[ISN] Stolen code, 9-month hacking spree lead to criminal charges

From: InfoSec News <alerts_at_private>
Date: Fri, 16 Nov 2012 02:22:35 -0600 (CST)
http://arstechnica.com/security/2012/11/stolen-code-9-month-hacking-spree-lead-to-criminal-charges/

By Dan Goodin
Ars Technica
Nov 15 2012

Federal officials have accused a Dutch man of hacking into a New 
Hampshire-based game company, tampering with sensitive user data, and 
using the stolen source code to start a competing online game.

Anil Kheda, 24, of the Netherlands, began his hacking spree in November 
2007 after one of his accounts was deleted from Outwar (an online 
role-playing game with 75,000 active players), according to documents 
filed in US District Court in New Hampshire. Prosecutors allege that two 
months later, he started a competing game called Outcraft using source 
code obtained from the hacked servers. The game earned Kheda at least 
$10,000 in profits. Over the next nine months, he allegedly continued 
the hacks and agreed to stop only if the hacked company—Portsmouth, New 
Hampshire-based Rampid Interactive—paid him money and provided other 
benefits.

According to prosecutors, Kheda claimed to have found vulnerabilities in 
Rampid's network and the Outwar source code that allowed him to gain 
administrator access to the underlying functions of the game. His 
ability to repeatedly delete a user database seemed to indicate his 
claims were at least partially true. The tampering caused Outwar to go 
down for a total of about two weeks over the nine-month stretch, causing 
Rampid to incur more than $100,000 in lost revenue, wages, and other 
costs, according to prosecutors.

"You guys have the following three options," Kheda wrote in a December 
2007 e-mail included in the federal indictment. "1. Let me play again on 
my master account (with everything that was on it), and I will report 
everything when I come across a vulnerability. 2. Pay me $1500 and you 
will never hear from me again. 3. Don't reply to this e-mail and you are 
gonna wish you picked one of the other options."

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Fri Nov 16 2012 - 00:22:35 PST

This archive was generated by hypermail 2.2.0 : Fri Nov 16 2012 - 00:35:10 PST