Hacker Made $1,000 A Day from Stolen League of Legends Accounts

 Pages 1 2 NEXT
 

Hacker Made $1,000 A Day from Stolen League of Legends Accounts

Shane Duffy LoL

A hacker in Australia managed to make over $1,000 a day from accounts he stole from League of Legends databases.

With popularity comes potential vulnerability, as Riot Games continues to learn. In 2011 Riot Games's European server suffered a cyber attack where hackers made off with over 120,000 transaction records. Flash-forward to 2013 where another security breach occurred, this time on Riot's North American servers.

It looks like one person, Shane Duffy, was responsible for both intrusions.

Duffy, who went by the alias "Jason," was able to gain access to over 24.5 million accounts after obtaining password information through a brute-force attack on a senior member working at Riot. He first started using the information he gained from his hacks by kicking top players from the game like James "Phantoml0rd" Varga during one of his Twitch streams. He even transferred Phantoml0rd's account to Brazil so Varga's games would lag.

Duffy continued to have fun with other players, going on streams and threatening to reveal people's personal information while also stating "I am God, Jason." He gained admin access to the League of Legends forums and edited moderators' posts to confuse the community. Duffy even managed to log into Riot President Marc Merrill's Twitter account one day to leak internal information on an unreleased game he found during his hacks.

He was arrested in March 2014 by the Australian Cybercrime Unit. Before his arrest, he would sell legacy skins that were discontinued--but he obtained illegally--for $200 to $800 each. After he was let out on bail, he created a website called LoLip-op.com where people could pay to kick any one of those 24.5 million accounts and even setup DDoS attacks on players to help the buyer win matches. The site netted Duffy $1,000 or more a day. He was arrested again soon after and the police managed to seize $110,000 of Bitcoin from his records.

Shane Duffy is 21-years-old and has been homeschooled since fourth grade because according to his mother "the education system did not want him" due to his Asperger condition. He allegedly worked with a group of hackers who are still unknown, and he says they're responsible for other hacks like ones on Neopets and the Curse Network forums. He's been charged with three counts of computer hacking and misuse as well as several counts of fraud. He will have his day in court on July 24th.

Source: Daily Dot via Polygon

Permalink

"Shane Duffy is 21-years-old, has Asperger Syndrome, "
Yes, that is very important information related to the case. Not at all helping stigmatising to proliferate!!

Kenjitsuka:
"Shane Duffy is 21-years-old, has Asperger Syndrome, "
Yes, that is very important information related to the case. Not at all helping stigmatising to proliferate!!

Don't you know? It's stating unbiased information. Like finding Call of Duty in the room of a school shooter is just stating unbiased information.

Spoilers not opening, not being able to quote, what is this website coming to... OOOOH, Shiny!

@Kenjitsuka It is surprising and depressing how ignorant people are about Asperger syndrome. Adding little tidbits like these are not doing the image of the condition any good when people automatically assume you are intrinsically a trouble maker. You have to hide it until the person knows you well enough that you can tell them but in the meantime they believe you to be either aloof or a sociopath because the registration and expression of emotions is a challenge that not everyone with Aspergers can overcome. It is exacerbated when you run the gamut of sensory defensiveness, one track mind that filters everything else out, the occasional ticks, and inconsistent swings between extroversion and introversion. This is not even touching upon cognitive social incompetence/mal-development. It is a trying experience, growing up with Aspergers and knowing you will never truly live it out.

I need to be extra thankful that there were people who fought for me, to ensure that I had the skills and motivation to make through all of school, no matter how hard, and get a job. For people like this, who fell through the cracks, it sorrows me. But it sorrows me just as well that journalistic discretion was ignored and an already inherent stigma is reinforced. What was added to the story by mentioning him to be a high functioning autistic?

Now preview no longer works, ergh!

As soon as I saw this, all I could think of was:

image

I guess the only question left is:

'How can you imprison, that which has no life?'

Not sure which is more pathetic, his actions or the people who were actually paying him.

