Xbox Underground

Last updated

Xbox Underground was an international hacker group responsible for gaining unauthorized access to the computer network of Microsoft and its development partners, including Activision, Epic Games, and Valve, in order to obtain sensitive information relating to Xbox One and Xbox Live.

Contents

Microsoft

Microsoft's computer network was compromised repeatedly by the Xbox Underground between 2011 and 2013. According to a 65-page indictment, the hackers spent "hundreds of hours" searching through Microsoft's network copying log-in credentials, source code, technical specifications and other data. This culminated in the perpetrators carrying out a physical theft, by using stolen credentials to enter "a secure building" at Microsoft's Redmond headquarters and exiting with publicly unreleased prototypes of the Xbox One codenamed "Durango". Group members say they were driven by a strong curiosity about Microsoft's then-unreleased Xbox One console and associated software. [1] [2]

Beginning in or about January 2011, Microsoft was the victim of incidents of unauthorized access to its computer networks, including GDNP's protected computer network, which resulted in the theft of log-in credentials, trade secrets and intellectual property relating to its Xbox gaming system. p. 4

In or about September 2013, Alcala and Pokora brokered a physical theft, committed by A.S. and E.A., of multiple Xbox Development Kits (XDKs) from a secure building on Microsoft's Redmond, Washington campus. Using stolen access credentials to a Microsoft building, A.S. and E.A. entered the building and stole three non-public versions of the Xbox One console... p. 31

Apache helicopter simulator software

The group is also accused of breaching the computer network of Zombie Studios, through which they obtained Apache helicopter simulator software developed for the United States military. [3] In a wiretap, David Pokora was quoted as saying: "Have you been listening to the [expletive] that I've done this past month? I have [expletive] to the U.S. military. I have [expletive] to the Australian Department of Defense ... I have every single big company – Intel, AMD, Nvidia – any game company you could name, Google, Microsoft, Disney, Warner Bros., everything." [4]

Members

Four out of six members of the group have pleaded guilty to charges. [5]

David Pokora

David Pokora, the first foreign hacker ever to be sentenced on United States soil, received an 18-month prison term on April 23, 2014, and was released in July 2015. [6] [7]

Sanad Nesheiwat

Sanad Nesheiwat was sentenced on June 11 and received an 18-month prison term.

Holly Leroux

Holly LeRoux (formerly known as Nathan LeRoux) [8] [9] was sentenced on June 11 and received a term of 24 months. Before serving her sentence, Leroux was allowed to live with her parents with an ankle monitor, where she tried to escape to Canada but was caught at the border. Leroux and another female were later found deceased while wearing respirators inside a motel room [10] where evidence of a chemical-making process was found, and the police chief quoted as saying "We’re not certain at this point whether or not this is a murder-suicide or maybe a double suicide or accidental death." [11]

Austin Alcala

Austin Alcala was due for sentencing in July, [12] though, he went on to cooperate with the FBI in resolving another criminal case involving the illegal trade of FIFA coins. [13] [14]

Dylan Wheeler

Dylan Wheeler (referred to in the indictment as D.W), currently in an unknown location, lived in Australia at the time and was charged with a varying degree of charges. He was not convicted, having fled from Australia to Dubai and eventually the Czech Republic over human rights and political issues with his trial [15] [16] from where he cannot be extradited since he holds Czech citizenship, [17] and is currently living in the UK. [18] His mother, Anna Wheeler, was later jailed for more than two years for helping him flee Australia to avoid criminal charges. [19] [20]

Justin May

Wheeler alleges that a sixth member, Justin May (referred to as "Person A"), worked with the FBI "to bring down the group". [21] May had previously been placed on pre-trial probation for an earlier offense involving data theft, the agreement of which required him to stay off Xbox Live. [22] He came under renewed interest from the FBI in 2017 after they seized a new BMW coupe and $38,595 in cash that was hidden throughout his home. [14] In June 2021, May was sentenced to seven years in prison for defrauding over 3.5 million dollars from several tech companies, among them Microsoft and Cisco Systems, by exploiting warranty policies to illegitimately receive replacements which were then sold online. [23]

Related Research Articles

The Melissa virus is a mass-mailing macro virus released on or around March 26, 1999. It targets Microsoft Word and Outlook-based systems and created considerable network traffic. The virus infects computers via email; the email is titled "Important Message From," followed by the current username. Upon clicking the message, the body reads, "Here's that document you asked for. Don't show anyone else ;)." Attached is a Word document titled "list.doc," containing a list of pornographic sites and accompanying logins for each. It then mass-mails itself to the first fifty people in the user's contact list and disables multiple safeguard features on Microsoft Word and Microsoft Outlook.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">ShadowCrew</span> Cybercrime forum (2002–2004)

ShadowCrew was a cybercrime forum that operated under the domain name ShadowCrew.com between August 2002 and November 2004.

globalHell was an American hacker group. They were one of the first hacking groups who gained notoriety for website defacements and breaches. The combined losses caused by the group were estimated to be ranged between $1.5m and $2.5m. The group was called a "cyber gang" as it had many of the same characteristics of a gang and carried out the same activities as a gang, including trafficking in stolen credit card numbers.

