Ruined Christmas for myself

[Nikolas Di Domenico]

I am a Cybersecurity student. Recent a package came to our doorstep, of course, I knew what it was right away. It was a DSLR camera, being the cybersecurity student that I am I hacked into my mom and dads. Amazon and eBay account and found out what they are getting me. I feel that password security is very vital to keep secret information safe. Obvious to my parents this is not the case. Using the same passwords with no special characters, not a single uppercase letter I hacked into the accounts very easily. For actual password programs, this password could take seconds to crack. So, of course, being the aspie that I am I told my mom that they need to update their password because it is a security risk. If someone wanted to they could easily get into these accounts and hack them. Of course, my parents flipped out at me saying they are returning the gifts they got me. Knowing them however they are probably bluffing. Every year I go through the same thing with them finding receipts, boxes, and or other clues that easy for me to know what I get. Has anyone experiences like this before? Also, if they are not bluffing what should I do?

 

[Gritches]

When I was a kid I always knew where my parents hid the Christmas presents. I'd always check it out but never told them I found the presents because I knew they'd just move them the next year and I'd just act surprised when unwrapping them. So I ruined Christmas for myself every year, but what can I say? I hate surprises.

Not quite the same thing, I know. But if they're not bluffing, have you tried apologizing profusely? I'd do that anyway to hedge my bets, if you haven't. They probably feel at least a little violated.

 

[Nikolas Di Domenico]

When I was a kid I always knew where my parents hid the Christmas presents. I'd always check it out but never told them I found the presents because I knew they'd just move them the next year and I'd just act surprised when unwrapping them. So I ruined Christmas for myself every year, but what can I say? I hate surprises.

Not quite the same thing, I know. But if they're not bluffing, have you tried apologizing profusely? I'd do that anyway to hedge my bets, if you haven't. They probably feel at least a little violated.

No, I haven't Gritches thanks for the advice. I was planning on doing that tonight and talking to them about password security and why it is important. Thanks!

 

[pjcnet]

Lol, I remember at school in the 1980s when the head of computers was all proud of their new password security system on their s***ty Research Machine's 480Z network. After school the teacher caught me trying to crack the master password, but instead of having a major go he simply said, carry on, continue, you will never get past this system. The next day I went up to him and whispered into his ear the master password which I always remember was the head master's 3 initials followed by a space, followed by his 3 initials lol! Unexpectedly he went nuts and banned me from the computer room, but after a few days I was invited back and he actually let me work part time in the evenings and breaks as a server administrator which I loved, I ended up in a position of real trust and worked more like equals with the computer teacher. When I first cracked the password I remember seeing folders of school reports and future exam papers (not public exams as they were sent securely by courier in those days), I chose not to tamper or even look at them, but I could have done and I think the teacher respected me for that. Back in those days it wasn't illegal to hack into a system as long as you caused no damage, but times have changed and it's now obviously a criminal offence.

Back to password security, yes I know very well how easily passwords can be hacked/cracked as I did some volunteer work as a sysop on a busy live server and website for a while and I had to defend against various cyber attacks (well it wasn't seen as work to myself as I enjoyed it, but sadly the site is now closed). One attack involved a database leak from a similar website I wasn't involved with where some people used the same username and password, a hacker then started using this information to compromise accounts on our system. I had to download the leaked database and then get the server to crosscheck people's login details as they logged into the system, then if they matched I then forced users to change their password and also verify their email. It was surprising how many people used the same username and password and many even didn't listen to an initial news announcement I put on the site warning them to change their passwords after the leak until I forced them to. Edit: I also manually checked their IP address history to ensure they were now logging in from an expected IP address after the change. I started identifying the hackers IPs and had to lock down numerous already compromised accounts that had been accessed by them too. Overall it was quite a bit of work.

If people think they're safe please visit https://haveibeenpwned.com/ and enter your username and/or email address, a large proportion of people will be shocked and then finally they may take password security more seriously. Also these are only known leaks, there are obviously a lot more.

