinking champagne with your money for example,,, it's the exact opposite.

You don't need elegant solutions if you just beat up somebody, then take his purse.

You do need elegant solutions if you want maintainable, reliable, adaptable, testable code. Or at least something viable when you just want to get paid for your shit in the marketplace.

Two totally different things.

0
0
Silver badge

I'm not that AC, but I did do almost exactly this myself, just for my own curiosity. It caused a bit of a sense of humour failure in the IT department when they were given a list of usernames and passwords, some including their own staff.

I had no intention of doing anything nefarious* with these details but these days that doesn't seem to matter. They did considerably tighten up on their security before too long though and at least they understood that I wasn't going to do anything bad with them, didn't do it to intentionally make them look bad (otherwise their reaction could have been different), didn't shout about it around the Uni and even showed them what I did.

* Just had to use that word, it's probably underused.

0
0
Silver badge
Windows

"11-YEAR-OLD code wizard"

Aka "exaggerate the skills of the idiot who was able to get around our idiot security".

15
3
Silver badge
Thumb Down

Re: "11-YEAR-OLD code wizard"

also

'suggests that kids are "digitally fluent far earlier than previous generations".'

You might want to explain that to all of us who were coding home computers during the 80s.

15
0
Trollface

Re: "11-YEAR-OLD code wizard"

Huh what was that? Something from the government about kids not knowing how to program these days and needing special computer science courses to teach them how? Oh I'm sorry I couldn't hear you over the sound of me laughing my ass off at the irony of this article.

5
0
JDX
Gold badge

Re: "11-YEAR-OLD code wizard"

How is their security 'idiot' if someone puts an app on FaceBook which users download and enter their details into?

Still, you managed to get a few plus votes by following the usual tactic of insulting someone with an argument which appears on cursory glance to seem sensible. Quite the heights of Reg debate then really...

2
1
Silver badge
Stop

Re: Code Monkley Re: "11-YEAR-OLD code wizard"

"......Aka "exaggerate the skills of the idiot who was able to get around our idiot security"....." He did not get around the security system, he used a social engineering trick to get people to load code that captured passwords and logins, presumably so he could then use those to access via the correct security protocols. The only thing he got around was the stupidity of the cheats using the code. The actual game security was just fine.

2
1
Anonymous Coward

Conspiracy theory

"...suggests that kids are "digitally fluent far earlier than previous generations..."

Or alternatively, now that any computer-related misbehaviour anywhere in the world leaves you open to extradition and long sentences in US prisons: that adults are hacking, using accounts set up in their kids' names.

I've heard of shop-lifters using a similar technique by encouraging the kids to nick stuff while mum "wasn't looking". Remember though folks, this approach only works while your kids are under the age of legal responsibility!

2
0

Re: "11-YEAR-OLD code wizard"

Yeah but since I was born in the late 80s and now there has been a lul in said junior interest in coding. Fingers crossed that interest is returning. We need better innovation in software.

0
0
MrT
Bronze badge

But code wizard...

...refers to the target game and not the coder skills.

I might be reading too much into this though...

0
0
Silver badge

Re: "11-YEAR-OLD code wizard"

I was coding in Assembly by 11... but I suspect I was probably more of an exception but then so's this kid.

0
0
Bronze badge

Re: "11-YEAR-OLD code wizard"

'suggests that kids are "digitally fluent far earlier than previous generations".'

You might want to explain that to all of us who were coding home computers during the 80s.

Yes, this is just another variant on the "digital natives" myth, which has been widely debunked by pretty much everyone who's done methodologically-sound studies on the question, rather than just make idiotic assumptions of the sort that get you a Wired editorship.

There have been 11-year-old hackers at least since the rise of PCs in the 1980s. I spent many an hour poking[1] around in the address spaces of Commodore, Tandy, Atari, Apple, and IBM PCs in the early '80s, and I'm sure many others here did too. I don't remember anyone I knew personally creating malware at quite such a young age, but I did have a thirteen-year-old friend whose hobby was hacking software for the Atari 800 to disable its copy-protection features.

I spent the summer of my eleventh year writing software for the Commodore PET with my father.[2] We were working primarily on a program to track book withdrawals for the school library, which owned said PET. It was a great introduction to software development: it was a project that the ostensible customer didn't want, performance was lousy (audio-cassette media), it was unreliable (did I mention cassette media?), it took a lot longer than expected, and we never really finished it anyway.

Good times.

[1] Heh.

[2] More precisely, the evenings of that summer. During the day we were residing the house in cedar shingles. Do kids still do that?

0
0
Bronze badge

And?

