US indicts four for hacks of Army, tech company networks
- By Joey Cheng
- Oct 01, 2014
Four members of an international hacking group that broke into the networks of the Army and several technology companies have been indicted for the theft of more than $100 million worth of intellectual property and data.
The indictment, unsealed yesterday, includes charges of conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft and theft of trade secrets, according to a Justice Department release.
Two of the four members, a 22-year-old man from Ontario and a 28-year-old man from New Jersey, have pleaded guilty to conspiring to commit computer fraud and copyright infringement. They could face up to five years in prison. Sentencing is scheduled for January 2015.
The attacks began in January 2011 and lasted until March 2014, according to court documents. During that time, the group allegedly broke into the networks of the U.S. Army, Microsoft, Valve Corp., Zombie Studios, and Epic Games.
Using stolen usernames and passwords and methods such as SQL injection, the hackers made off with unreleased software, trade secrets, source codes and other confidential data.
Data stolen from Microsoft included information on Xbox Live, which is used for multiplayer gaming and media delivery, and the then-unannounced Xbox One console. Some of that information was used to create counterfeit versions of the Xbox One, reports BBC News.
Meanwhile, the hackers managed to also get their hands on prerelease versions of the “Gears of War 3” and “Call of Duty: Modern Warfare 3” video games, as well as Zombie Studios’ AH-64D Apache helicopter simulator software designed for the Army.
“As the indictment charges, the members of this international hacking ring stole trade secret data used in high-tech American products, ranging from software that trains U.S. soldiers to fly Apache helicopters to Xbox games that entertain millions around the world,” Assistant Attorney General Caldwell said in the release.
“The American economy is driven by innovation. But American innovation is only valuable when it can be protected. Today’s guilty pleas show that we will protect America’s intellectual property from hackers, whether they hack from here or from abroad.”
The value of the stolen information and the costs associated with the victim companies’ responses is estimated to be between $100 million and $200 million. DOJ has seized more than $620,000 in cash in relation to the charges.
The guilty plea of the Canadian defendant represents the first time a foreign individual has been convicted of the hacking and theft of trade secrets from American businesses. An Australian member of the hacking ring was also charged under Australian law.
“Electronic breaking and entering of computer networks and the digital looting of identities and intellectual property have become much too common,” U.S. Attorney Charles Oberly said. “These are not harmless crimes, and those who commit them should not believe they are safely beyond our reach.”
DOJ has continued to crack down on hacking over the past year. In July, the FBI arrested a Chinese aviation technology executive
for allegedly conspiring with hackers to steal information from U.S. defense contractors. And in May, DOJ charged five Chinese military officials
with cyber espionage—marking the first time the United States has filed accusations against members of a foreign government.
Joey Cheng is an editorial fellow with Defense Systems.