Pair Guilty in $100 Million Intellectual Property Data Theft
Two men who reportedly belong to an international hacking ring have pleaded guilty to stealing more than $100 million worth of intellectual property and other data from the U.S. military and several technology companies. According to the U.S. Department of Justice, the men are suspected of using stolen log-in information to gain unauthorized access to the computer networks of Microsoft, Epic Games, Valve Corp., Zombie Studios and the Army from 2011 to earlier this year.
"As the indictment charges, the members of this international hacking ring stole trade secret data used in high-tech American products, ranging from software that trains U.S. soldiers to fly Apache helicopters to Xbox games that entertain millions around the world," said U.S. Assistant Attorney General Leslie R. Caldwell. On Tuesday Caldwell announced the guilty pleas by David Pokora of Mississauga, Ontario, and Sanadodeh Nesheiwat of Washington, New Jersey.
Pokora's plea is believed to be the first conviction of a foreign-based individual for hacking into U.S. businesses to steal trade secret information. Both he and Nesheiwat are scheduled to be sentenced Jan. 13.
Two other suspected members of the hacking ring were also indicted on April 23 of this year by a federal grand jury in Delaware. Unsealed on Tuesday, those other indictments were against Nathan Leroux of Bowie, Maryland, and Austin Alcala of McCordsville, Indiana. Another suspected ring member, an Australian citizen who was not identified, has been charged under Australian law.
Theft of Trade Secrets
According to the federal indictments, Leroux, Nesheiwat, Pokora and Alcala were charged with 18 counts that included conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft and theft of trade secrets. Other additional individual charges included aggravated identity theft and unauthorized computer access.
From January 2011 to March of this year, the four men "and others located in the United States and abroad" allegedly gained access to computer networks through SQL injection and the use of stolen usernames and passwords for company employees and software development partners. Once inside the networks, the hackers allegedly accessed and stole unreleased software, software source code, trade secrets, and copyrighted and pre-release works, as well as financial and other sensitive information related to the target companies.
Justice Department officials say the stolen data did not include information about the companies' customers.
Pre-Release Xbox One a Target
Among the information reported to have been stolen were source code, technical specifications and other data related to Microsoft's then-unreleased Xbox One gaming console; information related to Xbox Live; Apache helicopter simulator software developed by Zombie Studios for the U.S. Army; a pre-release version of Epic's video game, "Gears of War 3;" and a pre-release version of Activision's video game, "Call of Duty: Modern Warfare 3."
Officials place the value of the stolen data, code and property at between $100 million and $200 million. To date, U.S. investigators have seized more than $620,000 in cash and other proceeds connected to the hacking ring.
"Electronic breaking and entering of computer networks and the digital looting of identities and intellectual property have become much too common," said U.S. Attorney Charles M. Oberly III. "These are not harmless crimes, and those who commit them should not believe they are safely beyond our reach."