91 comments

  • jonathanlydall 13 hours ago ago

    Remembering back, I certainly lacked a lot of critical reasoning which could have led me to do possibly equally stupid stuff like this had I the skill in my early teens. As I remember it, life felt more like a "game" in that you do whatever it lets you, without much consideration of whether people will be (potentially very) upset with what you've done. In person activities stood high risk of getting caught, but online it seems more like a computer game and the people on the other side of your actions feel more abstract.

    Many years back when I used to do CS for WoW, a colleague of mine liked to say that the only reason some kids shit-talk the way they do is because it's online and if they tried it in person they'd get punched in the face.

    These kids discovered that their actions have consequences to them in person and not just someone being upset with them remotely.

    As a parent now (but oldest is only 5), it's stories like this which make me determined remain aware of the kind of stuff my kids get up to and continually explain that actions have consequences, even if those consequences are seemingly as trivial as making someone else feel shit about themselves.

    I wonder if maybe 10 or so years from now, after these kids have actually reached decent emotional maturity, that they'll look back at their actions and think about how stupidly reckless and needlessly destructive they were, to both others and their own lives.

    • Kichererbsen 13 hours ago ago

      I have found that keeping dialog open from early age on helps a lot. If kids get into trouble when they do something they're not allowed to, they're going to learn to stop telling you stuff real quick. And hide their activities. If they learn that you'll stay calm and continually prove that you trust them to handle their stuff, they might end up telling you things you wouldn't expect. But then... you don't get to blow your lid. Ever.

      • Aeolun 12 hours ago ago

        You can absolutely blow your lid, you just have to apologize afterwards and admit that you were wrong. This is very hard for some adults to do to a 5 year old.

        • ilinx 12 hours ago ago

          I understand that some people have trouble apologizing to children, but could someone help me understand why? I’ve been a parent for almost a decade now, and I can’t count the number of important teaching and bonding moments that have started with me making a parenting mistake and apologizing for it. I rely on it pretty heavily to teach my kid about emotional regulation. It’s such an important opportunity to just throw away. Is it an ego thing? Do people struggle to see children as people? I promise those are good-faith questions. I know some people struggle more with that sort of thing, and that’s fine. We all have our strengths.

          • dmd 12 hours ago ago

            A huge number of people come from families or even entire cultures where Father Is Never Wrong.

            • anthony_d 11 hours ago ago

              I’ve never seen Mother having an easier time. People don’t like admitting when they’re wrong.

        • LoganDark 11 hours ago ago

          It really depends on what blowing your lid looks like. Regardless of whether you make up for it later, if you make yourself a reputation of it, others will learn to avoid the initial blow-up in the first place

    • Aurornis 13 hours ago ago

      From the arrival:

      > Jubair has 22 previous convictions related to hacking, fraud and harassment.

      There’s more to what was going on here and none of us is really qualified to diagnose the psychology behind it from the details. I hope they can find some peace later in life because they are obviously not lacking ambition or ability

      • harvey9 12 hours ago ago

        Lacking ability to cover their tracks.

      • red-iron-pine 7 hours ago ago

        wayyy to much ambition, not enough ability (to STFU and follow OpSec)

        getting in is often the easy part. getting out, undetected, with stuff that matters, is the hard part.

      • illliillll 12 hours ago ago

        It’s extremely easy for a kid to commit tens, or even hundreds of crimes in a matter of hours on the internet.

      • exe34 12 hours ago ago

        Or hire them into gchq on a short leash.

    • jfyi 13 hours ago ago

      10 years and they'll be mid way into their conference talk career. You know, that sweet spot where you can keep telling the same story over and over and still get attention for it. That makes me wonder what Frank Abagnale has been up to recently.

      • beng-nl 11 hours ago ago

        Say what you want about Frank abagnale.. but damn can he tell a compelling story.

      • bityard 12 hours ago ago

        Not sure if you're aware already and omitted it for brevity but maybe for others who might not already know: Abignale made up everything (or nearly everything) he claimed to have done in his book and in the movie. He was still taking advantage of people during this time, but the acts were far more mundane (and slimy) than his claims. He was a con man for sure, but not the "brilliant but misguided criminal gets redemption" that he portrays.

        • jfyi 11 hours ago ago

          Nope, I never heard that. It doesn't surprise me one bit though. I found his talks sort of robotic, and having caught a handful, very rote. I always thought he didn't have the demeanor of the person he claimed to be.

