Posted on September 15, 2019 at 3:03 AM
In quite a career choice turnaround, a former hacker who used to steal login credentials to breach into accounts and post spam on users’ behalf has made a U-turn and is now providing advice when it comes to password behavior, most specifically, its reuse.
Kyle Milliken used to make a considerable amount of money in his hacking career, but got caught not too long ago and is fresh from serving a sentence of nearly a year and a half (17 months, to be precise) for breaking into specific servers of enterprises and stealing information from their databases.
Milliken, born in Arkansas and approaching 30 years old, was reintroduced to the society last week. Among his targets in his hacking days was Disqus (he took 17.5 million users’ information,) Kickstarter (5.2 million,) and Imgur (1.7 million.)
Milliken had known partners, so he didn’t work alone in performing his shady acts. For quite some time, he and his associates used other companies’ credentials that they stole as a platform to breach more profitable accounts on third-party services.
They made a living by exploiting reused passwords. Milliken and his associates used to enter other people’s email accounts, social media accounts (including Facebook, Twitter, and Myspace,) and used them to post spam advertising messages about several items, goods, and services.
It may look simple or rudimentary, but it was extremely profitable for Milliken and his team. In a span of four years, starting in 2010 and ending in 2014, they ran a very successful spamming campaign by implementing the approach and made over $1.4 million, which they spent in style.
However, it all ended very abruptly for the cybercriminal. He was caught by the authorities and taken to custody in 2014 and for years helped them. That collaboration ended last year, though, after it was made public that he was helping them and was punished by the cybercrime community online.
A Change in Lifestyle
After leaving prison, the former hacker claims to be a new man and is looking to change his lifestyle. His interest in working as a hacker is over, and in an interview with a prominent cybersecurity site, he stated that he wants to return to school and start a career in the online security industry.
In other words, he wants to be on the other side of the “battle,” looking for ways to raise awareness and search solutions for the ever-growing cyber threats lurking around the web these days.
In the interview, he claimed that he is starting from scratch and will prepare himself for every security certification available. He said that as a 16-year-old high school dropout, he had to teach himself all the things he now knows about the field.
However, he also observed that there are some things he needs to work on that he wasn’t aware of when he was in the middle of his hacking days.
As it turns out, Milliken is not the first ex cybercriminal to work on the other side of the hall. One of the most widely known cases is Hector “Sabu” Monsegur, who was a member of the known hacking group LulzSec. Nowadays, he is working tirelessly at Rhino Security Labs, a cloud security enterprise.
A Public Apology
Not only is Milliken willing to leave his hacking days well behind him, but he is also willing to recognize his previous lifestyle heavily affected other people’s lives. He offered a public apology to one of its most lucrative victims, Kickstarter. His message was specifically directed at the company’s CEO, via Twitter.
He explained that he was awarded lots of time to think about what he did and the consequences it had on other people’s projects and aspirations. He now sees things from other angles and claims that back then, he didn’t think about the other end of the situation: talented, honest people trying to make a living the right way.
He also observed that he didn’t imagine the severe consequences that a security breach might have had, as people lost resources, data, and precious time they invested in building their enterprises and projects. He claimed that he feels remorse for putting people through what he called “cyber hell.”
He even offered a free piece of advice to the cyber community around the world. Don’t reuse passwords and activate, whenever possible, the two-factor authentication as a way to better protect logins and access to accounts.