Greatest Moments in Hacking History: Samy Kamkar Takes Down Myspace
ฝัง
- เผยแพร่เมื่อ 27 ส.ค. 2024
- In this pilot episode of Greatest Moments in Hacking History, hacker Samy Kamkar talks about the time he created a worm in 2005 and accidentally took down Myspace.
WATCH NEXT:
Is Uber Killing the Yellow Taxi in New York City?: bit.ly/25xMeW4
Subscribe to MOTHERBOARD: bit.ly/Subscrib...
Follow MOTHERBOARD
Facebook: / motherboardtv
Twitter: / motherboard
Tumblr: / motherboardtv
Instagram: / motherboardtv
More videos from the VICE network: www. vic...
Why would you animate his face when you can have the real Samy in-front of the camera
Really shitty animation aswell
Dope
To actually have content for this bullshit
For the parts they can't record.
Because Samy fell out of the ugly tree and hit every branch on the way down
me after clicking "inspect element": You know, I am something of a hacker myself
Der Fuchs lol yep
11 year olds in school: *OMG GUYS I JUST HACKED THE SCHOOL SYSTEM*
lol
Pan Lis lmaooo
I used to
Do that to get me a shit ton of coins in a game of school
Moral of the story: if you are addicted to your computer, hack a social media site, then you'll get out of the house more. :)
Guess I will have to learn hackig now. Otherwhise im gonna be stuck behind my pc forever.
or just give $100 to a friend with the following deal:
if you turn on your computer in the period of X, then your friend is gonna keep those money
but if you succeed in not turning on your computer for the X period then you will get your $100 back...
make the X period large enough that you will stop being addicted to your computer...
It won't work. It will just pull you in deeper. Well,other than leaving the house to do some IRL recon,once in a while.
k good, goin to hack facebook, never gona leave this pc :(
I just have 2 questions: Kurzgesagt: What Are You? CGP Grey: You Are Two?
About the Porsche;) what color and do you still have it?
Imagine if he went to jail:
Prison guy: So what did you do?
He: Oh I found a flaw on MySpace and made it so I would get a million friends, you?
Prison guy: Killed 20 people
**unfriended**
jail and prison are 2 different things my guy
Prison guy 🤣 man just put prisoner
@@Micah.Moeller how?
@@hannes8978 Jail is a group of cells which is less protected and for small crimes, whereas prison is a huge police station type of thing in which it is very hard to escape and very tight security, and is for people who have done way worse crimes
1. Don't use your real profile
2. Don't use your personal internet
3. Trash the computer afterwards
true lol :D
Crush it afterwards
VPN and/or Proxy. You’re welcome.
@@hunterbruyere5052 today you can trace a VPN without a problem
@@nobies2620 true, you should learn how to connect to public proxies with lots of users connected to it :)
Something exactly like this happened to Facebook as well, done by a guy named Chris Putnam. But instead of fining the guy, facebook actually hired him because of his intellect. This is the reason Facebook is in the top right now, and myspace is a graveyard of deserted profiles.
Lesson: Always value the talent and the people who show you your flaws.
But, did he release it into the wild, causing them to take it down temporarily?
@@aritrosaha1616 yes
This.
I thought Google has always offered money and a contract to anyone who can show them a backdoor into their system
@@Evergreen1400 indeed Telegram is doing so too. Fuck MySpace they were focused too much on commercialisation back then
this is bullshit, its myspace's fault that their code had a vulnerability, not his. He didnt gain anything from this he shouldn't have gotten in trouble.
So when a someone don't locks his front door you can go in his house and take all the stuff?
+Mr Nice he didn't gain anything. It's more like wandering into someone's field if they don't have a fence around it and then accidentally stepping on a couple plants
No. When someone don't lock his front door, you open it wide open, which causes a chain reaction that makes all the other doors slam against the walls the doors are mounted(like when you open a window and the nearest door slams, thanks to a change in pressure). Now, accidentally, one of your doors' door hinges are not screwed on, which makes the door fall on the floor. The floor now gets severely damaged.
You did something unethical, and should definitely pay for the damage, but you should not go to jail, as the damage on the floor was an accident.
