Cyber Incident Victim: Epic Games
Date:
Jan 2011
Location:
United States of America
Summary
A hacking group infiltrated multiple organizations, including Epic Games, Microsoft, Valve, Zombie Studios, and the US Army, stealing unreleased software, source code, pre-release video games, and military training technology. The attackers employed SQL injections and compromised employee credentials to access networks, resulting in intellectual property theft valued between $100 million and $200 million. Four individuals linked to the "Xbox Underground" ring faced federal charges for conspiracy, computer fraud, copyright infringement, and identity theft, with two pleading guilty and receiving potential prison sentences. An additional Australian suspect was charged in connection with the conspiracy.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 2 techniques |
| Threat Actors | Type | Location |
|---|---|---|
| 5 actors | Available to members | Available to members |
Description
Between January 2011 and March 2014, a hacking group known as 'Xbox Underground' conducted unauthorized intrusions into the networks of multiple technology companies and U.S. government entities, including Epic Games, Microsoft, Valve, Zombie Studios, and the U.S. Army. The four primary defendants—Nathan Leroux (20), Sanadodeh Nesheiwat (28), David Pokora (22), and Austin Alcala (18)—employed SQL injection attacks and compromised employee credentials to gain access to sensitive systems. Once inside the networks, the group exfiltrated unreleased software, proprietary source code, pre-release video game titles, and other intellectual property. Specific stolen materials included software related to Microsoft's Xbox One console and Xbox Live service, pre-release copies of games such as 'Call of Duty: Modern Warfare 3' and 'Gears of War 3,' and Apache military helicopter training software developed for the Army. The hackers also acquired financial records and sensitive corporate data from the victim organizations, though no customer information was compromised. The U.S. Department of Justice estimated the value of stolen intellectual property between $100 million and $200 million.
A federal grand jury in the District of Delaware indicted the four individuals on April 23, 2014, on 18 criminal counts including conspiracy to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft, and theft of trade secrets. Additional charges included aggravated identity theft, unauthorized computer access, and individual acts of wire fraud. By October 2014, two defendants—Pokora and Nesheiwat—had pleaded guilty to conspiracy charges related to computer fraud and copyright infringement, facing potential sentences of up to five years in prison with sentencing scheduled for January 2015. U.S. Attorney Charles M. Oberly III publicly emphasized the severity of the crimes, stating that digital theft of intellectual property and identities carried significant consequences. An Australian national linked to the conspiracy faced separate charges, though details were not disclosed in the indictment. The prosecution characterized the intrusions as sophisticated operations targeting trade secrets and proprietary technology across commercial and military sectors, with the stolen Apache software representing a direct compromise of defense-related assets.