Microsoft victims of industrial espionage 2011-13 - perps caught and sentenced

[PixelatedLeaf]

Microsoft's computer network was hacked repeatedly between 2011 and 2013, which culminated in the perpetrators using stolen credentials to enter Microsoft's headquarters and walking away with Xbox development kits. The same group was responsible in 2012 for leaking the infamous Xbox 720 9-24 Checkpoint document.

Choice excerpts from the 65 page indictment:

Beginning in or about January 2011, Microsoft was the victim of incidents of unauthorized access to its computer networks, including GDNP's protected computer network, which resulted in the theft of log-in credentials, trade secrets and intellectual property relating to its Xbox gaming system. (pg.4)

It was further part of the conspiracy that Leroux, Nesheiwat, Pokora, Alcala and [redacted] would hack into the victims' networks using various techniques, including, among others, SQL Injection Attacks, to steal, among other things, network log-in credentials, personal data, authentication keys, card data, confidential and propriety corporate information, trade secrets, copyrighted works, and works being prepared for commercial distribution... (pg.10)

In or about August 2012, Leroux and his co-conspirators gained unauthorized access to Microsoft's computer networks, from which they downloaded trade secrets and copyrighted works owned by Microsoft. Leroux used Microsoft's trade secrets, including internal design and technical specifications and pre-release operating system software code, to build a counterfeit, next-generation Microsoft Xbox gaming console, which he and other co-conspirators sold online. (pg.16)

During the August 12 and 13, 2013 intrusion in Microsoft's GDNP computer network, Alcala displayed to co-conspirators and Person A, in Delaware, files relating to "Xbox One" that the group had stolen from Microsoft's computer network during prior intrusions, including files named "GDN.txt," "Durango instructions.png," and "P4 Epic.txt". Alcala also displayed a folder named "Durango/Latest," which contained a file named "Xbox One Roadmap." (pg.30)

And arguably the most jaw dropping revelation of all:

In or about September 2013, Alcala and Pokora brokered a physical theft, committed by A.S. and E.A., of multiple Xbox Development Kits (XDKs) from a secure building on Microsoft's Redmond, Washington campus. Using stolen access credentials to a Microsoft building, A.S. and E.A. entered the building and stole three non-public versions of the Xbox One console... (pg.31)

The group was known as "Xbox Underground" and, such was their thirst for next-gen Xbox information, they proceeded to hack other developers, including Electronic Arts, Epic, Activision and Valve.

The list of seized property is eye popping.

$214,306.70 seized from PNC bank account
$91,011.79 seized from PayPal account
$56,666.42 seized from PayPal account
$42,571.87 seized from PayPal account
$111,279.89 seized from Harris bank account
$6,951,48 seized from JP Morgan bank account
$44,043.24 seized from TD bank account
$55,969,31 seized from Wells Fargo bank account

David Pokora was sentenced May 23 to 18 months in US federal prison. Austin Alcala will be sentenced on July 29. Nathan Leroux and Sanadodeh Nesheiwat await sentencing.

 

[Cyan]

Microsoft's computer network was hacked repeatedly between 2011 and 2013, which culminated in the perpetrators using stolen credentials to enter Microsoft's headquarters and walking away with Xbox development kits. The same group was responsible in 2012 for leaking the infamous Xbox 720 9-24 Checkpoint document.

Choice excerpts from the 65 page indictment:









And arguably the most jaw dropping revelation of all:



The group was known as "Xbox Underground" and, such was their thirst for next-gen Xbox information, they proceeded to hack other developers, including Electronic Arts, Epic, Activision and Valve.

The list of seized property is eye popping.

$214,306.70 seized from PNC bank account
$91,011.79 seized from PayPal account
$56,666.42 seized from PayPal account
$42,571.87 seized from PayPal account
$111,279.89 seized from Harris bank account
$6,951,48 seized from JP Morgan bank account
$44,043.24 seized from TD bank account
$55,969,31 seized from Wells Fargo bank account

David Pokora was sentenced May 23 to 18 months in US federal prison. Austin Alcala will be sentenced on July 29. Nathan Leroux and Sanadodeh Nesheiwat await sentencing.

So finally we know where the famous leak came from. They will have each other in jail to drown their sorrows, but I feel no pity.

Hopefully the next Xbox is a state secret from now on

 

[DrJay24]

I like the leaks, gives us stuff to talk about.

