Especially for the start of the “Ethical Hacker” course, we translated the story of Xbox enthusiast David Pokora, who started by hacking games for fun and then created the hacker group XBox Underground. The group hacked software from gaming companies and even tried to sell their own Xbox One several years before the official release.
He lived with his family in Mississauga, a city in Ontario, Canada. In elementary school, he took programming lessons, created simple programs, and was considered a "natural programmer."
David Pokora - Xenomega
Programming caught his attention ten years later, during a family trip to a village in Poland. In a place with no Wi-Fi and nothing to do, he began learning Visual Basic (.NET). The experience of learning without access to the Internet sparked his interest in programming, and upon returning home he became hooked on programming and was ready to learn more.
When David finally plunged into the waters of programming, his parents bought him his first Xbox, on which Pokora spent countless hours playing his favorite Halo 3. Over time, he wanted to learn more about the console, and managed to find a community of hackers hacking Xbox, bringing the console to the desired level. condition.
As soon as David learned that this was possible, he began to polish his beloved Halo. David interacted with hacker communities on IRC, learning about how to change the game's physics to fill landscapes with digitized water or replace blue skies with rain.
Dev-kits are machines that were used by Microsoft developers to create the Xbox. They looked like regular consoles, but inside they contained tools for game development, including debugging tools, which means that in the hands of a hacker, dev-kit turned into a tool for manipulating Xbox software and a means of running code on behalf of an authorized programmer.
It was very difficult to find dev-kits; Microsoft sent them only to trusted companies involved in the game industry. After going bankrupt, some of them threw dev-kits into recycling centers in the mid-2000s. That's when Rowdy Vav Cleave, a California technology manager and member of the hacker group Team Avalaunch, learned of a nearby recycling center that was selling Xbox DVDs for cheap.
After purchasing some hardware and a few motherboards, he installed one of them on his Xbox 360 and was surprised when the machine booted up and the debug mode was activated. Rowdy had stumbled upon the holy grail of all Xbox hackers. He then convinced the recycling center manager to buy all the Xbox hardware out of the trash. He kept some of the equipment at home, sold another part to customers he trusted, and gave away the third to his friends.
One of his trusted customers was 16-year-old David Pokora, who also helped Vav Cleve sell some of the equipment he had purchased. David was able to become friends with some of his clients, including a guy living in Delaware named Justin May.
Once Pokora acquired his dev-kit, he spent many hours every day hacking Halo 3; At school he slipped lower and lower, but the main and only education for David was programming using dev-kit.
On a hacker forum, he met Anthony Clark, an 18-year-old hacker who, together with David, was creating a tool for hacking Halo 3, adding unique abilities to the game's main character. By posting their work on Halo 3 online, they received approval from professional programmers. The clouds were just beginning to gather over the team.
In 2009, hackers used the Xbox Live testing environment, PartnerNet, to steal unreleased game software, including a Halo 3 map they shared with friends. They could only connect to it using a whitelisted Xbox 360 development kit they already had.
The next time they hacked the game to steal software, they laughed when they noticed a message on the main screen from Bungie engineers: "Winners don't rush to PartnerNet." The team saw no reason to stop playing with the Bungie programmers, because in their opinion, they were not doing it for the sake of wealth, but for the love of Xbox.
They managed to hack the Call of Duty series and make a mod for the game in which players could have superpowers such as flying, running at the speed of light, etc. They then created a "mod lobby" - a place on Xbox Live where players with JTAG -consoles participated in online knockout matches, etc. They charged up to $100 per hour per player, and then for an additional amount of money they offered so-called “infections”, in which players could get their “superpowers” that persist and in standard games that have not been hacked.
Microsoft tried to fight it by scanning players' consoles for JTAG hacks and then banning them. However, David and Clark found a workaround and, thanks to their efforts, were able to earn thousands of dollars a day. David enjoyed the fruits of his success, known as Xenomega on hacker forums, and still lived with his parents but spent many nights in luxury hotels and restaurants with his girlfriend.
