67 pointsby neversaydie7 hours ago12 comments
  • jonathanlydall5 hours ago
    Remembering back, I certainly lacked a lot of critical reasoning which could have led me to do possibly equally stupid stuff like this had I the skill in my early teens. As I remember it, life felt more like a "game" in that you do whatever it lets you, without much consideration of whether people will be (potentially very) upset with what you've done. In person activities stood high risk of getting caught, but online it seems more like a computer game and the people on the other side of your actions feel more abstract.

    Many years back when I used to do CS for WoW, a colleague of mine liked to say that the only reason some kids shit-talk the way they do is because it's online and if they tried it in person they'd get punched in the face.

    These kids discovered that their actions have consequences to them in person and not just someone being upset with them remotely.

    As a parent now (but oldest is only 5), it's stories like this which make me determined remain aware of the kind of stuff my kids get up to and continually explain that actions have consequences, even if those consequences are seemingly as trivial as making someone else feel shit about themselves.

    I wonder if maybe 10 or so years from now, after these kids have actually reached decent emotional maturity, that they'll look back at their actions and think about how stupidly reckless and needlessly destructive they were, to both others and their own lives.

    • Kichererbsen5 hours ago
      I have found that keeping dialog open from early age on helps a lot. If kids get into trouble when they do something they're not allowed to, they're going to learn to stop telling you stuff real quick. And hide their activities. If they learn that you'll stay calm and continually prove that you trust them to handle their stuff, they might end up telling you things you wouldn't expect. But then... you don't get to blow your lid. Ever.
      • Aeolun4 hours ago
        You can absolutely blow your lid, you just have to apologize afterwards and admit that you were wrong. This is very hard for some adults to do to a 5 year old.
        • ilinx3 hours ago
          I understand that some people have trouble apologizing to children, but could someone help me understand why? I’ve been a parent for almost a decade now, and I can’t count the number of important teaching and bonding moments that have started with me making a parenting mistake and apologizing for it. I rely on it pretty heavily to teach my kid about emotional regulation. It’s such an important opportunity to just throw away. Is it an ego thing? Do people struggle to see children as people? I promise those are good-faith questions. I know some people struggle more with that sort of thing, and that’s fine. We all have our strengths.
          • dmd3 hours ago
            A huge number of people come from families or even entire cultures where Father Is Never Wrong.
            • anthony_d3 hours ago
              I’ve never seen Mother having an easier time. People don’t like admitting when they’re wrong.
        • LoganDark3 hours ago
          It really depends on what blowing your lid looks like. Regardless of whether you make up for it later, if you make yourself a reputation of it, others will learn to avoid the initial blow-up in the first place
    • Aurornis5 hours ago
      From the arrival:

      > Jubair has 22 previous convictions related to hacking, fraud and harassment.

      There’s more to what was going on here and none of us is really qualified to diagnose the psychology behind it from the details. I hope they can find some peace later in life because they are obviously not lacking ambition or ability

      • harvey94 hours ago
        Lacking ability to cover their tracks.
      • illliillll4 hours ago
        It’s extremely easy for a kid to commit tens, or even hundreds of crimes in a matter of hours on the internet.
      • exe344 hours ago
        Or hire them into gchq on a short leash.
    • Aerroon3 hours ago
      >Many years back when I used to do CS for WoW, a colleague of mine liked to say that the only reason some kids shit-talk the way they do is because it's online and if they tried it in person they'd get punched in the face.

      I've seen people have this opinion many times before and I don't get it. People talk shit in real life all the time and it's a much worse situation in real life because they might punch you in the face.

      This is why I don't mind online shit-talking, because it isn't going to escalate into a fight. In real life it might and imo the teens are more likely to escalate it especially if they are in a group.

      • LaGrange3 hours ago
        Yeah, that too. Like, being old enough to get my start largely in internet cafes means I actually _had_ in-person interactions with the type of person we're talking about - and they were _not_ nicer.

        Being kinda big I might even stand a chance against one - unless they had a knife, which they probably IME did - but there was always at least 5 of the "lonely lost boys," at least one carrying a baseball bat everywhere.