        • rolph 4 hours ago ago

          "Frank, if you go out that door the french are gonna kill you!"

        • irishcoffee 12 hours ago ago

          It isn't surprising though, him lying about his past. A con man is a con man, after all.

    • Aerroon 12 hours ago ago

      >Many years back when I used to do CS for WoW, a colleague of mine liked to say that the only reason some kids shit-talk the way they do is because it's online and if they tried it in person they'd get punched in the face.

      I've seen people have this opinion many times before and I don't get it. People talk shit in real life all the time and it's a much worse situation in real life because they might punch you in the face.

      This is why I don't mind online shit-talking, because it isn't going to escalate into a fight. In real life it might and imo the teens are more likely to escalate it especially if they are in a group.

      • LaGrange 12 hours ago ago

        Yeah, that too. Like, being old enough to get my start largely in internet cafes means I actually _had_ in-person interactions with the type of person we're talking about - and they were _not_ nicer.

        Being kinda big I might even stand a chance against one - unless they had a knife, which they probably IME did - but there was always at least 5 of the "lonely lost boys," at least one carrying a baseball bat everywhere.

    • folkrav 13 hours ago ago

      Behavior being different online than in real life is not limited to kids either. Nobody on Facebook is meaner than a 60-something year old lady with a wall full of cat pictures and minion memes. I genuinely doubt that half of them would hold the same discourse face to face.

      • pixl97 13 hours ago ago

        With the number of 'crazy karen' and 'crazy kyle' videos online, maybe over half of them would.

    • inigyou 13 hours ago ago

      Now I have the opposite feeling. I know that if I ever do something useful that people like, I'll go to jail for it. I don't know how startup founders do it, I guess they need legal backing from an incubator.

      • williamdclt 13 hours ago ago

        I don't understand what you mean, can you explain?

        • inigyou 13 hours ago ago

          Let's say I invented a genius way to use cryptography to send anonymous payments, I'd go to jail for doing that (Tornado Cash). Let's say I made a secure messenger, I'd go to jail for that (Telegram, EncroChat, SkyECC) or narrowly avoid jail (Session) or be forced to add a backdoor (Anom). Let's say I made an operating system that didn't spy on you, I'd be threatened with jail for that (GrapheneOS). And of course there are more things, for which there will be more consequences (mostly jail) but for things that haven't been done yet there are obviously no examples offhand.

          Basically everything that fits outside of existing patterns is illegal one way or another. Only people who are naïve to these consequences will ever be motivated to make these things.

          • pibaker 8 hours ago ago

            Telegram and Session are never secure by any means. Honestly I'd consider both of them to be intelligence and law enforcement honeypots given how aggressively they marketed themselves as the "secure" option and how little they actually deliver.

            I would trust WhatsApp before I trust telegram.

          • filoleg 12 hours ago ago

            > Let's say I invented a genius way to use cryptography to send anonymous payments, I'd go to jail for doing that (Tornado Cash)

            This is just a disingenuous take.

            Tornado Cash founder didn't get criminally convicted for "a genius way go use cryptography to send anonymous payments." He got convicted for operating a money-laundering service.

            The fact that his service utilized "a genius way to use cryptography to send anonymous payments" is entirely orthogonal to the actual crime he got in trouble for. He would have gotten convicted just the same regardless of the cryptography usage, because the actual crime here was operating a money-laundering service.

            • inigyou 12 hours ago ago

              Yeah, like I said, a genius way to use cryptography to send anonymous payments. The cops call that money laundering. That isn't an orthogonal crime, it's a different name for the exact same thing.

              • filoleg 11 hours ago ago

                Sure, and "manufacturing novel types of explosive devices, with evidence of them having been used in destructive acts of terror" is just a different name used by cops for "innovative applied chemistry". The criminal law must be truly just hating on the innovators in sciences.

                • inigyou 11 hours ago ago

                  What you said is actually a name for "innovative applied chemistry, and then blowing up parliament with it". If I invented a new type of explosive and didn't blow up parliament, but the cops somehow found out, I'd go to jail.

                  Edit: correction, you didn't even say I was the one who blew things up. You just said someone blew up things with my new explosives. Which is exactly what I'm talking about. If guns weren't already old technology, the government would hold Mr Smith & Mr Wesson accountable for every gun death.

          • xpct 12 hours ago ago

            Please don't frame these as technological crimes, nobody has yet been prosecuted for that specifically.

