A third member of an international computer hacking ring has pleaded guilty to conspiring to break into computer networks of prominent technology companies to steal more than $100 million in intellectual property and other proprietary data.
Assistant Attorney General Leslie R. Caldwell of the Justice Department’s Criminal Division, U.S. Attorney Charles M. Oberly III of the District of Delaware and Special Agent in Charge Stephen E. Vogt of the FBI’s Baltimore Field Office made the announcement.
Nathan Leroux, 20, of Bowie, Maryland, pleaded guilty to conspiracy to commit computer intrusions and criminal copyright infringement based on his role in the cyber theft of software and data related to the Xbox One gaming console and Xbox Live online gaming system, and popular games such as the “FIFA” online soccer series; “Call of Duty: Modern Warfare 3;” and “Gears of War 3.” Leroux has been in custody since attempting to flee into Canada from Buffalo, New York, on June 16, 2014. A sentencing hearing is set before U.S. District Judge Judge Gregory M. Sleet of the District of Delaware on May 14, 2015.
Sanadodeh Nesheiwat, 28, of Washington, New Jersey, and David Pokora, 22, of Mississauga, Ontario, Canada, previously pleaded guilty to the same conspiracy charge on Sept. 30, 2014. They remain in custody pending their sentencing hearings, which are scheduled for April 2015. Pokora’s guilty plea is believed to have been the first conviction of a foreign-based individual for hacking into U.S. businesses to steal trade secret information. Charges against a fourth defendant, Austin Alcala, 19, of McCordsville, Indiana, remain pending.
According to Leroux’s admissions in connection with his guilty plea, he was part of the hacking conspiracy between January 2011 and September 2012. During that period, hacking group members located in the United States and abroad gained unauthorized access to computer networks of various companies, including Microsoft Corporation, Epic Games Inc., Valve Corporation and Zombie Studios. The conspirators accessed and stole unreleased software, software source code, trade secrets, copyrighted and pre-release works, and other confidential and proprietary information. Members of the conspiracy also allegedly stole financial and other sensitive information relating to the companies – but not their customers – and certain employees of such companies.
Specifically, the data theft targeted software development networks containing source code, technical specifications and related information for Microsoft’s then-unreleased Xbox One gaming console, as well as intellectual property and proprietary data related to Xbox Live and games developed for that online gaming system.
Leroux admitted in court that he and others used the stolen intellectual property to build, and attempt to sell, counterfeit versions of the Xbox One console before its public release in November 2013. In July 2013, the FBI intercepted a counterfeit console built by Leroux, which was destined for the Republic of Seychelles.
Leroux also admitted that he developed a software exploit that allowed him and others to generate millions of “coins” for the FIFA soccer games playable on the Xbox Live platform. These coins are the virtual, in-game currency used to build a “FIFA Ultimate Team” in the games. Without the authorization of Electronic Arts, the intellectual property rights holder to the FIFA games, Leroux and others sold bulk quantities of the “FIFA coins” via online black markets.
The value of the intellectual property and other data stolen by the hacking ring, as well as the costs associated with the victims’ responses to the conduct, is estimated to range between $100 million and $200 million. To date, the United States has seized over $620,000 in cash and other proceeds related to the charged conduct.
This case is being investigated by the FBI, with assistance from the Criminal Division’s Office of International Affairs, the U.S. Department of Homeland Security’s Homeland Security Investigations and Customs and Border Protection, the U.S. Postal Inspection Service, the Canada Border Services Agency, the Western Australia Police and the Peel Regional Police of Ontario, Canada. The case is being prosecuted by Trial Attorney James Silver of the Criminal Division’s Computer Crime and Intellectual Property Section and Assistant U.S. Attorney Edward J. McAndrew of the District of Delaware.