    • folkrav5 hours ago
      Behavior being different online than in real life is not limited to kids either. Nobody on Facebook is meaner than a 60-something year old lady with a wall full of cat pictures and minion memes. I genuinely doubt that half of them would hold the same discourse face to face.
      • pixl974 hours ago
        With the number of 'crazy karen' and 'crazy kyle' videos online, maybe over half of them would.
    • jfyi5 hours ago
      10 years and they'll be mid way into their conference talk career. You know, that sweet spot where you can keep telling the same story over and over and still get attention for it. That makes me wonder what Frank Abagnale has been up to recently.
      • beng-nl2 hours ago
        Say what you want about Frank abagnale.. but damn can he tell a compelling story.
      • bityard4 hours ago
        Not sure if you're aware already and omitted it for brevity but maybe for others who might not already know: Abignale made up everything (or nearly everything) he claimed to have done in his book and in the movie. He was still taking advantage of people during this time, but the acts were far more mundane (and slimy) than his claims. He was a con man for sure, but not the "brilliant but misguided criminal gets redemption" that he portrays.
        • jfyi3 hours ago
          Nope, I never heard that. It doesn't surprise me one bit though. I found his talks sort of robotic, and having caught a handful, very rote. I always thought he didn't have the demeanor of the person he claimed to be.
        • irishcoffee3 hours ago
          It isn't surprising though, him lying about his past. A con man is a con man, after all.
    • inigyou5 hours ago
      Now I have the opposite feeling. I know that if I ever do something useful that people like, I'll go to jail for it. I don't know how startup founders do it, I guess they need legal backing from an incubator.
      • williamdclt5 hours ago
        I don't understand what you mean, can you explain?
        • inigyou4 hours ago
          Let's say I invented a genius way to use cryptography to send anonymous payments, I'd go to jail for doing that (Tornado Cash). Let's say I made a secure messenger, I'd go to jail for that (Telegram, EncroChat, SkyECC) or narrowly avoid jail (Session) or be forced to add a backdoor (Anom). Let's say I made an operating system that didn't spy on you, I'd be threatened with jail for that (GrapheneOS). And of course there are more things, for which there will be more consequences (mostly jail) but for things that haven't been done yet there are obviously no examples offhand.

          Basically everything that fits outside of existing patterns is illegal one way or another. Only people who are naïve to these consequences will ever be motivated to make these things.

          • pibaker3 minutes ago
            Telegram and Session are never secure by any means. Honestly I'd consider both of them to be intelligence and law enforcement honeypots given how aggressively they marketed themselves as the "secure" option and how little they actually deliver.

            I would trust WhatsApp before I trust telegram.

          • xpct3 hours ago
            Please don't frame these as technological crimes, nobody has yet been prosecuted for that specifically.
            • inigyou3 hours ago
              What do you think the Tornado Cash people were prosecuted for if not offering technology?
          • filoleg4 hours ago
            > Let's say I invented a genius way to use cryptography to send anonymous payments, I'd go to jail for doing that (Tornado Cash)

            This is just a disingenuous take.

            Tornado Cash founder didn't get criminally convicted for "a genius way go use cryptography to send anonymous payments." He got convicted for operating a money-laundering service.

            The fact that his service utilized "a genius way to use cryptography to send anonymous payments" is entirely orthogonal to the actual crime he got in trouble for. He would have gotten convicted just the same regardless of the cryptography usage, because the actual crime here was operating a money-laundering service.

            • inigyou3 hours ago
              Yeah, like I said, a genius way to use cryptography to send anonymous payments. The cops call that money laundering. That isn't an orthogonal crime, it's a different name for the exact same thing.
              • filoleg2 hours ago
                Sure, and "manufacturing novel types of explosive devices, with evidence of them having been used in destructive acts of terror" is just a different name used by cops for "innovative applied chemistry". The criminal law must be truly just hating on the innovators in sciences.
                • inigyou2 hours ago
                  What you said is actually a name for "innovative applied chemistry, and then blowing up parliament with it". If I invented a new type of explosive and didn't blow up parliament, but the cops somehow found out, I'd go to jail.

                  Edit: correction, you didn't even say I was the one who blew things up. You just said someone blew up things with my new explosives. Which is exactly what I'm talking about. If guns weren't already old technology, the government would hold Mr Smith & Mr Wesson accountable for every gun death.

      • cindyllm5 hours ago
        [dead]
    • 1970-01-014 hours ago
      >Many years back when I used to do CS for WoW, a colleague of mine liked to say that the only reason some kids shit-talk the way they do is because it's online and if they tried it in person they'd get punched in the face.

      This is the #1 reason bots exist. We can't just punch them down anymore, we're flagged as bad people.

    • thejokeisonme4 hours ago
      You used to do computer science for world of warcraft?! Sounds cool!
      • jareklupinski4 hours ago
        no they did Content Sharing for Weekend on Wednesdays
      • inigyou2 hours ago
        Customer support
      • cucumber37328424 hours ago
        He admin'd their Counter Strike server.
    • grim_io5 hours ago
      With their skills and nowhere to go, they will be doing this for the government.
      • grubbs5 hours ago
        I think this was true in the 90s and 2000s. When not everyone was a script kiddie. But why hire someone that literally didn't write their own exploit? Sounds like the most advanced thing they did was just social engineering and dumping a DB.
        • jfyi4 hours ago
          You remember a way different 90's than I do.