            • inigyou 11 hours ago ago

              What do you think the Tornado Cash people were prosecuted for if not offering technology?

              • red-iron-pine 7 hours ago ago

                they were money laundering for the N Koreans not just "offering technology"

      • cindyllm 13 hours ago ago

        [dead]

    • 1970-01-01 12 hours ago ago

      >Many years back when I used to do CS for WoW, a colleague of mine liked to say that the only reason some kids shit-talk the way they do is because it's online and if they tried it in person they'd get punched in the face.

      This is the #1 reason bots exist. We can't just punch them down anymore, we're flagged as bad people.

    • grim_io 13 hours ago ago

      With their skills and nowhere to go, they will be doing this for the government.

      • grubbs 13 hours ago ago

        I think this was true in the 90s and 2000s. When not everyone was a script kiddie. But why hire someone that literally didn't write their own exploit? Sounds like the most advanced thing they did was just social engineering and dumping a DB.

        • jfyi 13 hours ago ago

          You remember a way different 90's than I do.

          It was just simpler back then. There was no aslr, no hardware level protection from execution, traffic was all plaintext, switches didn't exist, or maybe they did but just nobody used them and everything on every network was just one giant collision domain, developers by and large didn't even think about securing software outside of DRM, and absolutely nobody understood the basic premise that someone on the phone may be lying to your business to get access to things they want.

          The skillset that made you a 1337 h4x0r in the 90's makes you a mediocre sysadmin these days.

          • red-iron-pine 7 hours ago ago

            disagree. back then you were an autodydact.

            i can get on YT or some AI and find how to do virtually all of the stuff you mentioned, but back then you had to roll your own and figure it out yourself

            but i am generally in alignment with the idea that they're not getting gub'mnt jobs now. 1) how could you trust them? and 2) there is a global glut of talent, including laid-off FAANG / big-org talent that you could scoop up.

            why take a risk with an idiot who can't keep his ego in check long enough to maintain OpSec when you can hire a senior security engineer just laid off from Oracle with an MIT pedigree? 30 years ago the 133t haxor types were rare, but now they're churning out cybersecurity grads to the point of oversaturation.

      • swarnie 13 hours ago ago

        I doubt it, these kids are never getting clearance.

        I expect to find them at an MSP with a firm equal opportunities policy.

    • thejokeisonme 13 hours ago ago

      You used to do computer science for world of warcraft?! Sounds cool!

      • jareklupinski 13 hours ago ago

        no they did Content Sharing for Weekend on Wednesdays

      • inigyou 11 hours ago ago

        Customer support

      • cucumber3732842 12 hours ago ago

        He admin'd their Counter Strike server.

    • stavros 13 hours ago ago

      I don't know, I was reading the article and went "well, good for them, if they could get into the system, fair play". Then I saw the part where they stole tons of data and inconvenienced people, and I can't support that.

      If you hack into a system and leave a note "I got into your system, I win", more power to you. If you do damage, go to prison.

    • LaGrange 12 hours ago ago

      > As a parent now (but oldest is only 5), it's stories like this which make me determined remain aware of the kind of stuff my kids get up to and continually explain that actions have consequences, even if those consequences are seemingly as trivial as making someone else feel shit about themselves.

      Weird, somehow without significant parental surveillance or explicit explanation I somehow managed to _not_ do much of the awful stuff my acquaintances with much more engaged parents did.

      Must have been my autism, I guess.

    • exe34 12 hours ago ago

      I wish they would have turned to Russia or Belarus to do this, it would have been a lot safer for them.

  • kayo_20211030 13 hours ago ago

    When I see this it makes me depressed.

    > gained access to the data by tricking a phone help desk worker.

    The whole edifice was built on a helpful, possibly overworked and possibly harassed help desk worker? The end result is that two kids end up in jail. It could have been so different, and better. What they did was wrong for sure, and has real-world consequences for those whose information was leaked. But, when I look at the contingencies that led to the outcome, it really does depress me.

    "all for the want of a nail"

    • Aeolun 12 hours ago ago

      Like, at some point we have to start considering teens natural disasters, and put it on the company to prevent something as banal as a password reset that can be requested on a phone from compromising their _entire_ fucking system. These kids aren’t most at fault here.

  • d-lowl 13 hours ago ago

    >Jubair and Flowers who both have autism, gained access to the data by tricking a phone help desk worker.