Dylan (SuperDaE) Wheeler
Having gained a foothold in the Epic network, the two hackers needed more help. Dylan, who knew David from the forums, asked David to help them pull Halo cards from the semi-open PartnerNet network and hack into the secure closed network where the company stores its confidential data.
Of course, these actions are more criminal, but David's curiosity got the better of him and he agreed to help Dylan, following some basic rules, such as not using credit card information and leaking personal information about Epic customers.
Sanadodeha (Sonic) Nesheiwat
Due to the huge amount of data they found, they recruited another hacker named Sanadodeh "Sonic" from New Jersey, who downloaded a copy of Gears of War 3 and a large amount of private information about video games developed by Epic Games and sent them to David. David shared the game with several friends, including his distributor Justin May. Within a few days, a copy of the game appeared on the forums in the form of a torrent.
News of the Gears of War 3 leak led to an FBI investigation, during which the Federal Bureau learned of the existence of a group of hackers by reading Epic Games emails.
However, the investigation died down because the company made no apparent effort to block the hackers: it appeared to be unable to determine the hacker group's method of entry, and the FBI was unable to find the hackers.
Young hackers continued to blithely hack other organizations through access to Epic Games. They hacked Scaleform, an intermediary company that supplied technology equipment to Epic Games, and then infiltrated Zombie Studios, the developer of the Spec Ops games, where they discovered tunnels for remote access to customers and US military companies. To instill fear in the people trying to find them, at Wheeler's suggestion, they gave their group the name "Xbox Underground".
In 2010, Justin May was arrested at a gaming convention in Boston for attempting to download game software source code. However, Pokora trusted Justin, and in 2011, they made a deal with Xbox-dev-guy to sell him some pre-release games they had stolen. Their close relationship caused problems within the hacker group due to Justin's past when he was caught in 2010.
Nathan (animefre4k) Leroux
In 2012, they recruited two more highly skilled hackers, Austin "AAmonkey" Alcala, a high school student from Indiana, and Nathan "animefre4k" Leroux, who lived in Maryland, to help break into Zombie's network.
They also managed to steal documents from Microsoft servers for an early version of Durango, the next-generation Xbox now known as Xbox One. They didn't sell the documents to a Microsoft competitor, but they assembled and sold copies of the Durango console using off-the-shelf components and managed to find sellers to whom they sold them for $5,000.
One of the Durangos never arrived at the customer's location, leading to a complaint and rumors within the group that the FBI had taken the console and was looking for hackers. Then Wheeler, driven by a desire to become famous as the best Xbox hacker, put up a bid for the non-existent console on eBay.
The bid exceeded $20,000 before eBay canceled the auction, declaring it fraudulent. Pokora was furious that Wheeler was causing a huge surge in media attention and ended his relationship with him.
Over the next few weeks, several members of the group disappeared without a trace, and rumors that the FBI were looking for them, along with suspicions that there was a “mole” among them, increased anxiety in the group.
After Wheeler became involved in the eBay auction, he continued to operate alone. In late 2012, the FBI raided Santodeh Nesheiwat's New Jersey home. He posted the warrant online and went crazy with the desire to hire a hit man to kill the judge who signed the warrant. Following the Gears of War leak in 2011, US federal prosecutors opened a case against the hacking group, with Edward McAndrew as the lead investigator.
Wheeler's dangerous behavior forced them to act quickly, and in February 2013 they raided Wheeler's Perth home, taking all of his equipment and hard drives, but not arresting him.
In 2013, Edward McAndrew filed a sealed multi-count indictment against Pokora, Nesheiwat and Leroux for crimes including wire fraud, identity fraud and conspiracy to steal trade secrets. The case is based on evidence obtained from an informant identified as "Person A." According to many sources, "Person A" was Justin May, who, when asked if he was an insider, did not comment. At the time, he was on trial for allegedly stealing millions of dollars worth of equipment from Cisco and Microsoft.
In September 2013, Armand walked into the building where the Durango prototypes were stored, and after a couple of hours of excitement, he managed to squeeze two consoles into his backpack. He then sent the stolen consoles to Pokora and Alcala.
