24-Year-Old Security Researcher Avoids Prison after Admitting to Microsoft and Nintendo Hack

[UPDATE 01.04.2019 – 20:55 CET] According to a spokesperson from Malwarebytes, the incident mentioned below took place before the researcher worked at the company: “The alleged behavior happened before the individual was hired as a Malwarebytes employee. When we learned about the allegations we terminated his employment. Malwarebytes does not condone this type of behavior.”

---

[29.03.2019 – 18:39 CET] British security researcher Zammis Clark has avoided prison time after pleading guilty to a Microsoft and Nintendo hack. According to The Verge, the former Malwarebytes employee accessed the company's servers via an internal username and password in 2017. He went on to steal 43,000 files, including unreleased Windows 10 builds. The access was discovered when Clark uploaded malware to Microsoft's network. British police arrested him in June, but after his bail, hacked into Nintendo's network to steal development code for in-development games and steal thousands of usernames and passwords. “Today's action by the Courts in the UK represents an important step. Stronger internet security not only requires strong technical capability but the willingness to acknowledge issues publicly and refer them to law enforcement,” said Microsoft to The Verge. “No company is immune from cybercrime. No customer data was accessed, and we're confident in the integrity of our software and systems. We have comprehensive measures in place to prevent, detect, and respond to attacks,”

The BuildFeed Controversy

Interestingly, Clark was joined in court by Thomas Hounsell, creator of the recently shuttered BuildFeed. At the time of its closing, Hounsell cited ‘internal and external pressures', but claimed the build numbers uploaded to his site were sourced from a Microsoft employee. The Verge says Hounsell used Clark's server to perform over a thousand searches for build numbers and codenames. It seems these are the build numbers that made an appearance on the Build Feed website and ultimately led to its shutdown. Despite this, neither of the two will face immediate prison time. Due to Clark's autism and face blindness, his defense successfully argued that he would be highly vulnerable to violence. Instead, he was sentenced to 15 months imprisonment, suspended for 18 months. This means he will only face prison time if he performs another crime in the next five years, at which point he'll face up to 5 years in prison and an unlimited fine. Meanwhile, Hounsell's imprisonment was set at six months and suspended for 18 months. Unlike Clark, he also received 100 hours of community service.