    What does this have to do with anything in this article.

    • Aurornis 13 hours ago ago

      The article is reporting on what was discussed in court: Autism, suicidal tendencies, living with grandparents. These were all probably brought up as elements of the story meant to influence the verdict.

      Take it up with lawyers.

      • Der_Einzige 13 hours ago ago

        The chris chan special.

        • red-iron-pine 7 hours ago ago

          yeah but these guys actually had friends and accomplished stuff.

          they're terrible at OpSec, sure, but they were part of a gang and cracked systems

    • amiga386 12 hours ago ago

      It's a magical superpower.

      It kept https://en.wikipedia.org/wiki/Gary_McKinnon from being extradicted to the USA. Apparently the courts don't accept "your opsec is shit and I got in with default passwords", but they do accept "I have autism"

      Let's try it in action:

      - "Mr Wallace, we have several credible reports that you harrassed TV production staff by going around with no underpants on, and finding excuses to take your trousers down. What do you say to that?"

      - "Did I mention I have autism?"

      ( https://www.bbc.co.uk/news/articles/cx24lxl85wyo )

    • masfuerte 13 hours ago ago

      Schrodinger's hackers. They are simultaneously autistic and skilled at social engineering.

      • d-us-vb 12 hours ago ago

        Autistic people are unusually good at studying patterns objectively. While each individual person is... an individual, studying a sample from a population yields patterns, and thus the justification for the "social sciences". While autistic people may struggle with in person communication and upholding norms of human interaction, they do not generally struggle with understanding game theory, motives, and other aspects of rational decision making. So they can indeed make brilliant (and ruthless) social engineers if only when hiding behind a computer keyboard.

        • watwut 12 hours ago ago

          That is not autism, that is sociopathy. Autism does not turn on and off when you can gain something from it.

          In your telling, autism is an excuse when they abuse others, because they cant help themselves. But, when it is for their benefit, the same person actually displays higher social skills.

          • billygatesgruff 12 hours ago ago

            Lol, U should meet my upstairs neighbour, his coping mechanisms are curiously similar to ways of slyly molesting and aggravating other people. He's spent seven years obsessing stalking and trying to harm me psychologically, now he's trapped in a hole he can't get out of... Because he didn't like me ignoring him. I ignore him because he is absurdely vain and likes being distasteful and offputting. I'm sorry, if they don't teach kids coping mechanisms, they are doing this to them. The BBC where mentioned here as spreading FUD about artists, I did a search to find one of the many supportive and educational stories I have seen on their website - the first result is for paid Autism tests for children. It is a profitable diagnosis. It triggers a non behavioural approach that leaves adults disabled for life.

          • d-us-vb 11 hours ago ago

            I didn't say it wasn't sociopathy; it most certainly was. Autism and sociopathy are not mutually exclusive. And as they were executing their plan, I do not see any point where their "autism was turned off".

            Autistic people can be highly sociable by explicitly learning social skills. They can also learn social skills in order to manipulate others, as is the case here.

            Lastly, explaining how a medical condition whose stereotypes seem to make others think those with it would not be capable of committing a crime were in fact capable of committing that crime in no ways is the same as excusing the crime.

          • inigyou 11 hours ago ago

            They're not excusing the sociopathic element. They're explaining the apparent discrepancy between the fact that autistic people are bad at socializing and the fact that some autistic people are good at social engineering.

            • mrguyorama 10 hours ago ago

              There's no discrepancy because "social engineering" isn't "Being good at social things"

              Social engineering is just conman pressure tactics or hard sales tactics. It's so simple you can train your average stay at home mom or "hustle culture" bro to do it for Amway or similar in an afternoon.

              It requires zero social skills. You aren't "Charming" the tech support, you are just badgering them and waiting until they do the normal human thing of trying to be helpful.

      • illliillll 12 hours ago ago

        Why assume they’re skilled at social engineering? The victims tend to be trusting and helpful, they’ll just do what you ask because they want to help.

        • d-us-vb 11 hours ago ago

          I'm not assuming anything. I'm explaining that they can be, because the original comment made it sound like autistic people can't understand social behavior at any level.

    • voidUpdate 13 hours ago ago

      Autism always makes your kids into sociopathic hackers, as we all know. They are also always top of their class in maths and bad at interacting with people

      /s

      • rapidaneurism 13 hours ago ago

        Unless it is to trick them into resetting a password over the phone that is

    • inigyou 13 hours ago ago

      Helps spread memes the BBC wants you to believe. Namely, autistic people bad. See, this is why I think the BBC needs to go.