The internet =/= a home.
+Hunter Tinsley Haha, of course. However Mr. Nice's analogy was not appropriate.
Samy is now an ethical hacker, as most hackers are. He looks for and solves vulnerabilities to keep people safe. Be like Samy.
Samy is my hero
Wait.. how do you buy a porsche at 19?
Rich family would be my guess.
He founded a software company at 16 that raised over 64 million in private funding.
oh my fucking god
If only i could code..
If only the internet could teach you how to code, but alas...
I suppose it could. Although me being uninterested about it doesn't really help....
hehe I was going to bring them doughnuts like sorry guys
He should have, it's not a big deal. Maybe they wouldn't have gotten butthurt if he had.
and maybe gave him a job as security checker
+Davis Odom think about what a big company like myspace makes a day. when somebody is to blame for the loss of money they obviously will let him pay.
Ninten Nol But.....I ate the donuts before I got to MySpace headquarters!😎
l didnt do anything wrong and has for my space on every body computer in search bar
curious what the charges were for Samy at that time? Hindering corporate profits?
If spreading viruses unintentionally and without malice is a crime, then why aren't they arresting kids in elementary schools whose parents sent them in sick and spread their cold to the student next to them?
from the sounds of it he didn't do it maliciously but it was careless/reckless since he was smart enough to write that himself in the first place. it's not like he was a telemarketer who got through to the pentagon because he dialed a random computer generated phone number.
+CajunCoding I agree, but we never see an independent citizen who was hacked get the response a corporation does under the same circumstances. If my bank account gets hacked, there is no federal case.
For real, he didn't even cost them anything. They could probably undo it within ~30 minutes of noticing it and fix the exploit in a day or two.
From what I've read the feds saw him as a possible threat to national security because of how fast it spread. They used the patriot act to get a warrant. Total bullshit
+TehOktro exactly.
If I were him, I'd have told Myspace about the worm immediately upon realizing its impact. At the same time, with the kind of cybersecurity negligence on Myspace' part necessary for this to even be possible, and the fact that Kamkar clearly wasn't malicious, being banned from the internet for 3 years is way excessive. IMO he absolutely shoul've gotten a fine, and maybe some civil liability for the damages, and maybe he could be banned from posting public content to the internet, but killing private use is a major social disability, especially depending on Kamkar's career.
I agree that a fine (albeit a much larger one, judging by how much he surely cost MySpace) would've been sufficient. Luckily, losing internet access in 2005 was quite a bit less major than it would be today.
yea like how is this his fault ?
He actually did do that. He wrote an anonymous email to them explaining in detail what it did and how to stop it.
The animation makes me uncomfortable the way his mouth moves
his shoulder :c
Dudley look up “toast boy.”
Thats how my gf pussy moves
shisir pathak r/nobodyasked
@@shishirpathak2123 hahahahaahahaha
It's absolutely absurd how you were treated.
3 years of his life disconnected from the internet. And during his years of transition from a teenager to an adult with proper goals. This guy could have contributed significantly to the progress of technology (programming-wise), much more than he already has, considering how smart he was. How in hell can he be okay with what he was put through? The potential for his mental growth was blocked completely for 3 years.
I'm glad that MySpace became the wreck that it is. Pieces of shit
@@Ripcode2233891 "The potential for his mental growth was blocked completely for 3 years." I agree. However, people should also learn communication skills. If you can make an excellent program that'll solve big problems, but you can't communicate it, what's the point? In my opinion, him having 3 years to gain better (or even learn as he said he was stuck to the computer) social skills with others.
World's richest people do not have very good social skills. If they're smart enough they'll get it done, find other ways, etc. communication isn't this fundamental thing for success.
You see. The punishment being excesive is done like that to state a model. Don't mess with stuff online or you'll be heavily punished.
That's a way to keep other folks away from doing such things.
