Xbox Underground was an international hacker group responsible for gaining unauthorized access to the computer network of Microsoft and its development partners, including Activision, Epic Games, and Valve, in order to obtain sensitive information relating to Xbox One and Xbox Live.
Microsoft's computer network was compromised repeatedly by the Xbox Underground between 2011 and 2013. According to a 65-page indictment, the hackers spent "hundreds of hours" searching through Microsoft's network copying log-in credentials, source code, technical specifications and other data. This culminated in the perpetrators carrying out a physical theft, by using stolen credentials to enter "a secure building" at Microsoft's Redmond headquarters and exiting with Xbox development kits. Group members say they were driven by a strong curiosity about Microsoft's then-unreleased Xbox One console and associated software.
Beginning in or about January 2011, Microsoft was the victim of incidents of unauthorized access to its computer networks, including GDNP's protected computer network, which resulted in the theft of log-in credentials, trade secrets and intellectual property relating to its Xbox gaming system. p. 4
In or about September 2013, Alcala and Pokora brokered a physical theft, committed by A.S. and E.A., of multiple Xbox Development Kits (XDKs) from a secure building on Microsoft's Redmond, Washington campus. Using stolen access credentials to a Microsoft building, A.S. and E.A. entered the building and stole three non-public versions of the Xbox One console... p. 31
The group is also accused of breaching the security network of the United States military. David Pokora was quoted as saying
"Have you been listening to the [expletive] that I've done this past month? I have [expletive] to the U.S. military. I have [expletive] to the Australian Department of Defense ... I have every single big company – Intel, AMD, Nvidia – any game company you could name, Google, Microsoft, Disney, Warner Brothers, everything."
Four members of the group have pleaded guilty to charges. David Pokora, the first foreign hacker ever to be sentenced on United States soil, received an 18-month prison term on April 23, 2015 and was released in July 2015. Nathan Leroux and Sanadodeh Nesheiwat were sentenced on June 11 and received 24 months and 18 months respectively; and Austin Alcala is due for sentencing on July 29.
A fifth member, Dylan Wheeler (referred to in the indictment as D.W), currently out of reach of the United States, lived in Australia at the time and was charged with a varying degree of charges. He was not convicted, and is currently living in Eastern Europe over human rights and political issues with his trial.
- Stephen Totilo. Hackers Charged With Stealing From Valve, Microsoft And More, kotaku.com, September 30, 2014.
- United States of America vs. Leroux, Nesheiwat, Pokora & Alcala, Smoking Gun
- O'Sullivan, Sean (2 October 2014). "Two plead guilty in international hacker case". delawareonline.com. The News Journal.
- U.S. Department of Justice. Fourth member of hacking ring pleads guilty to hacking and intellectual property theft, fbi.gov, April 01, 2015.
- Jessica Reyes. Foreign hacker sentenced for first time ever in US, delawareonline.com, April 23, 2015.
- Leech Tishman. Canadian hacker sentenced for intellectual property theft, lexology.com, May 23, 2015.
- Kristine Guerra. Indiana hacker faces sentencing in $100 million scheme, indystar.com, May 22, 2015.
- Stephen Totilo. The Incredible Rise and Fall of a Hacker Who Found the Secrets of the Next Xbox and PlayStation—And Maybe More, kotaku.com, February 22, 2013.
- Luke Hopewell. The Aussie Kid Who Allegedly Hacked The Gaming Industry Wants To Give Up His Citizenship Over 'Police State' Laws, gizmodo.com.au, July 10, 2015.