Xbox Live was not hacked. It had been conned.

Posted Mar 23, 2007 at 9:44PM by QJ Staff Listed in: Xbox 360 Tags: Major Nelson

THAT's what happened to Xbox Live. (More or less) - Image 1

This is an update to Major Nelson's head hitting the roof after hearing reports of fraud over Xbox Live and fearing that the network had been hacked. Xbox Live staff had gotten back to him and reconfirmed it: Xbox Live was not hacked, period (oh, thank goodness). The bad news was that Xbox Live was the victim of a commonplace e-commerce and computer security crime: social engineering.

Or, put more simply, they've just been had. (Oh, holy...)

Let's make this quick: social engineering "is a collection of techniques used to manipulate people into performing actions or divulging confidential information." In this case, it's con artistry over a fiber-optic cable.

It seems that Xbox Live's support staff had been conned into revealing account information they would not have done so otherwise. The Major mentions some "painful-to-listen-to audio files": probably the full voice evidence of their own people getting hit by a truck and not even knowing it. It happens to the best of us, really (try visiting a convention for hackers or computer security, and ask about it).

As renowned (and reformed) former black hat hacker Kevin Mitnick so casually remarks (but not with these words), it's a hell of a lot easier to dupe, lube, or seduce the password out of your victim than to hack into his or her PC.

Currently, Xbox Live engineers are training the customer support staff and partners to reduce their vulnerability to social engineering-type attacks. And it would be wise to repeat the earlier warning he gave: don't just give your personal information out to anyone, although in this case it's the support staff who have learned this lesson the hard way.

We're not one to believe that there's a sucker born every minute. Sometimes, it's more like the devil inside is way more powerful than the better angels of our nature, whether up close and personal, or reaching out to touch someone.

51 Jumps Custom Firmware 5.50GEN-D3 final released

36 Jumps Mom gets 911 help after son won't sleep, keeps playing video game

24 Jumps Sega's Mega Sale on PSN

24 Jumps Tetsuya Nomura teasing unannounced title

21 Jumps Resident Evil 5: Alternative Edition trophies revealed

20 Jumps PSP-4000 mentioned in LBP accessory pack ad

18 Jumps Custom Firmware 5.50GEN-D3 and 5.03HEN-C dated

17 Jumps Alien Zombie Death has aliens, zombies, death

15 Jumps New game in development at Atlus Japan?

14 Jumps Koei reveals Hokuto Musou characters

Comments

by - 2007-03-23 22:51:24

um...

isnt that still hacking? sort of like saying, i wasnt drunk because i can still drive.

by Vietone - 2007-03-23 23:35:15

Its still hacking.

Using Social Engineering to compromise accounts is still a form of hacking. It taught in basic network security. Some of the best hackers in the world dont steal accounts, people give it to them willingly. Microsoft messed up and they dont want to admit it. So they call it a con. I guess they just dont want to admit that they got hacked and peoples accounts got compromised. An isolated incidence would mean maybe a dozen accounts. But when your talking about more then a dozen, then its a flaw, anymore and its been compromised.

by - 2007-03-24 01:03:30

WOW

Yeah, um.. people giving out personal account information from a company is terrible. It is far worse than simply having a server or whatever taken over. If I was anyone that had their account seize or anything, I would find out exactly what happened immediately. Better safe than sorry. You have no idea what information they might have given out.

by - 2007-03-24 03:04:13

fsaef

those mother*****ers beter not give out my account information mother*****ers with a company like microsoft couldn't they have hired non retarded operators?

by - 2007-03-24 08:42:52

...

i believe "microsoft" and "retarded" go hand in hand.

by - 2007-03-24 17:39:14

so true

so true

Add New Comment

You must be logged in to post comments

The QJ.net Network
Site	Feed
QJ.NET	RSS
Nintendo DS	RSS
PlayStation 3	RSS
PSP Updates	RSS
Wii	RSS
Xbox 360	RSS
MMORPG	RSS
Personal Computer Games	RSS
iPhone - iPod Touch	RSS
QJ.NET Forums	RSS

Add QJ.NET

User Favorites - December

Most Commented
MaGiXieN explains release..	(103)
Custom Firmware 5.50GEN-D3..	(74)
Brazilian senator wants cr..	(62)
Custom Firmware 5.50GEN-D3..	(51)
Custom Firmware 5.03GEN-C..	(50)
FFXIII PS3 audio and video..	(48)
NPD Study: US kids as youn..	(44)
Custom Firmware 5.50GEN-D3..	(43)
Sony starts talking about..	(39)
PlayStation celebrates 15t..	(35)
Traveller's Tales to Sony:..	(35)
Final Fantasy XIII boxart..	(33)
Tecmo's Quantum Theory no..	(30)
EA CEO wants to turn pirat..	(29)
Sony: Get a free game with..	(27)
Rumor: Logitech has PSP Go..	(24)
More Estavillo subpoenas -..	(23)
November NPD sales: hardwa..	(22)
Pokemon: the world of the..	(22)
Scan: New character confir..	(21)
Sony sells 440,000 PS3 uni..	(20)
Zeschuck: JRPGs lack evolu..	(20)
Girlfriend dumps Andy Murr..	(20)
Buy two, get one free at B..	(19)
Time Magazine reveals Top..	(19)

User Favorites - December

Top Jumps
Custom Firmware 5.50GEN-D3..	(2708)
Custom Firmware 5.50GEN-D3..	(1014)
Custom Firmware 5.50GEN-D3..	(516)
Tiger Woods Wife Outrun Fl..	(504)
MaGiXieN: 6.xxGEN is not w..	(410)
MaGiXieN explains release..	(358)
Custom Firmware 5.03GEN-C..	(302)
PSP Homebrew: CFW 5.03 GEN..	(209)
Custom firmware 5.50GEN-D..	(171)
Wii homebrew - Custom IOS3..	(109)
PSP Revolution v0.3	(96)
Naruto Shippuden: Ultimate..	(92)
PS3 optional update 3.15 d..	(85)
No plans for custom firmwa..	(85)
PSP homebrew - DaedalusX64..	(84)
PSP Homebrew - PSPDisp v0...	(82)
Resident Evil 5 patch 1.03..	(82)
PSP homebrew game: PSP Mar..	(74)
Sony starts talking about..	(73)
gpSP v0.9 for the PSP	(71)
PS3 is year's best platfor..	(70)
Sony files curious new tra..	(66)
Sony sells 440,000 PS3 uni..	(66)
PSP homebrew - DaedalusX6..	(66)
PSPlayerMT For PSP - Direc..	(66)

Username:

Password:


Remember Me?

Forgot password
New user registration