A few weeks later, Armand was hired by Microsoft for a position in the quality assurance department. Investigators saw him leave the building on the day of the theft of the consoles (via a camera installed at the Microsoft campus), but did not immediately identify him. Until the end of 2013, Pokora hacked Xbox 360 games for his Horizon cheat engine.
In March 2014, David needed a new bumper for his car, but the seller did not ship to Canada, so he arranged to meet his friend Justin May in Wilmington, Delaware, where Justin lived. He visited with his father, and it was the first time he had met Justin in person after years of collaborating on hacking endeavors.
In April 2014, David agreed to the plea deal proposed by the investigation and helped the affected companies identify and eliminate the vulnerabilities exploited by David and his team.
Nathan Leroux was also arrested in March 2013 in Wisconsin during an FBI raid on his home. Unlike David, he was released on bail and lived with his parents during the trial, but after a couple of months he decided to cut the police beacon off his leg and fled to Canada. Border police surrounded him on his way to cross the border, but he had only one choice and decided to self-inflict multiple stab wounds. Doctors managed to save his life, and as soon as he was released from the hospital, they transported him back home.
Pokora, Neshiwewat and Leroux pleaded guilty to the charges and were sentenced: Pokora and Neshiwewat received 18 months in prison, and Leroux received 2 years.
After being released from prison, Leroux returned to Madison, Wisconsin and continued to work for his previous employer, Human Head Studios, a gaming software company that went out of business after the release of Rune 2 in 2019.
Nesheiwat was about 30 years old after his release and was not as successful as the other two members of the group. He struggled with drug addiction and was arrested again in late 2017 for violating his probation for using opiates. He then successfully left rehab and began rebuilding his life.
Today, the gaming industry is more secure than ever, but the cycle of hacks and patches will continue forever: in today's digital world, security is an ongoing process. Finding vulnerabilities in a company's network or systems as quickly as possible can reduce the risk of an attack spreading to other organizations, companies, or even the network of many companies. Regardless of industry, assessing security policies quarterly and conducting routine security tests/scans should be a top priority for any company.
In addition, the number of startups in information technology is growing steadily; More and more people are interested in IT, and, given the above, the demand for ethical hacking in the world will only grow. If you are interested in the field of ethical hacking, or want to make money from hacking legally, you may want to take a look at our course on legal hacking.
(c) Original author: Black Hat
Early years
Long before the release of the Xbox, in 1995, at the age of just three, David Pokora was mastering first-person shooter games on his parents' computer. He fell in love with games and was fascinated by the idea of "magical" controls that he could achieve by playing video games.He lived with his family in Mississauga, a city in Ontario, Canada. In elementary school, he took programming lessons, created simple programs, and was considered a "natural programmer."
David Pokora - Xenomega
Programming caught his attention ten years later, during a family trip to a village in Poland. In a place with no Wi-Fi and nothing to do, he began learning Visual Basic (.NET). The experience of learning without access to the Internet sparked his interest in programming, and upon returning home he became hooked on programming and was ready to learn more.
When David finally plunged into the waters of programming, his parents bought him his first Xbox, on which Pokora spent countless hours playing his favorite Halo 3. Over time, he wanted to learn more about the console, and managed to find a community of hackers hacking Xbox, bringing the console to the desired level. condition.
"Kindergarten Safety" from Microsoft
Hackers reverse engineer the console and eavesdrop on communication data between the processor, RAM and flash memory chip. Cryptography expert Bruce Schneier called the discovery "kindergarten security." Microsoft left the decryption key for booting the machine in an accessible memory area, and this allowed the Xbox to load homebrew programs, make it stream music, run Linux, and emulate other game consoles such as Nintendo; the only thing that needed to be done was to reflash the console.As soon as David learned that this was possible, he began to polish his beloved Halo. David interacted with hacker communities on IRC, learning about how to change the game's physics to fill landscapes with digitized water or replace blue skies with rain.
