back to article Brit founder of Windows leaks website BuildFeed, infosec bod spared jail over Microsoft hack

The Brit who ran the BuildFeed website of Windows leaks has been handed a suspended prison sentence – along with a former Malwarebytes bod who hacked into Microsoft's internal OS development networks. Thomas Hounsell, 26, of Station Road, Sleaford, Lincolnshire, and former Malwarebytes researcher Zammis Clark, 24, of Agar …

  1. robidy

    Seems a balanced and reasonable judge handing down a balanced and reasonable sentance.

    Here's hoping both put their skills to better use in the growing UK Cyber sector going forward.

  2. The Nazz

    First time ...

    i've seen the Victim Surcharge described as a Tax. But that's what it is.

    The mind boggles as to what Microsoft will do with their £255.

    1. Doctor Syntax Silver badge

      Re: First time ...

      The name implies it goes into some sort of fund to compensate victims of crime but it's probably best not to look too closely.

      1. John Brown (no body) Silver badge

        Re: First time ...

        AFAIK it tops up the fund used in victim compensation claims. I have no reason to believe it's not used in that way.

        1. DavCrav Silver badge

          Re: First time ...

          "AFAIK it tops up the fund used in victim compensation claims. I have no reason to believe it's not used in that way."

          I believe it does, but it is a tax, since it is levied on people caught breaking the law where there are no victims, e.g., drugs and motoring offences.

          1. JimmyPage
            Stop

            Re: people caught breaking the law where there are no victims,

            When Monty Python joked about "society" being a victim, they weren't.

            English common law views "society" as a person - so it can be a victim.

            Personally I think that's a load of cobblers as it's just a fig leaf for fascism and a gateway for arbitrary laws - which the UK has plenty of anyway.

    2. katrinab Silver badge

      Re: First time ...

      It funds the criminal injuries compensation board. I don't think Microsoft will get any money from them.

  3. This post has been deleted by a moderator

  4. Starace
    Facepalm

    Takes a special kind of stupid...

    ...to carry on hacking high profile targets like Nintendo while on bail for hacking.

    And extra special points for getting caught at it having not learned to avoid whatever got you ID'd before. That's just sloppy.

  5. Nick Kew

    Did I miss something?

    Were these two working together? Or is this just two separate cases of mid-level hacking lumped together in a single story?

    It seems to me to need some speculative "one of them dug for dirt, the other published it" interpretation to link them.

    1. John Brown (no body) Silver badge

      Re: Did I miss something?

      From the artcle, The Verge added that Hounsell used Clark's illicit access inside Microsoft "to conduct more than 1,000 searches for products, codenames, and build numbers over a 17-day period". so, yes, they were in contact with each other.

  6. Chad Steele

    The two should be serving 15 to 20 in hard time prison. Pandering to the feral never turns out well. Just ask France.

    1. GrapeBunch

      I'm surprised you did not suggest a harsher penalty. Then you'd be a Hanging Chad.

    2. Intractable Potsherd Silver badge

      "The two should be serving 15 to 20 in hard time prison."

      Why??? There is no particular harm done. Are you another one of those people who think that simply breaking a law should bring down the maximum sentence? If so, you are wrong - context matters.

      "Pandering to the feral never turns out well. Just ask France."

      Is that some thinly veiled reference to it being unwise to give Muslims human rights? If so, you know that you are not a nice person, don't you?

    3. macjules Silver badge

      Fortunately, this isn't the United States of America where I am sure such a heinous act would have merited 20 years hard labour. Do not forget that for 5 years neither of these 2 will be able to work in many IT companies as they now have a Disclosure Scotland entry - that will be plenty enough of a penalty.

    4. Anonymous Coward
      Anonymous Coward

      Chad, you are being feral.

      Oh the irony..

    5. HieronymusBloggs

      Hard time

      "The two should be serving 15 to 20 in hard time prison."

      Absolutely. It's not like they did something trivial, like shooting up a school. </sarcasm>

  7. DrXym Silver badge

    Hacking Microsoft....

    ... seems like a really great idea. No downsides or repercussions from doing that.

    1. Spanners Silver badge
      Big Brother

      Re: Hacking Microsoft....

      Committing crimes upon criminals is still a criminal act.

      MS may be a famous recidivist, have criminal contemporaries* and do work for other criminal groups** but doing bad things to them is still illegal.

      *Apple and Oracle for example

      ** NSA, CIA and so on

      1. ds6 Bronze badge

        Re: Hacking Microsoft....

        And what a crazy world we live in, where even criminals are protected by the same laws they break.

        Had to look up the definition of "recidivist" and I have to say, I quite like it. It's mine now.

  8. Anonymous Coward
    Anonymous Coward

    Another dodgy security company

    full of hackers, crackers and virus writers,...

    next up: MalwareTech.....

  9. Aodhhan

    Interesting

    They have a good enough coding and reasoning skills to find malware, but not enough to understand how VPN applications are coded.

    Obviously Microsoft uses VPN software (web based or client app) allowing employees to connect remotely.

    VPN software pretty much searches to ensure your computer is safe, has AV software, etc. Gathers IP address history, among other basic info from registry.

    If you're unwilling to install the VPN application, along with any other required applications then you're not allowed to connect.

    Then if a connecting computer is suspect, it isn't difficult for the company and/or law enforcement to add other code/apps to get nearly anything from an intruder's computer--particularly if this person is using an account with elevated privileges--which most likely they will be.

    A good thing to know; if you're going to work remotely--use a company laptop instead of your personal home computer.

    1. ds6 Bronze badge

      Re: Interesting

      VPN software pretty much searches to ensure your computer is safe, has AV software, etc. Gathers IP address history, among other basic info from registry.

      No.

      If you're unwilling to install the VPN application, along with any other required applications then you're not allowed to connect.

      Nope.

      Then if a connecting computer is suspect, it isn't difficult for the company and/or law enforcement to add other code/apps to get nearly anything from an intruder's computer--particularly if this person is using an account with elevated privileges--which most likely they will be.

      Nuh-uh.

      I don't think you've ever used a VPN in your life, mate. The name gives it away: Virtual Private Networks only allow you to tunnel your connection through a secure channel to appear like you're part of another LAN (Local Area Network, i.e. sharing a subnet behind a local device like a router). If you've ever used Hamachi to play local LAN multiplayer it's the same concept: it tunnels a client WAN (Wide Area Network) IP to make it appear to the host system that the IP is part of a local network, allowing for LAN-only games/applications to see and use the connection. It can also be used to get past firewalls that would prevent plaing Internet-connected games with others, which is one of the primary reasons so many kids use it.

      VPN software in no way is required to do any of what you mentioned; basic VPN software only facilitates IP tunneling. Some corporate applications like Cisco AnyConnect may support the functionality to allow the host server to enforce specific policies—eg., to deny connections to systems not joined to an Active Directory domain, or to run shell commands on the client—but it is not required to set it up like that. You will find most VPN software either does not have such functionality, or allows the user to disable it, see: OpenVPN. Anyway, even if these requirements were necessary in this specific instance to allow the dude to connect to Microsoft servers, it is more likely he simply logged into a web-based interface and scraped data from the site. Even if he did have to use some kind of aggressive, system-controlling VPN to connect, there are trivial ways to avoid the reprocussions, like running it in a virtual machine or sandbox. Or just not allowing any system changes and faking out the host server to think you're compliant when you really aren't, but that's a little harder to pull off.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021