September 15, 2019 at
In quite a career choice turnaround, a former hacker who used to steal login credentials to breach into accounts and post spam on users’ behalf has made a U-turn and is now providing advice when it comes to password behavior, most specifically, its reuse.
Kyle Milliken used to make a considerable
amount of money in his hacking career, but got caught not too long ago and is
fresh from serving a sentence of nearly a year and a half (17 months, to be
precise) for breaking into specific servers of enterprises and stealing
information from their databases.
Milliken, born in Arkansas and approaching 30
years old, was reintroduced to the society last week. Among his targets in his
hacking days was Disqus (he took 17.5 million users’ information,) Kickstarter
(5.2 million,) and Imgur (1.7 million.)
Milliken had known partners, so he didn’t work
alone in performing his shady acts. For quite some time, he and his associates
used other companies’ credentials that they stole as a platform to breach more
profitable accounts on third-party services.
They made a living by exploiting reused
passwords. Milliken and his associates used to enter other people’s email
accounts, social media accounts (including Facebook, Twitter, and Myspace,) and
used them to post spam advertising messages about several items, goods, and
It may look simple or rudimentary, but it was
extremely profitable for Milliken and his team. In a span of four years,
starting in 2010 and ending in 2014, they ran a very successful spamming
campaign by implementing the approach and made over $1.4 million, which they
spent in style.
However, it all ended very abruptly for the
cybercriminal. He was caught by the authorities and taken to custody in 2014
and for years helped them. That collaboration ended last year, though, after it
was made public that he was helping them and was punished by the cybercrime
A Change in Lifestyle
After leaving prison, the former hacker claims to be a new man and is looking to change his lifestyle. His interest in working as a hacker is over, and in an interview with a prominent cybersecurity site, he stated that he wants to return to school and start a career in the online security industry.
In other words, he wants to be on the other
side of the “battle,” looking for ways to raise awareness and search
solutions for the ever-growing cyber threats lurking around the web these days.
In the interview, he claimed that he is
starting from scratch and will prepare himself for every security certification
available. He said that as a 16-year-old high school dropout, he had to teach
himself all the things he now knows about the field.
However, he also observed that there are some
things he needs to work on that he wasn’t aware of when he was in the middle of
his hacking days.
As it turns out, Milliken is not the first ex
cybercriminal to work on the other side of the hall. One of the most widely
known cases is Hector “Sabu” Monsegur, who was a member of the known
hacking group LulzSec. Nowadays, he is working tirelessly at Rhino Security
Labs, a cloud security enterprise.
A Public Apology
Not only is Milliken willing to leave his
hacking days well behind him, but he is also willing to recognize his previous
lifestyle heavily affected other people’s lives. He offered a public apology to
one of its most lucrative victims, Kickstarter. His message was specifically
directed at the company’s CEO, via Twitter.
He explained that he was awarded lots of time
to think about what he did and the consequences it had on other people’s
projects and aspirations. He now sees things from other angles and claims that
back then, he didn’t think about the other end of the situation: talented,
honest people trying to make a living the right way.
He also observed that he didn’t imagine the
severe consequences that a security breach might have had, as people lost
resources, data, and precious time they invested in building their enterprises
and projects. He claimed that he feels remorse for putting people through what
he called “cyber hell.”
He even offered a free piece of advice to the cyber community around the world. Don’t reuse passwords and activate, whenever possible, the two-factor authentication as a way to better protect logins and access to accounts.