Exactly what law was broken tho
I mean he did kinda shut down the entire server, which caused their service to shut down, ultimatlely losing several users and potential profit. He kinda did do them a favor by finding it, and I dont think any penalty like that is deserved. But theres a point to everything. Also its been a year :)
Unauthorized access to computer (myspace server)
@@micahrogers7536 He didn't access their server
@@wifinesesi dude thats literally like saying if u invade a country its the country's fault for getting invaded because they're military wasnt good and were exploited?
what a stupid comment ..... "what law was broken tho" ... srsly ?
Just because you had more friends than them
Y-You know those times where you just get bored and managed to take down Myspace with a makeshift worm and the FBI puts you on probation for 3 years and you never touch a computer for like a year after probation? I love those times.
Fuck that, it was myspace fault for having such a huge exploit on their website, its not his fault for noticing and using it. infact without him it never would have been discovered and if it did it could have been really malicious. he should be paid for finding the exploit not having to go to probation and paying $20,000
Probably true if he didn't use the exploit and report as soon as he find out. But he brought myspace down so it's a no-no.
It's not as huge as you might think. It comes from a slight syntax error that isn't detected to be a problem by the compiler. If he had written harmless code to find the bug and reported it to myspace he probably wouldn't have faced charges. However, we knowingly wrote a virus. A virus that myspace had to shutdown the website for a time to remove it, causing them to lose money.
@Valesto93 theft is theft, but without those hackers you will continue to have weakness in your system.
Spent five minutes trying to find more episodes, realized this was a pilot. I would watch all of these.
Pls make this a series. Great video.
ya
YAYA
Ya
@@eatadick5647 ya
They diluted a genius, it’s sad.
Dude, look Samy up. He's not suffering.
a simple xss worm isn't exactly genius
@@inx1819 Back then it was I guess.
Set him back 3 years. Imagine what he could have done without the probation
I remember seeing the stories about they guy with a million friends, didn't know this was how it went down lol
Great story there :) loved how casual it was told.
This guy is a fucking genius, I love this story.
2:55 I think I know where this is going
Can I get a 1,000,000 subs without any videos ? Underrated comment lmao
Oh no
😂😂😂
The only ridiculous part about this story is buying the porsche boxster as a 19 y/o.
Alessandro Carcione fr like he must have some rich parents or made some real money,probably some rich parents.
He started a software company at 16 that got over 40 million in private funding.
@@SoFxEquinox WTF . That story' that muat be tell not thiss one
@@memesfromdeepspace1075 yeah bro 😂
You can buy a used porsche boxster at like $8000
XSS? This guy is a legend, imagine a bunch of professional developers on number 1 site embarrassed by a 19 year old... That kid should get an award, not a punishment
Lol what a trip. MySpace just sent me an email notifying me that a Russian hacker just stole a ton of information from users who made profiles prior to 2013. This video couldn't be uploaded at a better time.
this is what happenes when you show a corparation a security flaw, instead of hiring you or giving you a reward for finding it and showing it to them so they can patch it before its exploited, they sue you and send you to prison. And then they complain that "cyber attacks" are rampant. no shit you scare everyone off from not only helping you but just exploiting it instead. Then its even harder to get into the feild of security analisis because of fear of arrest for trying to learn
some companies pay people to find security flaws in their websites.
others try to send you to prison for finding their mistake. then when they loose personal information of its users "its not our fault!"
he didn't disclose it to them, he was like "oh yeah, lets release this worm into the wild! idk what it'll do, but oh well!". if he properly disclosed, he'd most likely gain a reward.
It's like how Kim Jong Il executed any scientists who failed missile tests.
but Kim Kong Un didn't and simply celebrated getting closer to their goal.
Who ended up as a better leader?
But...he didn't show them. He just exploited the fla flaw. That's the difference in a white hat hacker vs a black hat (or grey hat).
That's cause people who find such security flaws are not 'helping' in any way. They're often trying to scam someone or getting advantage off someone.
In cases like this where there were no obvious malicious intentions, they still manage to make companies lose a lot of money while the services are down. Of course they're angry.
But hackers NEVER are like: "Hey, company, I was seeing your code and noticed there is a flaw that can be exploited. I'm open to discuss some terms to tell you how to fix it." THAT would be a different story.