People may also want to watch this video:

Edit:
(Unfortunately even today many sites / systems still use outdated MD5 hashes instead of Bcrypt / blowfish which takes considerably longer to crack, a few sites even surprisingly still use easily reversible encrypted passwords or even worse plain text, you know this if they send you your actual password to your email address when you state you've forgotten it instead of asking you to change it, I've seen this only recently and the system admins wouldn't even listen to me when I warned them how insecure their system was even though their sister site was in fact totally compromised about a year earlier along with 100% of both usernames and passwords, this is amazingly quite a well known hosting company I will no longer use.)

TIP: To manage secure unique passwords for every site on the Internet that is important to you, I recommend using a password manager such as LastPass (freeware) or KeePass (open source), but please ensure that your master password is especially secure and you don't lose it.

 

[Nikolas Di Domenico]

Lol, I remember at school in the 1980s when the head of computers was all proud of their new password security system on their s***ty Research Machine's 480Z network. After school the teacher caught me trying to crack the master password, but instead of having a major go he simply said, carry on, continue, you will never get past this system. The next day I went up to him and whispered into his ear the master password which I always remember was the head master's 3 initials followed by a space, followed by his 3 initials lol! Unexpectedly he went nuts and banned me from the computer room, but after a few days I was invited back and he actually let me work part time in the evenings and breaks as a server administrator which I loved. I remember seeing folders of school reports and exam papers (not public exams as they were send securely by post in those days), I choose not to tamper or even look at them, but I could have done and I think the teacher respected me for that. Back in those days it wasn't illegal to hack into a system as long as you caused no damage, but times have changed and it's now obviously a criminal offence.

Back to password security, yes I know very well how easily passwords can be hacked/cracked as I did some volunteer work as a sysop on a busy live server and website for a while and I had to defend against various cyber attacks (well it wasn't seen as work to myself as I enjoyed it, but sadly the site is now closed). One attack involved a database leak from a similar website I wasn't involved with where some people used the same username and password, a hacker then started using this information to compromise accounts on our system. I had to download the leaked database and then get the server to crosscheck people's login details as they logged into the system, then if they matched I then forced users to change their password and also verify their email. It was surprising how many people used the same username and password and many even didn't listen to an initial news announcement I put on the site warning them to change their passwords after the leak until I forced them to.

If people think they're safe please visit https://haveibeenpwned.com/ and enter your username and/or email address, a large proportion of people will be shocked and then finally you may take password security more seriously. Also these are only known leaks, there are obviously a lot more.

People may also want to watch this video:

I agree, my father is the head of the SPCA here in Rochester. He is good friends with the head of the FBI cybersecurity division in Rochester. Having me as a son also should also teach him and my mother to update passwords and stay safe online. However they must not listen to the news, and or me telling them out the cyber threats that are out there.

 

[Ambi]

I am a Cybersecurity student. Recent a package came to our doorstep, of course, I knew what it was right away. It was a DSLR camera, being the cybersecurity student that I am I hacked into my mom and dads. Amazon and eBay account and found out what they are getting me. I feel that password security is very vital to keep secret information safe. Obvious to my parents this is not the case. Using the same passwords with no special characters, not a single uppercase letter I hacked into the accounts very easily. For actual password programs, this password could take seconds to crack. So, of course, being the aspie that I am I told my mom that they need to update their password because it is a security risk. If someone wanted to they could easily get into these accounts and hack them. Of course, my parents flipped out at me saying they are returning the gifts they got me. Knowing them however they are probably bluffing. Every year I go through the same thing with them finding receipts, boxes, and or other clues that easy for me to know what I get. Has anyone experiences like this before? Also, if they are not bluffing what should I do?

If they are not bluffing, it is their right. It is their right to return everything if they want. It is their right to have whatever poor/weak password that they like. You could have just told them the info instead of hacking their accounts. If they didn't take it seriously enough, that was their right. It was NOT your right to hack their accounts. Just as it is NOT the right of criminals to do that, even if they do it anyway. My advice to you is stop doing things that upset people who are kind enough to buy you gifts.

 

[Tom]

1) Stop invading your parent's privacy.
2) It's good not to get any Christmas gifts at least once in your life.