DarkMarket was an English-speaking internet cybercrime forum. It was created by Renukanth Subramaniam in London, and was shut down in 2008 after FBI agent J. Keith Mularski infiltrated it using the alias Master Splyntr, leading to more than 60 arrests worldwide. Subramaniam, who used the alias JiLsi, admitted conspiracy to defraud and was sentenced to nearly five years in prison in February 2010.

Cameron LaCroix, aka camo, cam0, camZero, cmuNNY, is an American computer hacker best known for the hacking of Paris Hilton's cellular phone, accessing LexisNexis, and defacing Burger King's Twitter account. He has also been convicted of intentionally causing damage to a protected computer system, obtaining information from a protected computer system, wire fraud, and aggravated identity fraud. Prosecutors said victims of the teen's actions have suffered about $1 million in damages. Pursuant to a plea agreement signed by the juvenile in August 2005, he received 11 months in a federal juvenile detention facility. In January 2007 his supervised release was revoked due to possession of a cell phone.

<span class="mw-page-title-main">Computer Crime and Intellectual Property Section</span> United States federal law enforcement agency

The Computer Crime and Intellectual Property Section (CCIPS) is a section of the Criminal Division of the U.S. Department of Justice in charge of investigating computer crime and intellectual property crime. They are additionally responsible for prosecuting privacy invasions by criminals such as hackers, cyberstalkers, and purveyors of mobile spyware, and specializing in the search and seizure of digital evidence in computers and on networks.

<span class="mw-page-title-main">Albert Gonzalez</span> American computer hacker and criminal

Albert Gonzalez is an American computer hacker, computer criminal and police informer, who is accused of masterminding the combined credit card theft and subsequent reselling of more than 170 million card and ATM numbers from 2005 to 2007, the biggest such fraud in history. Gonzalez and his accomplices used SQL injection to deploy backdoors on several corporate systems in order to launch packet sniffing attacks which allowed him to steal computer data from internal corporate networks.

<span class="mw-page-title-main">Sarah Palin email hack</span> Email hack

The Sarah Palin email hack occurred on September 16, 2008, during the 2008 United States presidential election campaign when vice presidential candidate Sarah Palin's personal Yahoo! email account was subjected to unauthorized access. The hacker, David Kernell, obtained access to Palin's account by looking up biographical details, such as her high school and birthdate, and using Yahoo!'s account recovery for forgotten passwords. Kernell then posted several pages of Palin's email on 4chan's /b/ board. Kernell, who at the time of the offense was a 20-year-old college student, was the son of longtime Democratic state representative Mike Kernell of Memphis.

<i>United States v. Ivanov</i> American court case (2001)

United States v. Ivanov was an American court case addressing subject-matter jurisdiction for computer crimes performed by Internet users outside of the United States against American businesses and infrastructure. In trial court, Aleksey Vladimirovich Ivanov of Chelyabinsk, Russia was indicted for conspiracy, computer fraud, extortion, and possession of illegal access devices; all crimes committed against the Online Information Bureau (OIB) whose business and infrastructure were based in Vernon, Connecticut.

Marcel Lehel Lazăr, known as Guccifer, is a Romanian hacker responsible for high-level computer security breaches in the U.S. and Romania. Lazăr targeted celebrities, Romanian and U.S. government officials, and other prominent persons.

Blackshades is a malicious trojan horse used by hackers to control infected computers remotely. The malware targets computers using operating systems based on Microsoft Windows. According to US officials, over 500,000 computer systems have been infected worldwide with the software.

DeepDotWeb was a news site dedicated to events in and surrounding the dark web featuring interviews and reviews about darknet markets, Tor hidden services, privacy, bitcoin, and related news. The website was seized on May 7, 2019, during an investigation into the owners' affiliate marketing model, in which they received money for posting links to certain darknet markets, and for which they were charged with conspiracy to commit money laundering. In March 2021 site administrator Tal Prihar pleaded guilty to his charge of conspiracy to commit money laundering.