When I was 11, I wrote a thing in VB (I think it might even have been VB 1.0, I can't remember) which perfectly emulated a Windows 3.1 network login screen (I can't remember the underlying tech, but it was RM-branded and probably Netware-based), complete with working help file and everything.

You logged in as any old dummy account, ran that program, it went full-screen, it even intercepted things like trying to switch away or kill the program (this was pre-Ctrl-Alt-Del providing the logon screen), and it looked and worked pixel-for-pixel identical as a login screen. They you got your target to log in. It faked a password refusal. They would invariably try a couple of times and then move onto another computer. You come along and "log in" with your details and it would let you access ("Must have been typing your password wrong"), and in the user area would be left a nice plain-text list of usernames and passwords tried, which you could then go and try on the REAL login screen at your leisure.

Got admin access to the whole network that way, at least twice, and(because I'm nice) revealed how.

When I was 15, we got admin to the whole network in a way that was so obscure, I had to craft the defence against it for the school network manager, on an OS that had NO concept of security at all (it involved using Word macros to discover hidden drive shares, but it worked and was only about 200 lines of code).

Why is it surprising that 11-year-olds can do this? They *SHOULD* be able to do this already, rather than peeing about in Logo and Scratch. They shouldn't ACTUALLY do it, because of the legal issues involved, but they should be capable of at least worrying the network admin. And I'm a school network admin!

P.S. physics teachers shouldn't use words like "displacement" and make a password like "d15placemen7" from them. Hell, after that I guessed his next 3 passwords without even trying to write a program to do so. Teachers should also NEVER challenge a group of kids to "hack the network, because it'll be a learning experience and you'll find out that we're pretty locked down", especially not when there's a geeky-kid in the room.

20
1
Anonymous Coward

I just...

Used paint and took a screen print... ;)

1
0
Bronze badge
Thumb Up

me too

I did that too, with the DOS based NOVELL 3 login routine at college circa '92

Got a special "Written warning" certificate I'm very proud of.

Could've done it better, and never keep your source code in your home drive.

Got blamed for a lot of stuff that really wasnt me!

1
0

I recall the good old days of school computer security... Where the drives were just hidden to secure them, and creating a Shortcut to c: could get you access to them.

I don't think the IT teacher ever figured out I was using winpopup to troll the thickies, and was completely stumped as to how a group of us were playing network games of hearts in the lessons.

I was coding long before I was 11, good old Sinclair basic and computer magazines full of code listings and I learned all sorts from it. Even when I started on pcs it wasn't plain sailing. My first experience of dos was fiddling around with interrupt and dma settings in several vain attempts to try and get some sound in games. Nevermind the joys of EMS and XMS. Kids today have it far too easy to actually learn much from what they are doing.

But things are far too easy and reliable nowadays, nothing ever goes wrong so you don't get people delving into the internals to try and get things working, they may be able to do a lot more than we could, but it doesn't mean they actually know and understand what they are doing.

2
0
Silver badge
Coat

vb... geeky-kid...

Until you have at least one subroutine written in hex, (ok wuss, assembly if you must!) it doesn't count!

Now, gerroff my lawn, young'un!

Mine's the one that patched together from 8 bits of cloth with holes you can peek and poke through...

1
0
Bronze badge

The school only used VB, so I was spending my school time productively on the products they wished me to learn.

The week before, I'd written an x86 assembly CD-protection-removal "crack" for a game I'd bought. It involved Ralf Brown's Interrupt List and MS-DOS debug.

Geeky enough for you? It was just a waste to use those sorts of things in schools when a simple Word macro or VB interface was enough.

0
0
Anonymous Coward

"Learning"

Yes, when I was young I did lots of learning as well.

One thing I thought was pretty common sense though is what is illegal and what isn't.

I could have hacked a whole bunch of things; I might even have got away with it, but I knew it was wrong. Even when I was seven years old I knew the difference between right and wrong. I could have written malicious code then, and could probably make a pretty good virus today, but I choose not to because I understand the potential consequences and take responsibility for my actions.

Unauthorised access to a computer is illegal. Deception is illegal. It is obvious why we have laws against such things.

Sometimes, we may not agree entirely with the letter of the law but we all have to play by the rules. If you do something you know is ethically wrong and then get caught, you have absolutely no room to whine about it.

0
0
Bronze badge

Re: "Learning"

yeah well things were a lot greyer up till early 90's

The authorities were still busy hammering out laws they didnt understand and the spirit of adventure was in full bloom.

0
0
Anonymous Coward

No surprise.

I'm one of the authors of the new release of the ISECOM Hacker Highschool project, and from what I hear from those who have now taken this into classrooms, kids simply *are* that ahead. They grow up with this technology, so they don't have any barriers when it comes to trying things, and it's up to the older generations (like us, he says, reaching for his Zimmerframe with attached VT100) to guide that into more safer areas.