 

[Mia]

Parents don't like it when their children push them into something, in what they might consider something of an arrogant way. To them no matter how old you are, you are still somewhat a child with less life experience than they have.
It may have been better to salve their pride/ego by not mentioning it. I've done similar things, that family and friends don't know about. Mainly to see if I could, or to learn something new. People use computers at different levels.
They'll get over it, and change their passwords, and you will get gifts I imagine. They will also likely tell their friends about it, once they are used to the idea that it happened.

 

[Lady Penelope]

I don't like surprises.
If I know what I'm getting I can prepare and react appropriately.
I see no issue with what you did except telling your parents you did it. Raising the password issue is a good idea, but you could tell them you read / saw something relating to cyber security ... white lie.
I know my opinion is controversial but...

 

[Ambi]

Wow....it's sad how few people on this thread see that the invasion of privacy is wrong, whether the parents were told or not. I think it's disgusting to invade people's privacy like that. To not have that much respect for other people is really wrong and disturbing - getting away with it or not getting caught does not make it okay.

 

[Judge]

Snooping around the house to discover Christmas presents is one thing. Hacking your parents' accounts is quite another. It's a fundamental breach of privacy deserving profound apologies. Whether you get your presents or not.

If anything, think of how important it may be in the future for you to don on that "white hat".

 

[WittyAspie]

I'm gonna ignore the moral implications of your actions and point out the obvious.

You should have waited until December 26 to tell them.

 

[The Midge]

Ruined Christmas? I think that is a bit extreme. It isn't all about presents anyway.

Mind you what you did is a bit more high tech than searching under their bed. Time to plead that you are one of those hackers that probe security in order to improve it. I would be hacked off if one of my children did it too me. Being 'Fraped' is bad enough.

 

[xudo]

When I was a kid I always knew where my parents hid the Christmas presents. I'd always check it out but never told them I found the presents because I knew they'd just move them the next year and I'd just act surprised when unwrapping them. So I ruined Christmas for myself every year, but what can I say? I hate surprises.

I hate surprises too, but I was told not to look for where Christmas presents were hidden so I didn't. I knew I wasn't supposed to and that I would get into trouble These days my Mum just asks us what we want.

 

[Riley]

I almost lost Suicide Squad. And that turned me into a wreck.

 

[OlLiE]

- you could have asked your parents if you could check their password security
- don't look a gift horse in the mouth, its not because you got into the account that you had to look further once you were there
- if you did it with the purpose to find out what your gifts are, then why would you have told your parents
=> trying to mixing two conflicting goals in one action is generally not a good idea

 

[pax]

1. Stop snooping. That'll ruin your surprises right there.
2. Stop invading people's privacy and hacking their accounts. They have every right to be pissed off.

 

[Fridgemagnetman]

1. Stop snooping. That'll ruin your surprises right there.
2. Stop invading people's privacy and hacking their accounts. They have every right to be pissed off.

3. Don’t ruin Xmas for everyone else.
(Wonder if Santa uses pa55word for his email)

 

[Bella Pines]

Yes I have on both sides. I was a precocious child and did what you did. My mother once hid a present in a locked suitcase and so I learned how to pick simple locks and opened it. The present was a bar of toblerone and I didn't really like nuts back then.

Now, ironically I have a precocious child who does that to me and his father now.

Having learned a few lessons I would say

• You haven't ruined xmas, family dramas are a tradition
• Your parents are probably blustering because deep down they know their child can outsmart them, but they will also be incredibly proud of you and love you none the less
• They don't sound like aspies, so you will have to play the game. I pretended to believe in santa for a about 4 years after I figured it out just to keep the grown ups happy. So next year, pretend they have gotten the better of you and act surprised
• Keep finding out, I really don't like surprises. If it's a disappointment I need the time to practice my happy-surprised face. It's a pretty scary face but at least I try.
• Let them learn the hard way. If someone hacks their ebay account then they can probably get a refund via paypal. You can offer but not force help, you've done all you can by telling them, it's now their responsibility.
• Don't expect people to be grateful for your help, often it's something they don't want to hear. Same for "I told you so". Simply do your best and then if they ask, be ready to assist.

Good work on the studies too, use your powers for good.

 

[Bella Pines]

and I LOVE both the suicide squad film and soundtrack! last year I dressed up as harley quinn and followed my kids round the trick or treat circuit with a baseball bat.