A former security researcher at MalwareBytes, Zammis Clark, was sentenced earlier this week for breaching into Microsoft and Nintendo network servers and stealing confidential data, as well as usernames and passwords, according to The Verge. The attacker had also uploaded malware to the servers.
Clark, who was still working for MalwareBytes at the time of the Microsoft attack in January of 2017, had stolen around 43,000 files from the Redmond company's servers thanks to the attack. After gaining access to the servers, he shared that access with other users on the internet as well, including Thomas Hounsell, who is known for running the now-defunct BuildFeed website. Hounsell used this route to gain information on Microsoft's products through nearly 1,000 queries over a period of 17 days.
Clark was eventually arrested for his actions in June of 2017, but was released without any restrictions on computer use, so in March of last year, Nintendo also came under attack by the hacker. Clark gained access to the company's game development servers and stole 2,365 usernames and passwords until he was caught in May. Between the Nintendo and Microsoft breaches, Clark caused damages anywhere between $2.9 and $3.8 million.
Clark had also been involved in a previous security breach around Vtech's children toys in 2015, but hadn't been accused since the company didn't collaborate with the prosecution on the case and Clark walked free.
Clark will at least avoid any prison time, provided that no additional crimes are committed. Due to his autism and face blindness, in addition to the fact that Clark pleaded guilty to the attacks, Judge Alexander Miller decided that prison would be disproportionally harsh for the hacker. He was sentenced to 15 months of imprisonment, suspended for 18 months. He was also granted a Serious Crime Prevention Order which will mean an unlimited fine and up to five years of prison time should he commit any serious offenses for the next five years.
Thomas Hounsell, on the other hand, was sentenced to just six months of imprisonment, but the sentence will also be suspended for 18 months, so prison time will only be necessary if any other crimes are committed during that period. Hounsell was also sentenced to 100 hours of community service.
Microsoft reacted to the sentence, saying that it was "an important step". Tom Burt, Microsoft's CVP for customer security and trust, said "Stronger internet security not only requires strong technical capability but the willingness to acknowledge issues publicly and refer them to law enforcement. No company is immune from cybercrime. No customer data was accessed, and we’re confident in the integrity of our software and systems. We have comprehensive measures in place to prevent, detect, and respond to attacks". Nintendo, on the other hand, hasn't commented on the sentencing.
Source: The Verge