The Holy Grail of Xbox Hackers
In 2005, the second generation of Xbox, the Xbox 360, was released without the ridiculous security flaws of the previous version; Thus ended the happy days of hackers: code not approved by Microsoft could no longer be run. The only workaround back then was the Xbox 360 development kit hardware, known as the Dev-kit.Dev-kits are machines that were used by Microsoft developers to create the Xbox. They looked like regular consoles, but inside they contained tools for game development, including debugging tools, which means that in the hands of a hacker, dev-kit turned into a tool for manipulating Xbox software and a means of running code on behalf of an authorized programmer.
It was very difficult to find dev-kits; Microsoft sent them only to trusted companies involved in the game industry. After going bankrupt, some of them threw dev-kits into recycling centers in the mid-2000s. That's when Rowdy Vav Cleave, a California technology manager and member of the hacker group Team Avalaunch, learned of a nearby recycling center that was selling Xbox DVDs for cheap.
After purchasing some hardware and a few motherboards, he installed one of them on his Xbox 360 and was surprised when the machine booted up and the debug mode was activated. Rowdy had stumbled upon the holy grail of all Xbox hackers. He then convinced the recycling center manager to buy all the Xbox hardware out of the trash. He kept some of the equipment at home, sold another part to customers he trusted, and gave away the third to his friends.
One of his trusted customers was 16-year-old David Pokora, who also helped Vav Cleve sell some of the equipment he had purchased. David was able to become friends with some of his clients, including a guy living in Delaware named Justin May.
Once Pokora acquired his dev-kit, he spent many hours every day hacking Halo 3; At school he slipped lower and lower, but the main and only education for David was programming using dev-kit.
On a hacker forum, he met Anthony Clark, an 18-year-old hacker who, together with David, was creating a tool for hacking Halo 3, adding unique abilities to the game's main character. By posting their work on Halo 3 online, they received approval from professional programmers. The clouds were just beginning to gather over the team.
In 2009, hackers used the Xbox Live testing environment, PartnerNet, to steal unreleased game software, including a Halo 3 map they shared with friends. They could only connect to it using a whitelisted Xbox 360 development kit they already had.
The next time they hacked the game to steal software, they laughed when they noticed a message on the main screen from Bungie engineers: "Winners don't rush to PartnerNet." The team saw no reason to stop playing with the Bungie programmers, because in their opinion, they were not doing it for the sake of wealth, but for the love of Xbox.
Hacking JTAG and the opportunity to earn money
JTAG stands for The Joint Test Action Group, which was an industry body in the 1980s that recommended adding pins to all printed circuit boards. JTAG hacking was named after them because of a weak point in the motherboard of the then invulnerable (until 2009) Xbox 360: a special modchip could connect to a secret set of pins on the motherboard, and this made it possible to reduce the console's security to nothing. When news of the hack broke, many people rushed to get JTAG for their Xboxes, but Pokora and Clark thought about the opportunity to make money from it.They managed to hack the Call of Duty series and make a mod for the game in which players could have superpowers such as flying, running at the speed of light, etc. They then created a "mod lobby" - a place on Xbox Live where players with JTAG -consoles participated in online knockout matches, etc. They charged up to $100 per hour per player, and then for an additional amount of money they offered so-called “infections”, in which players could get their “superpowers” that persist and in standard games that have not been hacked.
Microsoft tried to fight it by scanning players' consoles for JTAG hacks and then banning them. However, David and Clark found a workaround and, thanks to their efforts, were able to earn thousands of dollars a day. David enjoyed the fruits of his success, known as Xenomega on hacker forums, and still lived with his parents but spent many nights in luxury hotels and restaurants with his girlfriend.
Hack Epic Games
In 2010, a 14-year-old Australian hacker named Dylan Wheeler and his American friend under the nickname Gamefreak managed to obtain a list of passwords for Epic Games' public forums. Dylan found the password for the personal account of an Epic Games IT department employee.
Dylan (SuperDaE) Wheeler
Having gained a foothold in the Epic network, the two hackers needed more help. Dylan, who knew David from the forums, asked David to help them pull Halo cards from the semi-open PartnerNet network and hack into the secure closed network where the company stores its confidential data.
Of course, these actions are more criminal, but David's curiosity got the better of him and he agreed to help Dylan, following some basic rules, such as not using credit card information and leaking personal information about Epic customers.
