Cyber Incident Victim: Valve Corporation
Date:
Jan 2011
Location:
United States of America
Summary
A hacking group infiltrated multiple technology companies and military servers, including Valve's Steam platform, Microsoft, and the US Army, using SQL injections and stolen credentials to access unreleased games, source code, military training software, and financial data. The stolen intellectual property was valued between $100 million and $200 million. Four individuals associated with the 'Xbox Underground' were charged with multiple counts including conspiracy, computer fraud, copyright infringement, and identity theft, with two members pleading guilty to related charges.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 1 motive | 1 technique |
| Threat Actor | Type | Location |
|---|---|---|
| 1 actor | Available to members | Available to members |
Description
Between January 2011 and March 2014, a hacking group known as 'Xbox Underground' conducted unauthorized intrusions into the networks of multiple technology companies and a US military entity. The group, consisting of four individuals aged 18 to 28, targeted Microsoft, Epic Games, Valve, Zombie Studios, and the US Army through SQL injection attacks and the use of compromised employee credentials obtained both directly from target organizations and their software development partners. After gaining access, the hackers exfiltrated unreleased software, source code, pre-release video game titles including 'Call of Duty: Modern Warfare 3' and 'Gears of War 3,' and proprietary technical data related to Microsoft's Xbox One console and Xbox Live service. They additionally stole Apache helicopter training simulation software developed by Zombie Studios for the US Army. The US Department of Justice estimated the total value of stolen intellectual property between $100 million and $200 million, though no customer data was compromised during these breaches.
The US government initiated legal proceedings against the four identified hackers—Nathan Leroux (20), Sanadodeh Nesheiwat (28), David Pokora (22), and Austin Alcala (18)—with a federal grand jury in Delaware charging them on April 23, 2014, on 18 criminal counts including conspiracy to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft, and theft of trade secrets. By October 2014, two defendants (Pokora and Nesheiwat) had pleaded guilty to conspiracy charges carrying maximum five-year prison sentences, with sentencing scheduled for January 2015. An Australian national connected to the conspiracy faced separate charges. US Attorney Charles M. Oberly III publicly characterized the intrusions as serious crimes involving "digital looting" of intellectual property and sensitive military technology, emphasizing federal commitment to prosecuting such offenses despite the perpetrators' young ages. The indictment specifically documented theft of financial information and proprietary technical data from victim organizations, though operational details about breach detection or containment measures remained undisclosed in public records.