California Man Pleads Guilty to Hacking NintendoPhishing Techniques Used to Steal Credentials and Company Data
A 21-year-old California man has pleaded guilty to repeatedly hacking gaming company Nintendo over three years to access servers and steal confidential data, including details on hardware, games and developer tools, according to the U.S. Justice Department.
Ryan Hernandez of Palmdale, California, pleaded guilty in U.S. District Court in Seattle Thursday to federal hacking charges as well as possession of child pornography after FBI agents found images on computers seized during the 2019 investigation, prosecutors say.
As part of a plea agreement, federal prosecutors and defense attorneys will recommend a three-year federal prison term for Hernandez when he's sentenced later this year, according to the Justice Department. He could have faced a five-year maximum sentence for the hacking charges as well as a 20-year sentence for possession of child pornography, according to the Justice Department.
Hernandez also will pay nearly $260,000 in restitution and must register as a sex offender.
Starting in 2016 when he was still a minor, Hernandez made multiple attempts to hack into Nintendo servers using phishing techniques to steal the credentials of company employees, according to the Justice Department. At one point, Hernandez leaked information about the anticipated Nintendo Switch console. In 2017, FBI agents confronted Hernandez at his parents' home, and he agreed to stop hacking Nintendo in exchange for federal authorities not pressing charges, according to court documents.
Between June 2018 and June 2019, federal prosecutors say Hernandez returned to hacking Nintendo, including the company's developer's portal, in an attempt to steal additional company data and developer tools.
"Hernandez returned to his malicious activities, hacking into multiple Nintendo servers and stealing confidential information about various popular video games, gaming consoles and developer tools," prosecutors say.
At the same time, Hernandez began discussing his hacking of Nintendo on social media platforms, including Twitter, as well as on an online chat forum called "Ryan's Underground Hangout," where he posted details about the hack as well as vulnerabilities in Nintendo's systems, according to the Justice Department.
In June 2019, FBI agents raided Hernandez's home and seized computers and other hardware, including an Apple Macbook, a Seagate hard disk drive and several Nintendo devices, where they found thousands of confidential Nintendo documents as well as images of minors contained in a file labelled "Bad Stuff," according to federal prosecutors.
Past Nintendo Hack
Over the years, Nintendo has proven to be a tempting target for hackers.
In April 2019, for instance, two U.K. citizens were given suspended sentences for compromising the corporate networks of Microsoft and Nintendo (see: Hacker Who Hit Microsoft and Nintendo: Suspended Sentence).
Between 2017 and 2018, Zammis Clark, a former security researcher at Malwarebytes, and his accomplice, Thomas Hounsell, breached the two companies' networks to steal in-development software and other sensitive information, which resulted in total damages of about $4 million, according to British law enforcement.
Clark hacked into corporate Nintendo servers using a VPN access to compromise the network security, authorities say. Once in, he accessed “highly confidential game development” that contained development code meant for then-unreleased games. He then went on to steal 2,365 usernames and passwords from Nintendo’s servers and continued to do so until Nintendo finally discovered the breach in May 2018, according to U.K. authorities.