Hackers charged with stealing over $100 million worth of US army and gaming technology

[Himanshu Arora]

Four hackers have been charged with breaching the computer networks of major technology companies and the US Army, and stealing more than $100 million in intellectual property, the US Department of Justice revealed yesterday.

According to court records, from January 2011 to March 2014, the four men allegedly hacked into the computer networks of Microsoft, Epic Games, Valve Corporation, Zombie Studios, and the US Army, stealing unreleased software, software source code, trade secrets, copyrighted and pre-release works, and other confidential and proprietary information. 

The alleged cyber theft included software and data related to Microsoft's Xbox One gaming console and Xbox Live online gaming system, pre-release copies of popular video games such as Call of Duty: Modern Warfare 3 and Gears of War 3, as well as Apache helicopter training software. The DoJ claimed the technology was worth between $100 million and $200 million.

Part of the group called Xbox Underground, the four allegedly used SQL injection attacks and stolen usernames and passwords of company employees and their software development partners to break into the targeted companies' networks.

Nathan Leroux, 20, of Bowie, Maryland; Sanadodeh Nesheiwat, 28, of Washington, New Jersey; David Pokora, 22, of Mississauga, Ontario, Canada; and Austin Alcala, 18, of McCordsville, Indiana, were charged on 18 counts by a federal grand jury in the District of Delaware on April 23, 2014.

The charges include conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft, and theft of trade secrets, as well as individual counts of aggravated identity theft, unauthorized computer access, copyright infringement, and wire fraud.

Pokora and Nesheiwat have already pleaded guilty to conspiracy to commit computer fraud and copyright infringement, and are scheduled for sentencing in January. Both face up to five years in prison.

“These were extremely sophisticated hackers ... Don’t be fooled by their ages”, said assistant US attorney Ed McAndrew after a court hearing yesterday.

Permalink to story.

https://www.techspot.com/news/58261-hackers-charged-with-stealing-over-100-million-worth-of-us-army-and-gaming-technology.html

 

[Kibaruk]

So sophisticated that they got caught.

All they missed charging with was treason =P

 

[davislane1]

$100,000,000.00 worth of IP? Pfft. Call me when they crack the half-billion mark.

 

[Skidmarksdeluxe]

Maybe it's a good thing they got caught because most likely they'll be offered lucrative positions at these various tech companies (the US Army will make them generals immediately) after they've received their slap on the wrist.

 

[TheDreams]

*next week starts their job at NSA.

 

[Radient]

Lulz so much butthurt, secure you systems a 18 year old could break in did he start collage at 12 or did you morons just hire checkbox pentesters for your security.

 

[Radient]

“These were extremely sophisticated hackers ... Don’t be fooled by their ages”, said assistant US attorney Ed McAndrew after a court hearing yesterday.

"Kevin mitnick can lauch nukes if he whistles into a telephone" . Not insulting the guys that did this just the stupid responce.

 

[Nima304]

These were extremely sophisticated hackers...

...allegedly used SQL injection attacks...

Not sure if you guys know how SQLi attacks are done, but it's essentially a copy/paste attack. This type of attack is so easy to patch (it comes down to input sanitation in webpages where data is inputted [think search bars on a website]), that it's ridiculous that the U.S. Army would be vulnerable to it in this day and age. I've seen firsthand how the government tries to treat these hackers; they take the approach of "we had great security, but these hackers were smart enough to get past it," although in this case and in most cases, the security was so lax it was practically nonexistent. A child can learn how to do an SQL injection attack, and a second-year college student studying Computer Science can learn how to secure an application from such an attack.