EDIT: in fact, I'm going to go out on a limb and say the latter -_-

Isn't brute force attacking, the most basic way of hacking? Scary.

The guy may have done wrong, but gotta give him credit for making a profit off of it pretty smartly

What a loser. For real I have no respect for people like him. People that just think the best thing in the world is to make other peoples lives harder for no reason.

harrisonmcgiggins:
Isn't brute force attacking, the most basic way of hacking?

Pretty much. Which doesn't say very charitable things about Riot's security.

Just that they don't use physical login tokens (which any big company should, but it's hardly standard practice) and that they probably don't have heuristics to detect anomalous logins (which any big company should, but it's hardly standard practice). Really login security is atrociously weak across the industry, internet is a hacker's heaven.

I suspect there are conspiracies to keep internet security weak by the security services ... there are so many things which would be trivially easy to introduce or to create official recommendations from government to do which could improve matters, but instead security has been at a stand still for decades.

He probably got the account database for some other forum the admin used and brute forced the key from that ... that's how passwords are usually cracked, since a lot of people reuse the same password.

Every Semi-Nerd has Aspergers according to the definition thats commonly known. It takes a professional psychologist or psychiatrist to deduce wether or not the behaviour of that person actualy stems from a form of autism or he/she is simply not conforming due to other reasons.

Still, LoL is a super high profile game, so I get why it gets lots of negative attention like that. Lots of instances mean that someone somewhere is bound to succeed at some point. I feel sorry for the part of the community that simply wants to enjoy a competitive game.

Who the fuck uses Jason as a code name? Jason doesn't sound cool at all, I should know. I've been stuck with the damn name for nearly twenty years.

To sum up my opinion, kudos to him for being so stealthy about it, I lack any sort of respect for him, and Asperger Syndrome has nothing to with this. This was just a human being greedy.

all things said thats an impressive résumé

Kenjitsuka:
"Shane Duffy is 21-years-old, has Asperger Syndrome, "
Yes, that is very important information related to the case. Not at all helping stigmatising to proliferate!!

True, what point is giving this information out, especially the the Aspergers and home schooling tidbit?

Neopets is still a thing? Da fuq?

Anyway, this is quite scary, i have many friends who play this and i hope they didn't get affected.

He allegedly worked with a group of hackers who are still unknown, and he says they're responsible for other hacks like ones on Neopets

Neopets? Shit. We're dealing with a pro here! (I didn't even know Neopets was still a thing)

I kind of hope they will also be able to go after the people who were paying this guy for fucking around with other peoples accounts/matches. If you need to pay someone to hack a game and boot someone from a match you're kind of pathetic. Although I'm not sure what Riot could do. Reset their account so it has no wins?

I don't know what's more pathetic: This guy, or the people who paid so much for his "services".

I mean, seriously. Paying someone to DoS your opponent so you can win? Weak.

Fat kid with glasses, home schooled....nerd hacker?! Grats to his mom for creating this monster.

Looks like the only thing he's hacking into is diabetes....am I right? Because he's overweight and probably just sucks down high fructose drinks and cheetos.

Whoa...whoa...whoa...someone took the time to actually hack Neopets? Why? O_o

Just reading this article it almost sounds like he would've gotten away with his attacks for a lot longer if he wasn't publicly acting like a colossal douche bag to people on the forums.

It almost seems like he was ASKING to get arrested with all the stunts he pulled. And it clearly does seem to be the case because immediately after bail he goes and makes a website where people can pay to get others kicked off of LoL.

This is amazing.

Sounds like Asperger is gonna be the defense more than anything. As another poster mentioned Aspergers is not autism and it's being over diagnosed a lot the last couple years. The things he did do not describe someone with an illness affecting their actions. He just sounds like a spoiled asshole.

"Shane Duffy is 21-years-old, has Asperger Syndrome"
You forgot other pertinent information such as "fair skinned and slightly obese male of the species Homo sapiens sapiens".

