Data Breach , Fraud

Third Microsoft Hacker Pleads Guilty

Conspiracy Involved Theft of Game Software, Data
Third Microsoft Hacker Pleads Guilty

A third member of an international hacking ring has pleaded guilty in connection with his role in conspiring to break into computer networks of technology companies, including Microsoft, to steal intellectual property and proprietary data.

See Also: 2016 Social Engineering Report

Nathan Leroux of Bowie, Md., pleaded guilty to conspiracy to commit computer intrusions and criminal copyright infringement, based on his role in the theft of software and data related to the Xbox One gaming console and Xbox Live online gaming system, as well as popular games such as "Call of Duty: Modern Warfare 3," according to the Department of Justice. Leroux's sentencing hearing is scheduled for May 14.

Leroux, along with three others, was charged under an 18-count superseding indictment that was filed April 22, 2014, and unsealed Sept. 30, 2014 (see: Hackers Exploit U.S. Army, Microsoft). U.S. authorities charged the four with using malware and SQL injection attacks to steal intellectual property.

Two other defendants - Sanadodeh Nesheiwat of Washington, N.J., and David Pokora of Mississauga, Ontario, Canada - pleaded guilty to the same conspiracy charge on Sept. 30, 2014. They remain in custody pending their sentencing hearings, which are scheduled for April, authorities say. The case against a fourth defendant - Austin Alcala of McCordsville, Ind., is pending.

Hack Details

Leroux admitted to taking part in a hacking conspiracy between January 2011 and September 2012, prosecutors say.

During that time, hackers located in the U.S. and abroad gained unauthorized access to computer networks of various companies, including Microsoft, Epic Games, Valve Corp. and Zombie Studios, according to the Justice Department.

The conspirators allegedly accessed and stole unreleased software, source code, trade secrets, copyrighted and pre-release works, and other confidential and proprietary information, prosecutors say. Members of the hacking ring also allegedly stole financial and other sensitive information relating to the companies and certain employees.

Specific data targeted by the hackers, investigators say, included software development networks containing source code, technical specifications and related information for Microsoft's then-unreleased Xbox One gaming console, as well as intellectual property and proprietary data related to Xbox Live and games developed for that online gaming system.

Leroux admitted in court that he, along with others, used the stolen intellectual property to build and attempt to sell counterfeit versions of the Xbox One console before its public release in November 2013, authorities say. In July 2013, the FBI intercepted a counterfeit console built by Leroux.

The value of the intellectual property and other data stolen by the hacking ring, as well as the costs associated with the victims' response, is estimated between $100 million and $200 million, authorities say. To date, authorities say they have seized more than $620,000 in cash and other proceeds "related to the charged conduct."


About the Author

Jeffrey Roman

Jeffrey Roman

News Writer, ISMG

Roman is the former News Writer for Information Security Media Group. Having worked for multiple publications at The College of New Jersey, including the College's newspaper "The Signal" and alumni magazine, Roman has experience in journalism, copy editing and communications.




Around the Network