 

[Shifty Geezer]

Changing the title as the existing one had me thinking this was a consumer-level hack (stolen account details) rather than operating hacks.

 

[MrFox]

Finally the word victim is used correctly. How times change.
It's not... Microsoft loses sensitive data due to incompetence and lack of security.
Nor... Microsoft goes after poor kids who just wanted the information for homebrew.

Microsoft was victim of a coordinated hacking operation. Perps caught. Perps in jail.

 

[AlNom]

Sentenced to working for h4x?

Skillz wasted in jail.

 

[Shifty Geezer]

Finally the word victim is used correctly. How times change.

Not times. I changed the title. The original was something like "MS hacked 2011-2013" and implied on first seeing your first sentiment. I was expecting a Sony style hack dating back to 2011 accompanied by a cover-up and following internet outrage.

 

[MrFox]

Okay, at least there's no internet outrage claiming it was for homebrew. Holy crap there's a lot of money in the seized accounts.

 

[fehu]

They needed that money for homebrew!

 

[MrFox]

Kickstarter underground! With black jack, and hookers... In fact forget the kickstarter.

 

[BRiT]

Kickstarter underground! With black jack, and hookers... In fact forget the kickstarter.

In fact, forget the black jack...

 

[Prophecy2k]

The list of seized property is eye popping.

$214,306.70 seized from PNC bank account
$91,011.79 seized from PayPal account
$56,666.42 seized from PayPal account
$42,571.87 seized from PayPal account
$111,279.89 seized from Harris bank account
$6,951,48 seized from JP Morgan bank account
$44,043.24 seized from TD bank account
$55,969,31 seized from Wells Fargo bank account

David Pokora was sentenced May 23 to 18 months in US federal prison. Austin Alcala will be sentenced on July 29. Nathan Leroux and Sanadodeh Nesheiwat await sentencing.

Hold on... these two thieving swines stole hundreds of thousands of dollars, and only get 18 months in jail?!?!?!

 

[Deleted member 11852]

Hold on... these two thieving swines stole hundreds of thousands of dollars, and only get 18 months in jail?!?!?!

Maybe the Judge has used Windows ME?

 

[Cyan]

Hold on... these two thieving swines stole hundreds of thousands of dollars, and only get 18 months in jail?!?!?!

Yup. If you are going to steal, you better steal big. It's like political corruption. If you steal millions, the more you have to share between you and the judges during the trial.

But the poor guy/girl who steals 1Kg of potatoes, or a chicken will have to spend a lot of time behind bars. They can't just give the judge a chicken breast.

And that's what shouldn't be...

 

[Deleted member 11852]

Grand Theft Poultry. Worst videogame EVER.

 

[turkey]

Hold on... these two thieving swines stole hundreds of thousands of dollars, and only get 18 months in jail?!?!?!

I doubt they stole the cash unless I miss read the quotes, Microsoft is not a bank, internal hackery should not result in $. I assume that is proceedes from the IP they stole which in my mind is far worse.

 

[orangpelupa]

Yup. If you are going to steal, you better steal big. It's like political corruption. If you steal millions, the more you have to share between you and the judges during the trial.

But the poor guy/girl who steals 1Kg of potatoes, or a chicken will have to spend a lot of time behind bars. They can't just give the judge a chicken breast.

And that's what shouldn't be...

hmm its different in my country.

political corruption will go free or jailed with luxury (private room, private guards for going outside, etc). While chicken thief will be beaten to death by the community.

Why not calling cops?
because you will lost more than a chicken if you call cops.

 

[Prophecy2k]

I doubt they stole the cash unless I miss read the quotes, Microsoft is not a bank, internal hackery should not result in $. I assume that is proceedes from the IP they stole which in my mind is far worse.

So, what they stole MS devkits and sold them for 100s of thousands of $$, and still only got 18 months?

How is that different from stealing diamonds from a Jewellers, or a brand new prototype from a car company and pawning it off for serious bank? It should still be worth more than a measly 18 months in my mind... surely?

 

[Prophecy2k]

I doubt they stole the cash unless I miss read the quotes, Microsoft is not a bank, internal hackery should not result in $. I assume that is proceedes from the IP they stole which in my mind is far worse.

Lol, I just realised that your handle is "turkey"... considering the talk about Grand Theft Poultry, you could not have joined this thread at a more opportune moment

 

[London Geezer]

In the meantime, Oscar Pistorius is coming out of jail after less than a year.

Every country has their own very special legal failures.

Don't get me started with Italy...