What has him having Asperger's to do with him being a douchebag?
I happen to have it too (properly diagnosed, mind you) and I've never participated in any illicit or anti-social activities (besides file-sharing and engaging in pointless debate on internet forums).

Esmeralda Portillo:
Shane Duffy is 21-years-old, has Asperger Syndrome

As someone with Asperger's Syndrome/High Functioning Autism, I take offense at this being brought up as almost a 'justification' for his actions...people treat it like the ultimate defense against being a jerk. I may not pick up on small social cues as easily as others, but I know 'wrong' when I see it. It's just kind of a hot button for me when it's brought up in the 'Oh, this jerk has Aspergers, though!'

Uratoh:

Esmeralda Portillo:
Shane Duffy is 21-years-old, has Asperger Syndrome

As someone with Asperger's Syndrome/High Functioning Autism, I take offense at this being brought up as almost a 'justification' for his actions...people treat it like the ultimate defense against being a jerk. I may not pick up on small social cues as easily as others, but I know 'wrong' when I see it. It's just kind of a hot button for me when it's brought up in the 'Oh, this jerk has Aspergers, though!'

I can understand how a few of you saw that portion and believed that was coming to a conclusion that it's justifying his actions, but that's not the case at all when I put it in the article. I added it because of how his mother said it was the reason he was homeschooled, that's all. This news article is not making any assumptions on his character based off his pre-existing conditions, because I am in no way an expert to make such assumptions, nor is it my role to make speculations.

The Rogue Wolf:
I don't know what's more pathetic: This guy, or the people who paid so much for his "services".

I mean, seriously. Paying someone to DoS your opponent so you can win? Weak.

Seriously. Negative 500 respect points for this loser. Could have been so much more with his talents and chose to make profit off unsportsmanship and misery.

Asshole.

And having aspergers and homeschooling is no excuse for this noise, piss off with that.

I had a rough time of it through the 'glorious education system' too, and was socially inept all the way up until my final years of school. (Lighter cases obviously but some mirroring circumstances) Clearly I'm on a road to ruin. Oh wait no, I choose to not be a prick.

Starke:

harrisonmcgiggins:
Isn't brute force attacking, the most basic way of hacking?

Pretty much. Which doesn't say very charitable things about Riot's security.

Yeah. I was under the assumption that brute force could really only ever work on the most basic of systems. I'm talking poorly passworded rar files.

Has anyone commented on his hair? Not in a rude way, but he totally has a slight Flock of Seagulls thing going on and that's fabulous(ly wrong).

Esmeralda Portillo:

Uratoh:

Esmeralda Portillo:
Shane Duffy is 21-years-old, has Asperger Syndrome

As someone with Asperger's Syndrome/High Functioning Autism, I take offense at this being brought up as almost a 'justification' for his actions...people treat it like the ultimate defense against being a jerk. I may not pick up on small social cues as easily as others, but I know 'wrong' when I see it. It's just kind of a hot button for me when it's brought up in the 'Oh, this jerk has Aspergers, though!'

I can understand how a few of you saw that portion and believed that was coming to a conclusion that it's justifying his actions, but that's not the case at all when I put it in the article. I added it because of how his mother said it was the reason he was homeschooled, that's all. This news article is not making any assumptions on his character based off his pre-existing conditions, because I am in no way an expert to make such assumptions, nor is it my role to make speculations.

I think you could reword it slightly to better reflect that point. Putting it out front and foremost portrays a different message, I think.

Not that I was offended, but I can see why some might be and clearer wording seems like a good idea.

Fancy Pants:
I think you could reword it slightly to better reflect that point. Putting it out front and foremost portrays a different message, I think.

Not that I was offended, but I can see why some might be and clearer wording seems like a good idea.

Understood and reworded to better reflect that.

Esmeralda Portillo:

Fancy Pants:
I think you could reword it slightly to better reflect that point. Putting it out front and foremost portrays a different message, I think.

