Four members of an international computer hacking ring have been charged with breaking into gaming-related computer networks and that of the US Army, and stealing more than $100 million in intellectual property and other proprietary data.
The data cyber-theft allegedly included source code, technical specifications and related information for Microsoft’s then-unreleased Xbox One gaming console; intellectual property and proprietary data related to Xbox Live (Microsoft’s online multi-player gaming and media-delivery system); Apache helicopter simulator software developed by Zombie Studios for the US Army; a pre-release version of Epic’s video game, Gears of War 3; and a pre-release version of Activision’s uber-popular video game, Call of Duty: Modern Warfare 3. The defendants also allegedly conspired to use, share and sell the stolen information.
The value of the intellectual property and other data that the defendants stole, as well as the costs associated with the victims’ responses to the conduct, is estimated to range between $100 million and $200 million. To date, the United States has seized over $620,000 in cash and other proceeds related to the charged conduct.
Nathan Leroux, 20, of Bowie, Md.; Sanadodeh Nesheiwat, 28, of Washington, NJ; David Pokora, 22, of Mississauga, Ontario, Canada; and Austin Alcala, 18, of McCordsville, Ind., were charged in an 18-count superseding indictment returned by a federal grand jury in the District of Delaware on April 23, and unsealed earlier today. The charges in the indictment include conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft and theft of trade secrets. The defendants are also charged with individual counts of aggravated identity theft, unauthorized computer access, copyright infringement and wire fraud.
Two of the charged members, Pokora and Nesheiwat, have already pleaded guilty to conspiracy to commit computer fraud and copyright infringement. Both are scheduled for sentencing on Jan. 13, 2015.
Pokora was arrested on March 28, while attempting to enter the United States at the Lewiston, NY port of entry—his plea is believed to be the first conviction of a foreign-based individual for hacking into US businesses to steal trade secret information.
In addition to these indictments, an Australian citizen is being prosecuted in his home country in relation to the allegations.
“As the indictment charges, the members of this international hacking ring stole trade secret data used in high-tech American products, ranging from software that trains US soldiers to fly Apache helicopters to Xbox games that entertain millions around the world,” said Assistant Attorney General Leslie Caldwell, in a statement. “The American economy is driven by innovation. But American innovation is only valuable when it can be protected. Today’s guilty pleas show that we will protect America’s intellectual property from hackers, whether they hack from here or from abroad.”
According to the superseding indictment and other court records, from January 2011 to March 2014, the four men and others located in the United States and abroad allegedly obtained access to the victims’ computer networks through methods including SQL injection and the use of stolen usernames and passwords of company employees and their software development partners. Once inside the victims’ computer networks, the conspirators accessed and stole unreleased software, software source code, trade secrets, copyrighted and pre-release works and other confidential and proprietary information. Members of the conspiracy also allegedly stole financial and other sensitive information relating to the companies – but not their customers – and certain employees of such companies.
“Electronic breaking and entering of computer networks and the digital looting of identities and intellectual property have become much too common,” said US Attorney Charles M. Oberly III of the District of Delaware. “These are not harmless crimes, and those who commit them should not believe they are safely beyond our reach.”