Sanadodeha (Sonic) Nesheiwat
Due to the huge amount of data they found, they recruited another hacker named Sanadodeh "Sonic" from New Jersey, who downloaded a copy of Gears of War 3 and a large amount of private information about video games developed by Epic Games and sent them to David. David shared the game with several friends, including his distributor Justin May. Within a few days, a copy of the game appeared on the forums in the form of a torrent.
News of the Gears of War 3 leak led to an FBI investigation, during which the Federal Bureau learned of the existence of a group of hackers by reading Epic Games emails.
However, the investigation died down because the company made no apparent effort to block the hackers: it appeared to be unable to determine the hacker group's method of entry, and the FBI was unable to find the hackers.
Young hackers continued to blithely hack other organizations through access to Epic Games. They hacked Scaleform, an intermediary company that supplied technology equipment to Epic Games, and then infiltrated Zombie Studios, the developer of the Spec Ops games, where they discovered tunnels for remote access to customers and US military companies. To instill fear in the people trying to find them, at Wheeler's suggestion, they gave their group the name "Xbox Underground".
New people and complications in the group
David was too preoccupied with accessing forbidden gaming software to heed the advice and warnings of fellow hackers and friends, who constantly warned him that he might get arrested for diving too deep, but Pokora refused to acknowledge the danger. David continued to steal pre-release software, including an early copy of Call of Duty: Modern Warfare 3. He finally downloaded the database, but was also proud of how little he cared about making money: "We could sell it for Bitcoin , which with the right approach are not tracked. There are easy 50,000."In 2010, Justin May was arrested at a gaming convention in Boston for attempting to download game software source code. However, Pokora trusted Justin, and in 2011, they made a deal with Xbox-dev-guy to sell him some pre-release games they had stolen. Their close relationship caused problems within the hacker group due to Justin's past when he was caught in 2010.
Nathan (animefre4k) Leroux
In 2012, they recruited two more highly skilled hackers, Austin "AAmonkey" Alcala, a high school student from Indiana, and Nathan "animefre4k" Leroux, who lived in Maryland, to help break into Zombie's network.
Pentagon's Apache helicopter simulator and the Durango story
A hacker group stumbled upon a tunnel between Zombie studios and a US Army server. On the server they discovered a simulator of the AH-64D Apache helicopter, which the Zombie studio was developing under a contract with the Pentagon.They also managed to steal documents from Microsoft servers for an early version of Durango, the next-generation Xbox now known as Xbox One. They didn't sell the documents to a Microsoft competitor, but they assembled and sold copies of the Durango console using off-the-shelf components and managed to find sellers to whom they sold them for $5,000.
One of the Durangos never arrived at the customer's location, leading to a complaint and rumors within the group that the FBI had taken the console and was looking for hackers. Then Wheeler, driven by a desire to become famous as the best Xbox hacker, put up a bid for the non-existent console on eBay.
The bid exceeded $20,000 before eBay canceled the auction, declaring it fraudulent. Pokora was furious that Wheeler was causing a huge surge in media attention and ended his relationship with him.
Over the next few weeks, several members of the group disappeared without a trace, and rumors that the FBI were looking for them, along with suspicions that there was a “mole” among them, increased anxiety in the group.
Complications in the group
David is focusing on Horizon, his cheat service for Xbox. He broke up with Clark due to disagreements over their Call of Duty “services.” Clark then began selling virtual currency for FIFA on the black market.After Wheeler became involved in the eBay auction, he continued to operate alone. In late 2012, the FBI raided Santodeh Nesheiwat's New Jersey home. He posted the warrant online and went crazy with the desire to hire a hit man to kill the judge who signed the warrant. Following the Gears of War leak in 2011, US federal prosecutors opened a case against the hacking group, with Edward McAndrew as the lead investigator.
Wheeler's dangerous behavior forced them to act quickly, and in February 2013 they raided Wheeler's Perth home, taking all of his equipment and hard drives, but not arresting him.