          It was just simpler back then. There was no aslr, no hardware level protection from execution, traffic was all plaintext, switches didn't exist, or maybe they did but just nobody used them and everything on every network was just one giant collision domain, developers by and large didn't even think about securing software outside of DRM, and absolutely nobody understood the basic premise that someone on the phone may be lying to your business to get access to things they want.

          The skillset that made you a 1337 h4x0r in the 90's makes you a mediocre sysadmin these days.

      • swarnie4 hours ago
        I doubt it, these kids are never getting clearance.

        I expect to find them at an MSP with a firm equal opportunities policy.

    • stavros4 hours ago
      I don't know, I was reading the article and went "well, good for them, if they could get into the system, fair play". Then I saw the part where they stole tons of data and inconvenienced people, and I can't support that.

      If you hack into a system and leave a note "I got into your system, I win", more power to you. If you do damage, go to prison.

    • LaGrange3 hours ago
      > As a parent now (but oldest is only 5), it's stories like this which make me determined remain aware of the kind of stuff my kids get up to and continually explain that actions have consequences, even if those consequences are seemingly as trivial as making someone else feel shit about themselves.

      Weird, somehow without significant parental surveillance or explicit explanation I somehow managed to _not_ do much of the awful stuff my acquaintances with much more engaged parents did.

      Must have been my autism, I guess.

    • exe344 hours ago
      I wish they would have turned to Russia or Belarus to do this, it would have been a lot safer for them.
  • kayo_202110305 hours ago
    When I see this it makes me depressed.

    > gained access to the data by tricking a phone help desk worker.

    The whole edifice was built on a helpful, possibly overworked and possibly harassed help desk worker? The end result is that two kids end up in jail. It could have been so different, and better. What they did was wrong for sure, and has real-world consequences for those whose information was leaked. But, when I look at the contingencies that led to the outcome, it really does depress me.

    "all for the want of a nail"

    • Aeolun4 hours ago
      Like, at some point we have to start considering teens natural disasters, and put it on the company to prevent something as banal as a password reset that can be requested on a phone from compromising their _entire_ fucking system. These kids aren’t most at fault here.
  • d-lowl5 hours ago
    >Jubair and Flowers who both have autism, gained access to the data by tricking a phone help desk worker.

    What does this have to do with anything in this article.

    • Aurornis5 hours ago
      The article is reporting on what was discussed in court: Autism, suicidal tendencies, living with grandparents. These were all probably brought up as elements of the story meant to influence the verdict.

      Take it up with lawyers.

    • amiga3864 hours ago
      It's a magical superpower.

      It kept https://en.wikipedia.org/wiki/Gary_McKinnon from being extradicted to the USA. Apparently the courts don't accept "your opsec is shit and I got in with default passwords", but they do accept "I have autism"

      Let's try it in action:

      - "Mr Wallace, we have several credible reports that you harrassed TV production staff by going around with no underpants on, and finding excuses to take your trousers down. What do you say to that?"

      - "Did I mention I have autism?"

      ( https://www.bbc.co.uk/news/articles/cx24lxl85wyo )

    • masfuerte5 hours ago
      Schrodinger's hackers. They are simultaneously autistic and skilled at social engineering.
      • d-us-vb4 hours ago
        Autistic people are unusually good at studying patterns objectively. While each individual person is... an individual, studying a sample from a population yields patterns, and thus the justification for the "social sciences". While autistic people may struggle with in person communication and upholding norms of human interaction, they do not generally struggle with understanding game theory, motives, and other aspects of rational decision making. So they can indeed make brilliant (and ruthless) social engineers if only when hiding behind a computer keyboard.
        • watwut4 hours ago
          That is not autism, that is sociopathy. Autism does not turn on and off when you can gain something from it.

          In your telling, autism is an excuse when they abuse others, because they cant help themselves. But, when it is for their benefit, the same person actually displays higher social skills.

          • billygatesgruff3 hours ago
            Lol, U should meet my upstairs neighbour, his coping mechanisms are curiously similar to ways of slyly molesting and aggravating other people. He's spent seven years obsessing stalking and trying to harm me psychologically, now he's trapped in a hole he can't get out of... Because he didn't like me ignoring him. I ignore him because he is absurdely vain and likes being distasteful and offputting. I'm sorry, if they don't teach kids coping mechanisms, they are doing this to them. The BBC where mentioned here as spreading FUD about artists, I did a search to find one of the many supportive and educational stories I have seen on their website - the first result is for paid Autism tests for children. It is a profitable diagnosis. It triggers a non behavioural approach that leaves adults disabled for life.
          • d-us-vb3 hours ago
            I didn't say it wasn't sociopathy; it most certainly was. Autism and sociopathy are not mutually exclusive. And as they were executing their plan, I do not see any point where their "autism was turned off".

            Autistic people can be highly sociable by explicitly learning social skills. They can also learn social skills in order to manipulate others, as is the case here.