Good stuff! Would love to see this as a series! :-)
This was the best story, I have heard in a long time. thank you
Great pilot! This should become a keeper! Great job and idea!
so in summary, an authoritarian police state used intimidation tactics to impose a plea bargain on a hapless hacker who merely increased a friend count on a public profile, leaving him emotionally unable to continue to explore the internet and finally drinking his feelings away at a local dive bar with some "friends". Hah! nice try NSA!
Bingo
that's retarded, it wasn't just a harmless bug... the virus could have crashed the whole server. it was growing expenemsially so in another day everyone would have been infected, and if he had the virus steal info he would have had a million+ people's info he could have sold.
sounds like the websites fault not his. ya know before the gov went big brother companies used to pay for this kind of testing now they get away with anything. according to you and a few others allsups gas station should go to jail for the skimmers put on their gas pumps.
endritiger you should send an application to the NSA
endritiger also, it was a joke..
NEW NEWS HEADLINE! "After posting new video on youtube. My space hacker shuts youtube down!"
L
L
L
I like how this guy is smart enough to create a worm and infect a million people on myspace, but not create a fake profile and use a proxy. He could have easily gotten away with this if he wanted too. Plus if he had just emailed myspace after about the exploit they should have paid him 20,000 for bringing it to their attention.
J It's because he didn't mean to fuck up their website, he was just playing around. And a simple proxy won't save you from the government.
My runescape account got hacked back in 2008 that felt so bad, it should definitely be on the number 1# spot of hacks all time.
can't find a mass attack on runescape back in 2008. was it just you?
I'm sorry i can't stop laughing at that drawing of a keyboard in the beginning
That's so shitty, You were punished because the security system of myspace was shit? they should have paid you because you found out. Really really unfair.
You're an idiot.
And you're not? lol
PlatinumFlyTrap You have solid arguments...
2:08 Correct me if I'm wrong, but I don't think Myspace had in 2005.
i like how a lot of comments here are saying how the probation was an unfair punishment but none of them are doing shit to resolve the problem
Back in those days I was one of the few people hacking social networking sites on that level. Hard to believe nowadays with so many people learning how to hack for very legitimate reasons. I had the same hack (executed slightly differently but with the same results) that Samy used. And it's actually not nearly as well known, but in november 2003, 2 years prior to Samy's hack, a similar worm ran through myspace named the lupidvirus, which is where I (and likely Samy) got the initial idea for such a hack. I remember brainstorming, trying to think about how it could best be used. I was never a malicious hacker, I never agreed with those people that would deface websites just because they got access, to me even as a kid that seemed childish and pointless. I played with websites at the time as a sort of puzzle brain-teaser type game, to see if I could outsmart those people making crazy amounts of money. Here I was, a kid who didn't even have to file taxes some years because I didn't make more than the $8000 minimum income limit, and I knew more about security than the guys making over $100,000 and running multi-million dollar websites. Needless to say, I ultimately never used the exploit I mentioned earlier, Samy beat me to it, and I saw how much attention he got for it. I've since mentioned this to him and anytime I see him remind him that drinks are always on me for that life lesson he taught.
That would make a good update for your blog
*searches up lupidvirus*
*nothing proper appears*
hmm
What the fuck. What 19 year old has the money to drop on a Porsche in the middle of a recession and still has 20 grand to dump on a plea bargain?? I feel like the real moral of the story is when you're rich, you can get away with anything.
He didn't get away with it. In fact, he was punished with extreme prejudice.
A very smart one
Porsche Boxter is a cheap car, it's known as the crappy lowest level porsche. You're better off with a Honda. But he is successful, so that means he's good at saving money instead of buying a really expensive car.
he started his own software company at the age of 18 or after his 3 year of punishment?
They are presenting this like it's the most interesting thing you will hear about today. It's the most boring thing I have heard all week.
