8 comments

[ 3.1 ms ] story [ 28.6 ms ] thread
"posting the university president’s Social Security number and phone number to reddit."

Isn't exactly "white hat"

(comment deleted)
(comment deleted)
Whitehat hackers know only to traverse, scan and exploit the networks which they own or have explicit written permission to use.

This guy got what was coming to him.

Some of the stuff he did would be considered 'grey hat,' but stuff like posting to Reddit is just plain stupid if he was trying to mitigate the trouble that he could get into.
Perhaps he had noble intentions, but any idiot can see that his methods were beyond stupid. Posting a SSN publicly is sure to get you noticed.

The other thing I noticed is that either the FBI has gotten really good dealing with proxies/VPNs or the guy really didn't know what he was doing.

I don't think that they needed to trace it back through the VPN. They started asking questions at his workplace (for whatever reason), and a co-worker turned over a chat log in which he was describing what he was doing. They could have just been questioning The Canton Group through 'good old fashioned police work.' It's not like The Canton Group was unconnected to the University.
Someone tell me how posting someones social security number online is considered whitehat? Also the manner in which he communicated was very harsh.

It seemed as though he was taking his frustrations on his employer out on his employers client.

Or perhaps all of this was his goal: hoping to get arrested, make a name for himself as a "brilliant young hacker" to build up his own security consulting firm.