Jump to content

Xbox Underground

From Wikipedia, the free encyclopedia

Xbox Underground was an international hacker group responsible for gaining unauthorized access to the computer network of Microsoft and its development partners, including Activision, Epic Games, and Valve, in order to obtain sensitive information relating to Xbox One and Xbox Live.


Microsoft's computer network was compromised repeatedly by the Xbox Underground between 2011 and 2013. According to a 65-page indictment, the hackers spent "hundreds of hours" searching through Microsoft's network copying log-in credentials, source code, technical specifications and other data. This culminated in the perpetrators carrying out a physical theft, by using stolen credentials to enter "a secure building" at Microsoft's Redmond headquarters and exiting with publicly unreleased prototypes of the Xbox One codenamed "Durango". Group members say they were driven by a strong curiosity about Microsoft's then-unreleased Xbox One console and associated software.[1][2]

Beginning in or about January 2011, Microsoft was the victim of incidents of unauthorized access to its computer networks, including GDNP's protected computer network, which resulted in the theft of log-in credentials, trade secrets and intellectual property relating to its Xbox gaming system. p. 4

In or about September 2013, Alcala and Pokora brokered a physical theft, committed by A.S. and E.A., of multiple Xbox Development Kits (XDKs) from a secure building on Microsoft's Redmond, Washington campus. Using stolen access credentials to a Microsoft building, A.S. and E.A. entered the building and stole three non-public versions of the Xbox One console... p. 31

Apache helicopter simulator software[edit]

The group is also accused of breaching the computer network of Zombie Studios, through which they obtained Apache helicopter simulator software developed for the United States military.[3] David Pokora was quoted as saying: "Have you been listening to the [expletive] that I've done this past month? I have [expletive] to the U.S. military. I have [expletive] to the Australian Department of Defense ... I have every single big company – Intel, AMD, Nvidia – any game company you could name, Google, Microsoft, Disney, Warner Bros., everything."[4]


Four members of the group have pleaded guilty to charges.[5] David Pokora, the first foreign hacker ever to be sentenced on United States soil, received an 18-month prison term on April 23, 2014, and was released in July 2015.[6][7] Holly LeRoux and Sanad Odeh Nesheiwat were sentenced on June 11 and received 24 months and 18 months respectively; Austin Alcala was due for sentencing in July,[8] though, he went on to cooperate with the FBI in resolving another criminal case involving the illegal trade of FIFA coins.[9][10]

Dylan Wheeler (referred to in the indictment as D.W), currently out of reach of the United States, lived in Australia at the time and was charged with a varying degree of charges. He was not convicted, having fled from Australia to Dubai and eventually the Czech Republic over human rights and political issues with his trial[11][12] from where he cannot be extradited since he holds Czech citizenship,[13] and is currently living in the UK.[14] His mother, Anna Wheeler, was later jailed for more than two years for helping him flee Australia to avoid criminal charges.[15][16]

Wheeler alleges that a sixth member, Justin May (referred to as "Person A"), worked with the FBI "to bring down the group".[17] May had previously been placed on pre-trial probation for an earlier offense involving data theft, the agreement of which required him to stay off Xbox Live.[18] He came under renewed interest from the FBI in 2017 after they seized a new BMW coupe and $38,595 in cash that was hidden throughout his home.[10] In June 2021, May was sentenced to seven years in prison for defrauding over 3.5 million dollars from several tech companies, among them Microsoft and Cisco Systems, by exploiting warranty policies to illegitimately receive replacements which were then sold online. [19]


  1. ^ Stephen Totilo. Hackers Charged With Stealing From Valve, Microsoft And More, Kotaku, September 30, 2014.
  2. ^ United States of America vs. Leroux, Nesheiwat, Pokora & Alcala, Smoking Gun
  3. ^ Michael Adams. Teen charged in $100M international scheme to hack Army, tech companies, Army Times, October 3, 2014.
  4. ^ O'Sullivan, Sean (2 October 2014). "Two plead guilty in international hacker case". delawareonline.com. The News Journal.
  5. ^ U.S. Department of Justice. Fourth member of hacking ring pleads guilty to hacking and intellectual property theft, justice.gov, April 01, 2015.
  6. ^ Jessica Reyes. Foreign hacker sentenced for first time ever in US, The News Journal, April 23, 2015.
  7. ^ Leech Tishman. Canadian hacker sentenced for intellectual property theft, lexology.com, May 23, 2015.
  8. ^ Kristine Guerra. Indiana hacker faces sentencing in $100 million scheme, indystar.com, May 22, 2015.
  9. ^ Jason Schreier. FBI Says Alleged Hackers Used FIFA To Steal Millions From EA, Kotaku, November 14, 2016.
  10. ^ a b KarlBaker. Delaware man with history of cyber theft under FBI scrutiny, The News Journal, June 25, 2017.
  11. ^ Stephen Totilo. The Incredible Rise and Fall of a Hacker Who Found the Secrets of the Next Xbox and PlayStation—And Maybe More, Kotaku, February 22, 2013.
  12. ^ Luke Hopewell. The Aussie Kid Who Allegedly Hacked The Gaming Industry Wants To Give Up His Citizenship Over 'Police State' Laws, Gizmodo, July 10, 2015.
  13. ^ "XBox Underground (Part 2) – Darknet Diaries". darknetdiaries.com. Retrieved 2022-01-05.
  14. ^ "XBox Underground (Part 2) – Darknet Diaries". darknetdiaries.com. Retrieved 2022-01-05.
  15. ^ Tim Clark. Mum collapses after being jailed for helping son avoid Xbox hacking charges, The West Australian, 23 February 2017.
  16. ^ "The Teens Who Hacked Microsoft's Videogame Empire—And Went Too Far". WIRED. Retrieved 2018-10-15.
  17. ^ Tim Alamenciak. Broken bumper helped break international hacking case, The Star, October 3, 2014.
  18. ^ Brian Crecente. Court Bans Accused PAX Code Thief From Xbox Live, Takes His PC, Kotaku, October 27, 2010.
  19. ^ "Delaware Man Sentenced to Over Seven Years for Defrauding Cisco Systems, Microsoft, Lenovo, and APC Out of More than $3.5 million in Computer Hardware". www.justice.gov. 2021-06-03. Retrieved 2021-07-21.