Not that I was offended, but I can see why some might be and clearer wording seems like a good idea.

Understood and reworded to better reflect that.

Nice work. That seems much more on point :D

Esmeralda Portillo:
Understood and reworded to better reflect that.

Indeed, thank you. It's kind of a pet peeve of mine seeing it in any way as a 'justification' for actions. Looks much better like this.

I can think of a no more noble endeavor than making the lives of MOBA players miserable, good on him for not doing anything seriously malicious with his talents.

I hope he gets out and has a bright future as a network security consultant.

So clearly, crime really doesn't pay. I mean, yeah, he stole money, but obviously he's been caught at it, so backpeddling now.

piscian:
Sounds like Asperger is gonna be the defense more than anything. As another poster mentioned Aspergers is not autism and it's being over diagnosed a lot the last couple years.

Um, yes, it is? Being properly diagnosed with it, and going to a school that had a handful of others who were diagnosed with it, not to mention all of the research gone into it... It's very clear it IS a form of autism. Just wanted to get that out. But, you are right, I hear it often of being mis-diagnosed; not to mention it's so common people throw it around on the internet like it's some kind of insult. It's kind of annoying, and gives off a bad name for the people who do have it. I already had a hard enough time dealing with it. I don't need some stereotype following ime as well just cause some people are too ignorant to understand it.

OT: Holy hell, that's a lot of cash... And people did this stuff just to win at rounds? People PAYED for that? Why? Just get better. Or not be a total prick. That's just insane. But, this guy is just as bad for doing all of this. I don't care the reason for it, I'm glad to hear that he has been dealt with

so what i get from this story is that Riot games have pretty much no security (a staff member can copy user database and noone notices?) and staff members should not have acess till they learn proper security basics. if you can bruteforce a password, the owner of such password should not be let anywhere near secure information. Bruteforcing is hard even with most modern tech, via internet bruteforcing is far harder due to much higher delay of response. The password was 6 or less characters long to bruteforce it.

Elfgore:
Who the fuck uses Jason as a code name? Jason doesn't sound cool at all, I should know. I've been stuck with the damn name for nearly twenty years.

probably somone that wants to throw his tracks off to somone acutally named Jason. imagine you get a chatlog of hackers chatting and one of them is named Jason. surely its possible hes actually named Jason then. its throwing his scent away a bit.

CriticalMiss:

I kind of hope they will also be able to go after the people who were paying this guy for fucking around with other peoples accounts/matches. If you need to pay someone to hack a game and boot someone from a match you're kind of pathetic. Although I'm not sure what Riot could do. Reset their account so it has no wins?

well, DDoS is a crime. You could argue that they were acomplices in a crime, just like a person hiring a hitman would be. Thus Riot could probably sue them.

XenoScifi:

Looks like the only thing he's hacking into is diabetes....am I right? Because he's overweight and probably just sucks down high fructose drinks and cheetos.

I dont consume either and im overweight. but apperently stereotyping is ok as long as its some cirminal.

piscian:
Sounds like Asperger is gonna be the defense more than anything. As another poster mentioned Aspergers is not autism and it's being over diagnosed a lot the last couple years.

cant speak about overdiagnosis (more like, underdiagnosis of actual Aspergers, overdiagnosis of self-diagnosis kind) but Aspergers is on the Autism spectrum.

Hey, us Aspies are people too. We're just as capable of being an apathetic, scamming asshole as the next guy!

I get tired of the whole misconstruing of what autism/aspergers actually does and whether or not it's relevent. It's an unimportant detail up against the real issue, which is of course that he wanted to make a quick buck with his mad skillz. This is, therefore, about as bad as someone saying they learned how to fire a gun from an FPS.

 Pages 1 2 NEXT

Reply to Thread

Log in or Register to Comment
Have an account? Login below:
With Facebook:Login With Facebook
or
Username:  
Password:  
  
Not registered? To sign up for an account with The Escapist:
Register With Facebook
Register With Facebook
or
Register for a free account here