Hackers Exploit U.S. Army, Microsoft

Apache Helicopter Simulator, Xbox Prototype Allegedly Stolen
Hackers Exploit U.S. Army, Microsoft

Four alleged members of an international hacking ring have been charged by U.S. authorities with using malware and SQL injection attacks to steal intellectual property valued at more than $100 million from the U.S. Army, Microsoft, as well as game-makers Epic, Valve and Zombie.

See Also: Hunt Cloud Threats or Be Hunted | CISO Guide to Cloud Compromise Assessments

"The members of this international hacking ring stole trade secret data used in high-tech American products, ranging from software that trains U.S. soldiers to fly Apache helicopters to Xbox games," says Leslie Caldwell, the Assistant Attorney General of the Justice Department's criminal division.

Four men have been charged under an 18-count superceding indictment that was filed April 22 and unsealed Sept. 30: Nathan Leroux, 20, of Bowie, Md.; Sanadodeh Nesheiwat, 28, of Washington, N.J.; David Pokora, 22, of Ontario, Canada; and Austin Alcala, 18, of McCordsville, Ind.

Pokora was arrested on March 28, 2014, while he attempted to enter the United States from Canada. "Pokora's plea is believed to be the first conviction of a foreign-based individual for hacking into U.S. businesses to steal trade secret information," the Justice Department says. Leroux and Nesheiwat were arrested in April 2014. A Justice Department spokesman wasn't immediately available to detail when Alcala was arrested.

In a Sept. 30 court hearing, both Pokora - a.k.a. Xenomega - and Nesheiwat - a.k.a. rampuptechie, Soniciso - pleaded guilty to conspiracy to commit computer fraud and copyright infringement. They're scheduled to be sentenced on Jan. 13, 2015, and reportedly face up to five years in prison and a fine of up to $250,000 each.

"These were extremely sophisticated hackers ... Don't be fooled by their ages," assistant U.S. attorney Ed McAndrew said after the court hearing, the Guardian reported. McAndrew said the investigation began in 2011, after FBI officials in Delaware were alerted to the hackers' activities by a confidential informant.

According to the U.S. indictment, the gang allegedly regularly employed malware and SQL injection attacks to steal credentials that allowed them to access targeted websites. All told, the gang allegedly stole tens of thousands of usernames, and committed numerous counts of identity theft, in part by using people's stolen personal information to submit applications for credit card accounts with limits of up to $20,000.

But two co-conspirators listed in the indictment weren't charged by U.S. authorities. One was referenced only by their initials - "C.W." - alias "Gamerfreak" - and resides in North Carolina. The other is Dylan Wheeler, 19, of Perth, Australia, who's currently on bail and awaiting trial. Wheeler told the Guardian that he disputes the U.S. government's allegation that the group compromised intellectual property valued between $100 million and $200 million, noting that the impetus behind the "extremely disorganized group" wasn't monetary, aside from a theft orchestrated by one member of the group. "It was just curiosity."

Apache Helicopter Simulator

Authorities say the gang operated from about January 2011 to March 2014, and its members have been charged with numerous crimes, including accessing the U.S. Army's Perforce Virtual Private Network as well as the Apache Helicopter Pilot "AH-64D Apache Simulator" software, developed by Zombie Studios, that was stored there.

In September 2011, Pakora allegedly used TeamViewer remote-access software to allow the rest of the gang, as well as an unnamed "Person A," to view his computer, according to the indictment. "This computer contained multiple databases within a 'Hacking' folder, labeled in a manner consistent with the victims' names, including: Epic Games (i.e. 'epicgames_user_db_cracked') and Valve Corp. (i.e. 'steam_valve_accs.html')."

The group allegedly also targeted Epic's computer network, stealing a copy of the "Gears of War 3" Microsoft Xbox title prior to its release, and the Activision Blizzard network, stealing a pre-release copy of "Call of Duty: Modern Warfare 3." The group allegedly also broke into that the network of Zombie Studios, which develops U.S. Army helicopter simulation software, around July 2012, and stole log-in credentials from gamemaker Valve.

Xbox One Prototype

The gang allegedly also hacked into Microsoft's Game Development Network Portal and stole software related to Xbox Live, as well as for the XBox console code-named Durango, which was released in November 2013 as the Xbox One.

Leroux - a.k.a. natelx, anemiefre4k, voicd mage, Cthulhu, confettimancer, Durango - has also been charged with committing mail fraud after he allegedly stole Xbox information from Microsoft, ordered parts from Newegg, and built a counterfeit Xbox One console, which sold on eBay for $5,000.

The indictment also charges Alcala and Pokora with commissioning "the physical theft ... of multiple Xbox Development Kits (XDKs) from a secure building on Microsoft's Redmond, Washington campus," from two unnamed individuals, who were allegedly provided with stolen credentials that allowed them to access the Microsoft facility and steal three prelease versions of the Xbox One.

The Justice Department says it's seized more than $620,000 in proceeds "related to the charged conduct," including cash, funds stored in PayPal, and 27 XBox consoles.

About the Author

Mathew J. Schwartz

Mathew J. Schwartz

Executive Editor, DataBreachToday & Europe, ISMG

Schwartz is an award-winning journalist with two decades of experience in magazines, newspapers and electronic media. He has covered the information security and privacy sector throughout his career. Before joining Information Security Media Group in 2014, where he now serves as the executive editor, DataBreachToday and for European news coverage, Schwartz was the information security beat reporter for InformationWeek and a frequent contributor to DarkReading, among other publications. He lives in Scotland.

Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.com, you agree to our use of cookies.