Still to this day this is one of the best created videos on youtube
i would've been the guy who went over to myspace headquarters with doughnuts.
this was fantastic! guess he should've brought the donuts and coffee
man this was nice story, kept enterrtained throughout. good one peepz
When you said "oh no" I literally said oh no as well in unison. LOL
Oh, FFS. I hadn't ever connected that the hardware hacking guy was also the Myspace worm guy.
cool story, but I think he should've told Myspace the error in their code but hey whatever
Definitely best one of the pilot week
1.2 million sub is not enough for this type of quality
Mom: "Go make some friends"
Me:
That was really interesting, would love to see more. :)
for your own good I hope the uploader never wastes another minute of your life, or mine for that matter
I love those KRK monitors in the background :)
He was only 19 years old and was able to buy himself a Porsche Boxster?
The Mad Mick Boxter is the cheapest porsche
@@aronkovacs1386 at 19 u can't even buy a Lada
Box of shit
@@Esteban-ss6wq You could buy lada for 300€ easily
Moral of the story: this is how they kill dreams and stifle dissent. Put him on a time out and changed him forever. "controlling people"
It's funny how he accidentally fucks the whole thing up
*blows world up* uh oh great now how am I going to solve this *deletes MySpace account* "your account will be deleted in 24 hours" FFFFFUUUUUUUUUU!!!
Great story and vid ! Look forward to the next one !
The guy is a a good/fun storyteller too...which helps ! :)
They drew him to look like Jared...
Dom B 😅😅😅
Man he is so stoned in this Interview lol
new episode from Samy :-)
The Mac startup sound took me back
this was AWESOME!
Ok now I just need to take down facebook and I wil be free from that curse
Please.
please do
hit buzzfeed
yes that should be top priority
@@mika2666 *FACEBOOK IS NUMBER ONE PRIORITY*
Lol all the kids are like "What is MySpace?"
I missed the customization, If someone made a spinoff I'd totally jump on that.
not really, some kids know cause they even USED IT!
remember, kid (as of 2018) goes back to 2001 and maybe (as of nov.24/18) a few 2000 kids.
@@aritrosaha1616 I was 5 when thus happened so I could have went on MySpace if I wanted to. You're correct.
Llooll whats a Walkman?? Llooll
And all the Shokai's are like, "I'm going to needlessly gatekeep."
Next day: Samy Kamkar accidentally hacks Google and Facebook.
You found an exploit that cause MySpace to freak out, If you did that today, the company who you hacked would come after you personally...
Soo..I opened my laptop and registered an account on this new site called facebook...and started playing around ;)
I like the animation.
There was a Ted Talk where a hacker presenter talked about this guy and said he had a brilliant idea and had like 3 ideas for start-ups from this guy's little bit of code. I think it's genius.
MySpace had larger problems than just an innocent instance of hacking...
2:53 wait i seen this before
look familiar 🤔🤔🤔
Pamungkas Lmfao
I expected FBI bust down his door in the middle of the night
"I looked for a few minutes, and then I shut it down."
That hit me like a brick.
Almost went to prison, for interrupting a virtual service that is meant to bring enjoyment.
I would like to see my Myspace profile again. I was very young back then I don't recall what I put on there. Bring back some memories 😭
nowadays companies will pay you big bucks to let them know if you find an exploit in their software or programming
no big buck, they are fucking lyier, even with their bug bounty program some manage to sue peoples and not paying, i know many story of security expert who got fooled because of silly reason like, they are not from the us, because the security issue is not that critical, because it was 'discovered by their own team at the same moment', because the vulnerability was made public, and some are even more dirty, they fix the issue following the note but play dead when it come to pay the researcher.....
I am remembering a zero day i sent to a clueless php developers of a popular french php chat, he said to me 'hey this bug is useless, it's not remotely exploitable and it can't cause a denial of service, so he can't be included in our security bounty program', this fucker fixed it anyway, i answered him that it's a privilege escalasion bug and with someone imaginatif it can easily give a privilege access to the platform, this fucker played dumb, even after i exposed in full detail the way of doing it with a POC.
I should have just posted this zero day in a sec forum, just to see how hard his ass would have been raped.
bruh it was eval()
this exploit still exists today
That is literally working in IT
@@bonbadilmoi9325 it is an absolute pain, i feel bad for the guy in this vid, there probably was no way for him to tell myspace about the bug and he didn't even cause any real damage, yet they force him off the internet for 3 years....
