Tag: misuse | SpinSafe

Ethical hackers urged to respond to Computer Misuse Act reform proposals

March 28, 2023/in Computer Security

Ethical hackers, security researchers and consultants, and the community at large are being urged to step up and make their voices heard as the government explores a series of proposed changes to the Computer Misuse Act (CMA) of 1990.

The long-awaited consultation, which has been running since February, is seeking views on a number of legislative changes, including giving new powers to law enforcement agencies and closing existing loopholes that make it easier for malicious actors to get away with misusing purloined data.

However, when the consultation was launched, campaigners who want to see the law reformed to better protect cyber security professionals from prosecution under outdated sections of the 33-year-old CMA were left disappointed because rather than lay out concrete proposals for the community to consider, the government merely said more work was needed on this point.

Among other things, Westminster wants to consider questions such as how to safeguard the UK’s ability to act against cyber criminals if legal defences for hacking are implemented; how to ensure any defences do not provide cover for offensive actions; and what levels of training, standards and certifications need to be in place for security professionals.

Nevertheless, Casey Ellis, founder and CEO of crowdsourced security platform Bugcrowd, is calling on the community to have its say on the basis that interested parties need to contribute to ensure the government is as well-informed as possible.

“It’s still important that as many as possible individuals and organisations have their say on this,” he said. “The UK needs a revised act that not only better defines the difference between the activities of malicious attackers who have no intent to obey the law in the first place, and those who hack in good faith, discovering and disclosing vulnerabilities so they can be addressed before they are exploited.

Bugcrowd, which is contributing to the consultation through the Cybersecurity Policy Working Group (CPWG) and the Hacker Policy Coalition, said that the most significant way in which community members could help would be to comment on the potential of a statutory legal defence for hacking if…

Source…

Alleged GTA 6 hacker pleads not guilty to computer misuse, remains detained by police

September 28, 2022/in Computer Security

❘ Published: 2022-09-28T07:15:00

❘ Updated: 2022-09-28T06:47:32

The teenager suspected to be behind the recent GTA 6 leaks has pleaded not guilty to the hacking charges, and is now being held in a youth crime detention center.

According to Eurogamer, the 17-year-old who is suspected to be behind the GTA 6 hack has pleaded not guilty to the charges. The City of London Police’s Cyber Crime Unit spoke to Eurogamer about the situation at hand.

City of London detective inspector Michael O’Sullivan issued a statement to the outlet, confirming that he had appeared in court over the past weekend.

“The 17-year-old who appeared at Highbury Corner Youth Court on 24th September has pleaded guilty to breaching his bail conditions and not guilty to computer misuse.” O’Sullivan then revealed that following the court hearing, “the teenager has been remanded to a youth detention center.”

Prosecutor Valerie Benjamin said in court that the suspect had used a phone to hack into companies and was “holding them to ransom” to gain access to illegally obtained software, Bloomberg Law reports. The suspect was charged with two counts of break of bail conditions as well as two counts of computer misuse.

The judge referred the case to a higher court where it’ll be heard with a “similar” matter at a later date. On Sunday, September 18, one of the biggest leaks in gaming history took place, with Rockstar Games’ upcoming Grand Theft Auto 6 title having over 90 videos and images shared online – including detailed footage of the game.

On the evening of Thursday 22 September 2022, the City of London Police arrested a 17-year-old in Oxfordshire on suspicion of hacking, as part of an investigation supported by the @NCA_UK’s National Cyber Crime Unit (NCCU). He remains in police custody. pic.twitter.com/Zfa3OlDR6J

— City of London Police (@CityPolice) September 23, 2022

On Thursday, September 22, the suspected hacker was arrested by the City of London police. Since the incident took place, Rockstar has addressed the security breach, confirming that the leaked footage was real and voicing how “extremely disappointed” the dev team is “to have any…

Source…

GTA 6 Hacker Pleads Not Guilty to Computer Misuse Charges

September 28, 2022/in Computer Security

The City of London Police has confirmed that the GTA 6 hacker has pled not guilty to charges of computer misuse. However, he has pled guilty to breaching bail conditions, which police said he violated as reported on Sunday. The police’s Cyber Crime Unit revealed that the 17-year-old teenager (identified only as A.K. for legal reasons) appeared in court over the weekend.

