It says "He broke into the company's internal Slack messaging system ".
It does seem likely their approach is something along the lines of phishing or, given some of the other notes in the article, a combination of social engineering or stalking and blackmail...
I have a feeling a lot of these hacker groups that are heard about do very little code exploitation. I think a lot of it is: find info on employees of a company, maybe find their old social media accounts, maybe find some stuff they might not want their coworkers to ever know about or their spouses etc. And then harass and blackmail the employees for a way in.
If the news agencies were better at reporting, I think a lot of people would see these type of 'hackers' as less 'ooooh brilliant genius child like in the movies' and more 'straight up criminal harasser with no more skill than any normal software developer'.
The problem is that reporting the truth - "socially-awkward teens hacked their way into large companies by manipulating their idiot employees and exploiting lax security policies" would force many powerful people into answering uncomfortable questions and expose incompetence at many levels.
Keep in mind that at least one of the hacked companies (BT - British Telecom) is culturally relevant in the UK and sadly it is mostly considered as trusted and competent by the general non-technical population. Hell, they've even got a cybersecurity arm: https://www.globalservices.bt.com/en/solutions/security
It would be really inconvenient if it became common knowledge that all this perceived trust & competence was nothing more than smoke & mirrors and that some kids can blow right through it.
Therefore, there's a vested interest all the way up from the government to make the hack more sophisticated than it really is and the hacker a meaner monster than he is. That's also the reason behind the disproportionate sentence, despite similar phishing/social engineering/stalking crimes against the layman not being prosecuted at all.
I imagine that is because Microsoft bends the knee and pays fines to Europe every few years and complies with its orders. The Microsoft software/services the USA see's is different to the Microsoft Software/Services the EU sees.
I don't think launching an MVP (which this was) works when there is such a large established monopoly your trying to disrupt. Especially as the MVP offers nothing new?
"In 2022, Google made upward of $30 billion in revenue from the sale of ad space on publishers’ websites. That was six times the digital advertising revenue of all U.S. news publications, combined. In a functioning market, no one would expect the middleman to make more than the content creator."
Do they think the only "publishers" are "us news publications" or just purposely misleading readers?
I don’t think this is about competing with Cloudflare. Google Domains is good-enough and likely better for most of their users than Cloudflare, if only because they already have a Google account and know the brand.
Cloudflare’s core business is being the front end of your web presence. They provide DNS and CDN services, so bring a registrar is a natural fit because it provides the last thing you need to keep your web site online and secure. There’d be demand for a registrar just because that’s what prevents domain takeover attacks on the first part of that security chain.
