UPDATE: A spokesperson for Malwarebytes has confirmed that Clark's behavior took place prior to his hiring at the company. The statement from Malwarebytes is as follows:
“The alleged behavior happened before the individual was hired as a Malwarebytes employee. When we learned about the allegations we terminated his employment. Malwarebytes does not condone this type of behavior.”
The original story follows.
A Malwarebytes security researcher named Zammis Clark won't be serving jail time after hacking into Microsoft and Nintendo servers and stealing 2,365 usernames and passwords from the respective companies. Clark, also known as Slipstream or Raylee, was found in May of 2018 and plead guilty on March 28th of this year in a London Crown Court.
During the trial, prosecutors disclosed that Clark had originally gained access to Microsoft's server on January 24, 2017. He proceeded to share access to Microsoft's network in an Internet Relay Chat server, giving other hackers easy access into the company's servers. He was arrested a few months later in June after uploading malware into Microsoft's network. The police, with the help of the FBI, EUROPOL, and the NCA's National Cyber Crime Unit (NCCU), all found stolen files on his home computer as well. Clark was then bailed out with no restrictions on computer use. Not long after, he went on to hack Nintendo's network, via the use of Virtual Private Networks (VPNs), and gained access to their game development servers in March of 2018.
In May of 2018, Nintendo discovered the breach and Clark was brought into custody again. Clark's defense stated that since the former security researcher is an autistic person with face blindness, he would be "highly vulnerable to violence from fellow prisoners", and, "at a greater risk of reoffending if imprisoned." As reported by The Verge, Clark's damages are not an inconsequential figure for the companies, either:
"Nintendo estimates the cost of damages between £700,000 ($913,000) and £1.4 million ($1.8 million), and Microsoft previously provided the court with a vague estimate of around $2 million in damages."
Judge Alexander Milne made the decision that Clark will be sentenced to 15 months imprisonment, suspended for 18 months. This means that Clark will avoid jail time as long as he doesn't re-offend. Clark's parents penned a letter to the judge, revealing plans for rehabilitation for Clark and his challenges with autism, which aided in swaying Judge Milne's decision. A Serious Crime Prevention Order was also put in place for up to five years which, if breached, results in an unlimited fine and up to five years in prison.
This news comes only a few days after another case where a man plead guilty to stealing a total of $122 million from both Google and Facebook between 2013 and 2015. Both cases weigh in on the importance for companies to consistently adjust and heighten their internet security. It's a sobering reminder that even the biggest tech companies in the world don't have impenetrable defense networks, and that we should all be extremely careful with any information about ourselves that we use online.
Source: The Verge