Grand Theft Auto 6

So much for my delay post, though I suspect they would deny such a thing anyway.

Like Derbs said there was no way they were going to delay it, it's a massive company with so many people working on it probably wasn't even an option. But you can bank on the lawyers will on all channels of law enforcement to get the person responsible.

I mean whatever your personal opinions are on Rockstar, I personally am a big fan of their stuff despite the admittedly shitty way they've conducted themselves in the past in regards to crunch, work environment and things like the Definitive Collection, it's still an incredibly shitty thing that's happened to all of the real people who exist and work there.

Kinda shitty that they'd do that to a kid.
These hacks happen all the time, but they don't always throw their own under the bus like that.
Where was this level of victim protection during the iCloud nudes hack?

From what I read he's had previous before with being caught. I mean if you're going to play with the big boys then get prepared for everything that comes with it.

Because they can and because it’s not really that hard. You trick someone into giving you access/credentials and then you’re away. The problem is that devs are know it alls and if you build a security wall they will cry until you put a door in it. If you manage to hook a dev with a phishing email or text *boom* you’ve usually got admin on a box with the lowest security restrictions in the company. They are a fucking nightmare.

His ‘group’ booted him and leaked his details. Presumably because he can’t keep his mouth shut and runs around with his dick out after each hack. It’s lapsus and they are quite successful so they probably don’t want someone shouting ‘HEY IM IN LAPSUS’ at anyone who will listen. 

It’s literally a criminal enterprise. It’s like when Tony Soprano kills Tony B. If Steve Buscemi was 16.

Oh, good. Dumb little fuck needs a slap. 

He only has the one vector - Slack. His group might have been whitehat sec con hackers who had some element of legitimacy.

Nah, they go after data and then pivot to blackmail/extortion. We keep a ‘top 5’ threat actor list and they are one of the few non-nation state backed groups that always appear on it.  

I’m assuming R* had a ransom note last week and knew this was likely to be coming and probably isn’t all of it. If you have access to get 10k lines of code, you likely have access to pretty much everything. 

20 quid they got in with an MS account without MFA turned on. You spend all this money on firewalls and some idiots gives them the keys on a text message

The videos are from the slack channel but I can’t imagine he is dumping code from there. If it’s the same methodology as the Uber hack, he had the slack channel and admin on a fairly flat network.

. When you put it like that it really does make these hacks seem rather mundane rather than these Hollywood scenarios you imagine.

It shouldn’t matter where devs work, really. I’ve seen a few people say this is a reason to get people back in the office but you should be on a VPN back to base, a VPN to AWS, maybe a Citrix desktop or something and there should be corp security controls on box. Certainly at our place it doesn’t really make a difference if you’re sat in the building or in a McDonalds and you’d hope it would be the same for a company like take2.

Obviously something is wrong but I would bet my kidney on it being a dev account compromise which led to unfettered network access. And that’s where the problem is, really. Like you say, there should be network segmentation and managed passwords for doing elevated stuff. Which is exactly how they dicked Uber. Agile workplace = shit security because it’s a blocker.

We have two full time people who do literally nothing other than run down suspicious emails. It’s fucking insane. People scrape LinkedIn literally weekly, compromise email servers of small third party suppliers to send ‘invoices’….. all kinds of stuff.

I do this for a living and I’ve had stuff I’ve nearly clicked on.