I wonder how much the story would differ if he just told Myspace about the exploit.
It would differ 100%. He wouldn't be in trouble, at the least. MySpace *probably* would have fixed the vulnerability. This guy would be working in cybersecurity now.
@@TravisTerrell he is working in Cybersecurity.
wow, the title is really reflecting exactly what happened. A GREAT STORY GUYS!!
This is a really cool story, thanks for sharing.
GOING TO THE CAR...
FBI OPEN UP!
wait, do you see two big guys around your car, you think you're probably getting carjacked...and your response is to walk up to them? lol, why?
looks like those guys are gonna rob me and possibly commit assault...I better go get close to them lol.
Thats only the animation.
@@NicolasTsagarides That's what he described, as well.
Samy: I have more friends than you haha
Tom: *middle finger*
3 years of probation is so long for someone who did something so innocent.
he would have had 6 months to destroy all his electronic evidence
I need to get a life... *starts hacking Facebook*
What a absolute madlad
he left out the best part. Each profile infected with the code changed said profiles profile picture to a picture of Samy that says "Samy is my hero"
Wow, dude got lucky with the probation.
Edit: I'm shocked at the large percentage of comments that say that the punishment was extremely harsh, and that he did nothing wrong. Those of you saying that should read some recent articles about hackers that have gotten caught. I do get that it's a somewhat "cool crime," but it was still highly illegal.
This whole idea that "that the site had a vulnerability, so he didn't do anything wrong" is ludicrous. ALL hacking takes advantage of an exploit, so by that reasoning, no hackers have done anything wrong. He literally infected a multi-million dollar company's core operation with a worm. Ill-intenioned or not, it is still objectively illegal.
For those who say that today, he would've been paid and/or given a job with them: That only happens when you reveal the exploit to the company-not when you take advantage of the exploit to infect their servers!
2:09 when your going onto Roblox and that pops up
You: NANI?!?!?!?
"I went to the Apple store and bought a computer"
Apparently you were not fully rehabilitated.
Is it jus me or are the mouse clicks extremely satisfying !!
Samy is my hero!
Lmao
Sorry sir computers are known to cause cancer in the state of California
World's first virtual nuke
>2005
>19 years old
>break a popular internet
Me:
>2020
>22
>struggle typing hello world
Like woopsie daisy
you got arrested because of the incompetence of Myspace programmers? it's not like you took down the website with malicious intent. you were just experimenting with coding your profile - a freedom that they gave you.
Clearly you must have forgotten him saying that he was looking for exploits, which he found, and then he used to his advantage.
Emal A
cyber security does this, too. they look for exploits to fix.
and how did he use it to his advantage? he's said that it only started as an experiment, but ran out of control quickly. within a day he tried to stop it. the only real reason he got arrested is because he kept quiet about it (but can you blame him for that? a 19yo accidentally bringing down a highly trafficked website) and myspace was a popular website worth millions (or more). no one would have cared if it was some smaller site.
Well anyone could say "I was just playing around, i ment no harm!". It's the same as breaking into a bank and not stealing anything. He knew that what he was doing was illegal, it also caused Myspace to lose money since the site was down for a while.
i still don't think that's a good enough excuse to inflict an extreme legal punishment. "well anyone can say that, so it can't possibly be true." - they gave him the freedom to do that on their website. to me, that's their own fault.
it reminds me of Andrew "weev" Auernheimer, who simply added a one to the end of an AT&T email website domain and exposed a critical security flaw, reported it, and then was prosecuted and convicted to three years in prison (though, in reality, he got out after 13 months) for hacking. he was put in prison for arithmetic - a simple thing that any other bored/curious person could have done - which embarrassed AT&T by exposing their incompetence.
of course it's a programmer's responsibility. you can't design a website/application that stores sensitive data and then refuse all responsibility when a security flaw is exploited. doctors get in trouble for malpractice. lawyers get in trouble for incompetence. if you're a programmer that is designing complex programs that stores any private data of it's users, then you should be held accountable for any flaws exploited.
Best one so far
That was that he says, also being one of the internet’s most famous hackers doing hacks today.