            Lastly, explaining how a medical condition whose stereotypes seem to make others think those with it would not be capable of committing a crime were in fact capable of committing that crime in no ways is the same as excusing the crime.

          • inigyou2 hours ago
            They're not excusing the sociopathic element. They're explaining the apparent discrepancy between the fact that autistic people are bad at socializing and the fact that some autistic people are good at social engineering.
            • mrguyoramaan hour ago
              There's no discrepancy because "social engineering" isn't "Being good at social things"

              Social engineering is just conman pressure tactics or hard sales tactics. It's so simple you can train your average stay at home mom or "hustle culture" bro to do it for Amway or similar in an afternoon.

              It requires zero social skills. You aren't "Charming" the tech support, you are just badgering them and waiting until they do the normal human thing of trying to be helpful.

      • illliillll3 hours ago
        Why assume they’re skilled at social engineering? The victims tend to be trusting and helpful, they’ll just do what you ask because they want to help.
        • d-us-vb3 hours ago
          I'm not assuming anything. I'm explaining that they can be, because the original comment made it sound like autistic people can't understand social behavior at any level.
    • voidUpdate5 hours ago
      Autism always makes your kids into sociopathic hackers, as we all know. They are also always top of their class in maths and bad at interacting with people

      /s

      • rapidaneurism4 hours ago
        Unless it is to trick them into resetting a password over the phone that is
    • inigyou5 hours ago
      Helps spread memes the BBC wants you to believe. Namely, autistic people bad. See, this is why I think the BBC needs to go.
      • Steve163845 hours ago
        Why on earth would the BBC want or care for people to believe that? Are they in the pay of the anti-autism league? We're through the looking glass people!
        • billygatesgruff4 hours ago
          I advise people to start looking into the case of the traitor and double agent Chris Packham
        • inigyou4 hours ago
          I don't know but they've been spreading this kind of thing for a while. See also how they report on the middle east.
          • GJim4 hours ago
            [flagged]
  • erelong4 hours ago
    do you think there is a way to divert kids like this into some kind of useful programming / IT direction and if so what do you think would be the best way to handle this

    (like a group that takes black hat hackers to white hat hacker projects?)

    kids with like anti-social or aggressive tendencies plus maybe some tech "skillz"

    • kortilla4 hours ago
      Like putting kids that get into fights into the military.
  • VladVladikoff5 hours ago
    I don’t really have 16 hours to burn watching a live stream recording, but I kinda want to watch it for the lolz.
  • smallnix5 hours ago
    > The court heard the single child was given his first laptop at the age of 10 by his parents - carers who moved to London from Bangladesh.

    Ah.. I hate when stereotypes play out like this. It's always those single children.

  • cedws2 hours ago
    And what about the criminals who left these systems exposed?
  • throwaway8886663 hours ago
    Britain got talent I guess.

    They are teenagers. They don't belong in prison, they belong in an any cybercrime agency.

    • willy_k2 hours ago
      Idk about Britain, but in the US that’s exactly where they’d end up after serving their sentence.
  • smith-kyle4 hours ago
    Sad that they're being sentenced based on the impact of the response by TfL's IT team
    • victorbjorklund4 hours ago
      I mean you can’t put a building on fire and say you should not be sentenced for the whole building burning down because the impact of the response by the fire department (if they had been faster/better the fire would not caused so bad damages)
      • inigyou2 hours ago
        Actually if only half the building burns down you aren't supposed to be sentenced as if the whole building burned down. Even if the whole building would have burned down if the fire department didn't show up.
      • cucumber37328423 hours ago
        The building owner has a degree of duty to mitigate loss. They can't go around opening doors and windows after the fire is started but before the fire department gets there and be all "whoops not my fault blame it on the guy who started the fire" regardless of how the fire started.
        • roryirvine3 hours ago
          The duty to mitigate loss is a concept in contract law, and its main use is in calculating damages (ie. you can't claim damages for a loss that you ought to have mitigated)

          It would definitely come into play if TfL were suing Jubair & Flowers, but it's not really relevant in a criminal situation like this.

        • inigyou2 hours ago
          In that case it would be criminal insurance fraud, right?
    • dofm4 hours ago
      But that's part of the thing, isn't it?

      You don't get to argue that your crime wouldn't have been so bad if your victims weren't incompetent.

  • antihero4 hours ago
    Ah so a little more serious than gang rape, I guess. https://www.bbc.com/news/live/cd0m38xndp3t
  • parisisles4 hours ago
    (the french laundry)
  • Retr0id4 hours ago
    > Woolwich Crown Court heard both men [...] spent most of their time online unsupervised.

    Such an infantilising and surveillance-normalizing slant. Why is it worthy of mention that an adult spent time unsupervised? (Sure, one of them was 17 at the time, but that didn't stop them from waiting until he was 18 to charge him)