In 2013, Edward McAndrew filed a sealed multi-count indictment against Pokora, Nesheiwat and Leroux for crimes including wire fraud, identity fraud and conspiracy to steal trade secrets. The case is based on evidence obtained from an informant identified as "Person A." According to many sources, "Person A" was Justin May, who, when asked if he was an insider, did not comment. At the time, he was on trial for allegedly stealing millions of dollars worth of equipment from Cisco and Microsoft.
The end is near
Knowing nothing about this case, Pokora continued his criminal activities. This time he collaborated with Alcala, who told him that he knew a guy named Armand who wanted to steal real Durango (Xbox One) prototypes from the Microsoft campus in Redmond. Armand had already purchased one Durango for personal use a year earlier, when he used a cloned RFID card to enter the Microsoft campus.
In September 2013, Armand walked into the building where the Durango prototypes were stored, and after a couple of hours of excitement, he managed to squeeze two consoles into his backpack. He then sent the stolen consoles to Pokora and Alcala.
A few weeks later, Armand was hired by Microsoft for a position in the quality assurance department. Investigators saw him leave the building on the day of the theft of the consoles (via a camera installed at the Microsoft campus), but did not immediately identify him. Until the end of 2013, Pokora hacked Xbox 360 games for his Horizon cheat engine.
In March 2014, David needed a new bumper for his car, but the seller did not ship to Canada, so he arranged to meet his friend Justin May in Wilmington, Delaware, where Justin lived. He visited with his father, and it was the first time he had met Justin in person after years of collaborating on hacking endeavors.
Arrest and charge
Pokora ended up having bad luck when he passed a Border Patrol building on his way to the United States. Scanning David's passport, the officer saw that a warrant had been issued in his name for illegal hacking activities. David was arrested on the spot, and little did anyone know that he would spend eight months in custody on multiple charges of conspiracy to steal up to $1 billion worth of intellectual property.In April 2014, David agreed to the plea deal proposed by the investigation and helped the affected companies identify and eliminate the vulnerabilities exploited by David and his team.
Nathan Leroux was also arrested in March 2013 in Wisconsin during an FBI raid on his home. Unlike David, he was released on bail and lived with his parents during the trial, but after a couple of months he decided to cut the police beacon off his leg and fled to Canada. Border police surrounded him on his way to cross the border, but he had only one choice and decided to self-inflict multiple stab wounds. Doctors managed to save his life, and as soon as he was released from the hospital, they transported him back home.
Pokora, Neshiwewat and Leroux pleaded guilty to the charges and were sentenced: Pokora and Neshiwewat received 18 months in prison, and Leroux received 2 years.
Life after prison
David, who was 26 at the time of his release, was worried about his mental health and that prison might have permanently affected his brain. He had a hard time putting together his resume because the FBI confiscated all the computers he owned before his arrest, and most of the software he created was missing. He eventually got his life in order, met a girl, and then went to the University of Toronto.After being released from prison, Leroux returned to Madison, Wisconsin and continued to work for his previous employer, Human Head Studios, a gaming software company that went out of business after the release of Rune 2 in 2019.
Nesheiwat was about 30 years old after his release and was not as successful as the other two members of the group. He struggled with drug addiction and was arrested again in late 2017 for violating his probation for using opiates. He then successfully left rehab and began rebuilding his life.
And lastly
David Pokora knows that in the world of games he will always be a hacker. His love and passion for gaming led him to learn more about gaming software development, but promises of money from cheat engines and curiosity about hacking gaming software manufacturers led him down the wrong path.Today, the gaming industry is more secure than ever, but the cycle of hacks and patches will continue forever: in today's digital world, security is an ongoing process. Finding vulnerabilities in a company's network or systems as quickly as possible can reduce the risk of an attack spreading to other organizations, companies, or even the network of many companies. Regardless of industry, assessing security policies quarterly and conducting routine security tests/scans should be a top priority for any company.
In addition, the number of startups in information technology is growing steadily; More and more people are interested in IT, and, given the above, the demand for ethical hacking in the world will only grow. If you are interested in the field of ethical hacking, or want to make money from hacking legally, you may want to take a look at our course on legal hacking.
(c) Original author: Black Hat