      • Steve16384 13 hours ago ago

        Why on earth would the BBC want or care for people to believe that? Are they in the pay of the anti-autism league? We're through the looking glass people!

        • billygatesgruff 12 hours ago ago

          I advise people to start looking into the case of the traitor and double agent Chris Packham

        • inigyou 13 hours ago ago

          I don't know but they've been spreading this kind of thing for a while. See also how they report on the middle east.

          • GJim 12 hours ago ago

            [flagged]

  • erelong 12 hours ago ago

    do you think there is a way to divert kids like this into some kind of useful programming / IT direction and if so what do you think would be the best way to handle this

    (like a group that takes black hat hackers to white hat hacker projects?)

    kids with like anti-social or aggressive tendencies plus maybe some tech "skillz"

    • kortilla 12 hours ago ago

      Like putting kids that get into fights into the military.

      • red-iron-pine 6 hours ago ago

        the military generally doesn't want those guys. maybe minor incidents but you don't want some idiot with impulse control issues handling a 240B machine gun.

        a little belligerent, sure, and sometimes judges will push da yout with minor court issues into the service, but the army ain't recruiting murders and serious gangbangers, and for good reason

  • VladVladikoff 13 hours ago ago

    I don’t really have 16 hours to burn watching a live stream recording, but I kinda want to watch it for the lolz.

  • smallnix 13 hours ago ago

    > The court heard the single child was given his first laptop at the age of 10 by his parents - carers who moved to London from Bangladesh.

    Ah.. I hate when stereotypes play out like this. It's always those single children.

  • throwaway888666 11 hours ago ago

    Britain got talent I guess.

    They are teenagers. They don't belong in prison, they belong in an any cybercrime agency.

    • willy_k 10 hours ago ago

      Idk about Britain, but in the US that’s exactly where they’d end up after serving their sentence.

  • smith-kyle 12 hours ago ago

    Sad that they're being sentenced based on the impact of the response by TfL's IT team

    • victorbjorklund 12 hours ago ago

      I mean you can’t put a building on fire and say you should not be sentenced for the whole building burning down because the impact of the response by the fire department (if they had been faster/better the fire would not caused so bad damages)

      • inigyou 11 hours ago ago

        Actually if only half the building burns down you aren't supposed to be sentenced as if the whole building burned down. Even if the whole building would have burned down if the fire department didn't show up.

      • cucumber3732842 12 hours ago ago

        The building owner has a degree of duty to mitigate loss. They can't go around opening doors and windows after the fire is started but before the fire department gets there and be all "whoops not my fault blame it on the guy who started the fire" regardless of how the fire started.

        • roryirvine 12 hours ago ago

          The duty to mitigate loss is a concept in contract law, and its main use is in calculating damages (ie. you can't claim damages for a loss that you ought to have mitigated)

          It would definitely come into play if TfL were suing Jubair & Flowers, but it's not really relevant in a criminal situation like this.

          • cucumber3732842 5 hours ago ago

            I should have avoided those specific works because of the nitpickers.

            In any case you can't go out of your way to make the situation worse with a sort of sly understanding that because you're the victim the other person will wind up on the hook for it. They may wind up on the hook for it if you are a huge and exceptionally well connected entity and the other side is a nobody, but that's not how the system is supposed to work and it's not how it does work when the parties are on equal legal footing.

        • inigyou 10 hours ago ago

          In that case it would be criminal insurance fraud, right?

    • dofm 12 hours ago ago

      But that's part of the thing, isn't it?

      You don't get to argue that your crime wouldn't have been so bad if your victims weren't incompetent.

  • cedws 10 hours ago ago

    And what about the criminals who left these systems exposed?

  • antihero 12 hours ago ago

    Ah so a little more serious than gang rape, I guess. https://www.bbc.com/news/live/cd0m38xndp3t

  • parisisles 12 hours ago ago

    (the french laundry)

  • Retr0id 13 hours ago ago

    > Woolwich Crown Court heard both men [...] spent most of their time online unsupervised.

    Such an infantilising and surveillance-normalizing slant. Why is it worthy of mention that an adult spent time unsupervised? (Sure, one of them was 17 at the time, but that didn't stop them from waiting until he was 18 to charge him)