Switching it off won't work, it just means you lose the ability to guide them towards a safer MO and an understanding of the consequences.

1
0
Bronze badge
Thumb Up

Re: No surprise.

I downloaded that a few weeks ago after the notification in FD. Must get around to reading it sometime. I expect i might learn something.

Thanks for making it free.

The thumbs up is for you

1
0
Bronze badge

Re: No surprise.

Sigh. Another "digital natives" myth-bearer.

Look into the reliable studies. In general, the current generation is not significantly more technologically savvy in any useful way (eg in understanding how technology actually works, or in awareness of security risks associated with technology). Yes, there are exceptions; but there have been such exceptions for decades.

The only "barrier to trying things" was access, and that began to rise dramatically in the early 1980s. Since then the only changes have been quantitative.

0
0
Bronze badge

hacking?

During a 'C' coding course I took in the early nineties I wrote code that emulated the login prompt. The system was Xenix. My code would dump both the user name and password to a file and return "password incorrect" regardless of the password entered, and then run the real login prompt. It emulated the Xenix logon exactly. I managed to do this just a couple of weeks into the course, so I was hardly a wizard or a competent programmer.

I ran it on the terminal that the course tutor used... The silly man always logged in as root.

I didn't consider that hacking because it wasn't... Neither is this.

5
2
JDX
Gold badge

Re: hacking?

Well done, it only took you a few weeks of teaching to reach the level of an 11-yo.

2
6
Bronze badge

Re: hacking?

idiot. It took me a couple of weeks of LEARNING. I was the pupil.

Who pissed on your strawberries?

4
1
Anonymous Coward

Re: "didn't consider that hacking"

The thing is, the law doesn't care what an ignorant moron like you considers to be legal or illegal.

We have something called writing which allows the rules to be defined.

May I suggest therefore that you look up the Computer Misuse Act 1990 for a start. Those who are unfamiliar with the concept are also encouraged to read about deception in criminal law which I think you will find interesting.

http://en.wikipedia.org/wiki/Deception_%28criminal_law%29

http://en.wikipedia.org/wiki/Computer_misuse_act

0
0
FAIL

Hacking ?

Hardly.

Having seen the "app" in question it's little more than a C# variation of the "Hello World" intro code.

Adding in two text boxes and a drop-down and prettying up the interface, along with the submit button, is a long, long way from hacking.

It even requires the user to download and run the application.

It's social engineering, nothing more.

5
1
JDX
Gold badge

Re: Hacking ?

Social engineering is hacking. The best hack is the one that doesn't take much work.

2
3
Silver badge
Thumb Down

Re: Hacking ?

> Social engineering is hacking.

No. Social engineering is Social engineering.

0
0
Anonymous Coward

Re: Hacking ?

In the UK there is no offence called "hacking".

There are plenty of other offences though that one can fall foul of when straying into this area.

Whatever it was that he did, he was deliberately deceptive and knew that was wrong, whether he be 11 or 111 years old.

0
0

Hacking?

In the classic sense, yes. The kid hacked out some crappy code for a quick and dirty solution to a problem he was having regarding other people's accounts and his lack of access to their phat loot.

2
1
Silver badge
Pint

Kids

"kids are "digitally fluent far earlier than previous generations"".

Digitally or what ever, If this wasn't true we would have disappeared long ago.

Kids keep surprising me, and sometimes I wonder what goes wrong later. The disease of growing up and loose ones confidence, fear, religion, teachers or something.

1
1
Anonymous Coward

Re: "loose"

I think that by most measures I have 'grown up' but I like to think that I am still quite tight.

1
0
Silver badge

Bah!

"AVG Technologies said this isn't the first time a child-built nasty has wandered onto its radar, and said the age of the Canadian developer suggests that kids are "digitally fluent far earlier than previous generations"."

Well what do you expect when you give kids the Raspberry Pi and make them learn "real computing"?

Surface-mount madness. Satan on a PCB. Ban them now. Fought two wars. Threat to the Empire. Etc. More Etc.

4
1
Bronze badge
Thumb Down

Newsflash!

People are retards, and will always cheat/take the easy way for profit (even if it's just Rune gold).

Also, WTF is with the hardware/games comment pages? Defaulting to a "most votes" ranking seems kind of pointless for the Reg forums. Since a fair % of comments generate further response/follow-up, most of the top voted comments are left displayed with no context. Basically to find out what's up, you need to click through to the "all comments". This would be done anyway if you had any interest in the discussion. This, leaving the "most votes" section at best, a waste of electrons, and at worst an inconsistent eyesore.

8
1

Page:

This topic is closed for new posts.