GTA 6 hacker currently detained in youth detention center

gta 6 hacker

City of London detective inspector Michael O’Sullivan confirmed the details in a statement to Eurogamer:

The 17-year-old who appeared at Highbury Corner Youth Court on 24th September has pleaded guilty to breaching his bail conditions and not guilty to computer misuse. The teenager has been remanded to a youth detention center.

The charge of computer misuse is a bit ironic, considering the teenager most likely used his computer exactly as he intended. At any rate, if the suspect is convicted, it will be interesting to see what his sentence will be, considering that he was accused of being the leader of hacking group Lapsus$ in March when he was then 16 years old.

The FBI has yet to issue a statement, though one is likely to follow after additional arrests of other members of the hacking group, who are claimed to have assisted the suspect in his hack of Rockstar Games. Apparently, the teenager is only one of seven suspected of breaching high-profile companies. Journalist Matthew Keys says that the the hacker was responsible for the security breach at Uber. The police was able to track down the suspect due to him using similar hacking techniques in breaching Microsoft, Nvidia, and Okta.

Last week, Rockstar equated the hack to just “a network intrusion” and there wouldn’t be any “long-term effect” on the development of their ongoing projects, including GTA 6.

In other news, the Kena Bridge of Spirits anniversary update comes with a host of new features, and details of the Far Cry 6 GOTY Edition and upgrade pass have been leaked online.

Source…

Statutory defense for ethical hacking under UK Computer Misuse Act tabled

June 27, 2022/in Internet Security

Adam Bannister

23 June 2022 at 14:06 UTC

Updated: 23 June 2022 at 14:09 UTC

Amendment applies to bill related to 5G rollout and connected products

Statutory defense for ethical hacking under UK Computer Misuse Act tabled in Houses of Parliament

UK legislators have proposed an amendment to the Product Security and Telecommunications Infrastructure (PSTI) bill that would give cybersecurity professionals a legal defense for their activities under the Computer Misuse Act (CMA).

A cross-party group in the House of Lords, the UK’s second chamber, tabled the amendment on Tuesday (June 21).

The PSTI bill is designed to support the UK’s 5G rollout while also mandating vulnerability disclosure policies for vendors of Internet of Things (IoT) products, among other security provisions.

‘Acting in good faith’

The CyberUp campaign, a security industry coalition calling for wholesale reform of the CMA, argues that a statutory defence under the 1990 act would protect security researchers, ethical hackers, and pen testers from spurious legal action when responsibly hunting for or reporting vulnerabilities.

Speaking in the House of Lords yesterday, Lord Arbuthnot of Edrom referenced the CyberUp campaign’s suggestion that a statutory defense should be based on “the prospective benefits of the act outweighing the prospective harms”, on “reasonable steps being undertaken to minimise the risks of causing harm… the actor demonstrably acting in good faith [and] being able to demonstrate competence”.

The CyberUp campaign has also urged the government to release the findings of its ‘call for information’ (consultation) on the effectiveness of the CMA, which closed more than a year ago.

UK Home Secretary Priti Patel announced the consultation with academia, law enforcement agencies, and the cybersecurity industry alongside plans to review the CMA in May 2021.

BACKGROUND UK government to review country’s aging Computer Misuse Act

Kat Sommer, head of public affairs at CyberUp backer NCC Group and CyberUp spokesperson, hailed the PSTI amendment, noting that some countries had “more permissive regimes, but no country has yet gone so far as to introduce a defence for unauthorised access.

“Of…

Source…

Tag Archive for: misuse

GTA 6 hacker currently detained in youth detention center

‘Acting in good faith’