BreachExchange mailing list archives
Stolen code, 9-month hacking spree lead to criminal charges
From: security curmudgeon <jericho () attrition org>
Date: Fri, 16 Nov 2012 02:43:12 -0600 (CST)
---------- Forwarded message ---------- From: InfoSec News <alerts () infosecnews org> http://arstechnica.com/security/2012/11/stolen-code-9-month-hacking-spree-lead-to-criminal-charges/ By Dan Goodin Ars Technica Nov 15 2012 Federal officials have accused a Dutch man of hacking into a New Hampshire-based game company, tampering with sensitive user data, and using the stolen source code to start a competing online game. Anil Kheda, 24, of the Netherlands, began his hacking spree in November 2007 after one of his accounts was deleted from Outwar (an online role-playing game with 75,000 active players), according to documents filed in US District Court in New Hampshire. Prosecutors allege that two months later, he started a competing game called Outcraft using source code obtained from the hacked servers. The game earned Kheda at least $10,000 in profits. Over the next nine months, he allegedly continued the hacks and agreed to stop only if the hacked company?Portsmouth, New Hampshire-based Rampid Interactive?paid him money and provided other benefits. According to prosecutors, Kheda claimed to have found vulnerabilities in Rampid's network and the Outwar source code that allowed him to gain administrator access to the underlying functions of the game. His ability to repeatedly delete a user database seemed to indicate his claims were at least partially true. The tampering caused Outwar to go down for a total of about two weeks over the nine-month stretch, causing Rampid to incur more than $100,000 in lost revenue, wages, and other costs, according to prosecutors. "You guys have the following three options," Kheda wrote in a December 2007 e-mail included in the federal indictment. "1. Let me play again on my master account (with everything that was on it), and I will report everything when I come across a vulnerability. 2. Pay me $1500 and you will never hear from me again. 3. Don't reply to this e-mail and you are gonna wish you picked one of the other options." [...] _______________________________________________ Dataloss Mailing List (dataloss () datalossdb org) Archived at http://seclists.org/dataloss/ Unsubscribe at http://datalossdb.org/mailing_list Supporters: Risk Based Security (http://www.riskbasedsecurity.com/) Risk Based Security equips organizations with security intelligence, risk management services and on-demand security solutions to establish customized risk-based programs to address information security and compliance challenges. Tenable Network Security (http://www.tenable.com/) Tenable Network Security provides a suite of solutions which unify real-time vulnerability, event and compliance monitoring into a single, role-based, interface for administrators, auditors and risk managers to evaluate, communicate and report needed information for effective decision making and systems management.
Current thread:
- Stolen code, 9-month hacking spree lead to criminal charges security curmudgeon (Nov 16)