<span class="mw-page-title-main">Operation Shrouded Horizon</span> Cybercrime


Operation Shrouded Horizon was an 18-month international law enforcement investigation culminating in the July 2015 seizure of Darkode, an online cybercrime forum and black market, and the arrest of several of its members. The case involved law enforcement agencies from 20 countries, led by the United States Federal Bureau of Investigation (FBI) with the assistance of Europol, in what the FBI called "the largest-ever coordinated law enforcement effort directed at an online cyber criminal forum".

<span class="mw-page-title-main">Carding (fraud)</span> Crime involving the trafficking of credit card data

Carding is a term of the trafficking and unauthorized use of credit cards. The stolen credit cards or credit card numbers are then used to buy prepaid gift cards to cover up the tracks. Activities also encompass exploitation of personal data, and money laundering techniques. Modern carding sites have been described as full-service commercial entities.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

<span class="mw-page-title-main">Peter Levashov</span> Russian spammer and virus creator (born 1980)

Peter Levashov is a Russian spammer and virus creator. He was described by The Spamhaus Project as one of the longest functioning criminal spam operators on the internet. In July 2021, a US federal judge overruled government recommendations for a 12 to 14.5 year prison sentence, giving a sentence instead of time served, with three years of supervision. Levashov remains in the US, having started a business called SeveraDAO.

Lapsus$, stylised as LAPSUS$ and classified by Microsoft as Strawberry Tempest, is an international extortion-focused hacker group known for its various cyberattacks against companies and government agencies. The group was active in several countries, and has had its members arrested in Brazil and the UK in 2022. According to City of London Police at least two of the members were teenagers.

References

  1. Stephen Totilo. Hackers Charged With Stealing From Valve, Microsoft And More, Kotaku, September 30, 2014.
  2. United States of America vs. Leroux, Nesheiwat, Pokora & Alcala, Smoking Gun
  3. Michael Adams. Teen charged in $100M international scheme to hack Army, tech companies, Army Times, October 3, 2014.
  4. O'Sullivan, Sean (2 October 2014). "Two plead guilty in international hacker case". delawareonline.com. The News Journal.
  5. U.S. Department of Justice. Fourth member of hacking ring pleads guilty to hacking and intellectual property theft, justice.gov, April 01, 2015.
  6. Jessica Reyes. Foreign hacker sentenced for first time ever in US, The News Journal, April 23, 2015.
  7. Leech Tishman. Canadian hacker sentenced for intellectual property theft, lexology.com, May 23, 2015.
  8. "XBox Underground (Part 2) – Darknet Diaries". darknetdiaries.com. Retrieved 2024-09-23.
  9. "Office of Public Affairs | Four Members of International Computer Hacking Ring Indicted for Stealing Gaming Technology, Apache Helicopter Training Software | United States Department of Justice". www.justice.gov. 2014-09-30. Retrieved 2024-09-23.
  10. "Two dead at Fresno Motel 6 in hazardous materials situation". 4 May 2018.
  11. "XBox Underground (Part 2) – Darknet Diaries". darknetdiaries.com. Retrieved 2024-09-23.
  12. Kristine Guerra. Indiana hacker faces sentencing in $100 million scheme, indystar.com, May 22, 2015.
  13. Jason Schreier. FBI Says Alleged Hackers Used FIFA To Steal Millions From EA, Kotaku, November 14, 2016.
  14. 1 2 KarlBaker. Delaware man with history of cyber theft under FBI scrutiny, The News Journal, June 25, 2017.
  15. Stephen Totilo. The Incredible Rise and Fall of a Hacker Who Found the Secrets of the Next Xbox and PlayStation—And Maybe More, Kotaku, February 22, 2013.
  16. Luke Hopewell. The Aussie Kid Who Allegedly Hacked The Gaming Industry Wants To Give Up His Citizenship Over 'Police State' Laws, Gizmodo, July 10, 2015.
  17. "XBox Underground (Part 2) – Darknet Diaries". darknetdiaries.com. Retrieved 2022-01-05.
  18. "XBox Underground (Part 2) – Darknet Diaries". darknetdiaries.com. Retrieved 2022-01-05.
  19. Tim Clark. Mum collapses after being jailed for helping son avoid Xbox hacking charges, The West Australian, 23 February 2017.
  20. "The Teens Who Hacked Microsoft's Videogame Empire—And Went Too Far". WIRED. Retrieved 2018-10-15.
  21. Tim Alamenciak. Broken bumper helped break international hacking case, The Star, October 3, 2014.
  22. Brian Crecente. Court Bans Accused PAX Code Thief From Xbox Live, Takes His PC, Kotaku, October 27, 2010.
  23. "Delaware Man Sentenced to Over Seven Years for Defrauding Cisco Systems, Microsoft, Lenovo, and APC Out of More than $3.5 million in Computer Hardware". www.justice.gov. 2021-06-03. Retrieved 2021-07-21.