DOCUMENT: Internet, Crime

FBI Arrests Trio For Microsoft Xbox Hacking

Feds: Men also stole pre-release video games

View Document

Xbox One Hacking

A sealed indictment details a spree of intrusions that victimized video game developers, including the publisher of "Call of Duty."

APRIL 10--A group of alleged hackers has been charged with breaking into the computer systems of the U.S Army, Microsoft, and several other firms to steal pre-release copies of popular video games like “Call of Duty,” simulation software for Apache attack helicopter pilots, and confidential data that was used to create counterfeit versions of the Xbox gaming system, The Smoking Gun has learned.

Three men have been named in a sealed federal indictment charging them each with 15 felony counts, including conspiracy, fraud, and computer hacking, according to a copy of the 54-page document obtained by TSG.

Two other alleged hackers--a North Carolina resident and an Australian teenager--have been identified as unindicted coconspirators in the scheme, which began in early-2011 and continued for more than two years.

A federal grand jury last July returned a sealed indictment against Nathan Leroux, 19; Sanadodeh Nesheiwat, 28; and David Pokora, a Canadian resident. FBI agents last week arrested Leroux at his Wisconsin home and collared Nesheiwat (seen above) at his New Jersey residence. Pokora’s status could not be determined.

It is unclear why FBI agents served arrest warrants eight months after the indictment was returned by a grand jury empaneled in U.S. District Court in Wilmington, Delaware.

According to the indictment, the trio and their coconspirators identified vulnerabilities and “network weak points” to illegally access computer systems at Microsoft and video game developers Valve Corporation, Activision Blizzard, Zombie Studios, and Epic Games. The hacks allowed the defendants to illegally obtain copies of various games that, at the time, were still in development, like “Gears of War 3” and “Call of Duty: Modern Warfare 3.”

The Zombie Studios intrusion, prosecutors allege, allowed the hackers to then gain access to a U.S. Army server, from which “Apache Helicopter Pilot simulation software entitled ‘AH-64D Apache Simulator’” was taken. The Army had contracted with the Seattle-based Zombie to design the simulator software.

Investigators allege that the Microsoft hack resulted in the theft of “Log-In Credentials, Trade Secrets, and Intellectual Property relating to its Xbox gaming system.” At the time of the intrusions--which spanned 2011 and 2012--Microsoft was developing its Xbox One system, which was officially released in November 2013.

As a result of the Microsoft intrusions, Leroux (pictured at left) and the two coconspirators--armed with “internal design and technical specifications and pre-release operating system software code”--were able to build a “counterfeit, next-generation” Xbox console that was sold on eBay for about $5000, the indictment charges.

Leroux allegedly constructed a second counterfeit Xbox console with hardware components purchased from NewEgg.com. That system was destined for a purchaser in the Republic of Seychelles, a small island nation off the eastern coast of Africa.

The counterfeit console, however, was intercepted by the FBI with the assistance of an individual identified in the indictment as “Person A,” a Delaware resident who was cooperating with agents. Leroux had given the console to “Person A,” who was supposed to mail it to the Republic of Seychelles.

The indictment makes it clear that “Person A” had been involved with the hacking crew since mid-2011. For example, “Person A” and others participated in a July 2011 Skype conversation during which Pokora sought assistance with the installation of encryption software on his hard drives. “I need your help. I’m going to get arrested,” Pokora said.

During an October 2011 chat session cited in the indictment, Pokora and the Australian teen--who is identified by his initials, “D.W.”--discussed  the illegal computer intrusions. “if we do this right, we will make a million dollars each,” said Pokora. In a Skype audio call, Pokora reportedly also spoke of compromising a “fuckton of Paypals” from compromised databases, adding that “we could have already sold them for Bitcoins which would have been untraceable if we did it right. It could have already been easily an easy 50 grand.”

Australian media have identified “D.W.” as Dylan Wheeler. The teen’s Perth home was raided last February, and he was subsequently charged in Children’s Court with an assortment of crimes. Wheeler is pictured above. 

Using the handle “SuperDaE,” Wheeler provided confidential Microsoft documents to Kotaku, and told the web site of his various hacking exploits. The indictment refers to Kotaku quoting “D.W.” discussing his “unauthorized access to a next-generation Xbox gaming console.” The web site only referred to the teenager as “Dylan.” (6 pages)