Darknet Diaries - Ep 45: XBox Underground (Part 1)
Episode Date: August 20, 2019This is the story about the XBox hacking scene and how a group of guys pushed the hacking a little too far.This is part 1 of a 2 part series.SponsorsThis episode was sponsored by Nord VPN. Vi...sit https://nordvpn.com/darknet and use promo code "DARKNET".This episode was sponsored by Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn't be. Check them out at https://canary.tools.This episode was sponsored by IT Pro TV. Get 65 hours of free training by visiting ITPro.tv/darknet. Use promot code "DARKNET25".Â
Transcript
Discussion (0)
So I kind of want to start the show with just you talking about how, you know, the original Xbox got hacked.
Mm-hmm. Sure.
This is Bunny, or at least Bunny is his hacker handle.
Back in 2003, he published a book called Hacking the Xbox just after graduating from MIT.
Yeah, I was at MIT as a grad student at the time.
Oh, and just as a random fact here, the term hacker actually emerged from the MIT Tech Model Railroad Club
in the 1960s. And that ethos sort of paved the way for the hacker culture today. They were hacking
model railroad sets to make them do things they weren't intended to do. And Bunny fit right in
with this hacker culture at MIT. Basically, every toy, every game console I had gotten since
childhood, I'd always taken a part. And like, you know, if I got tired
of playing the game, I would just, you know, change the resources in the game and get the
high score or whatever it is. So it was more fun to sort of like hack the games than it was to play
the game itself is the bottom line. Around this time, the original Xbox came out. Bunny got a
hold of one and found it had high end computing parts in it. It was when I took it apart, it was
very clearly a PC to me on the inside, right?
And being able to run my own code on it, put Linux on it to do, make the game do what I
want to do, right, was just a natural impulse to me.
If you paid whatever, $300 it was at the time for this thing, that's not a small amount
of money, particularly to a student.
And then you're told that you can't use it
for what you want to use it for.
Like, what if I'm done playing games?
I need a computer to write my paper, right?
This is ridiculous, right?
So that's sort of like the feeling
that ran through my blood at the time.
So that's the goal.
Bunny owned an Xbox,
which had all these parts that a computer would have,
and he wanted to use it like a PC.
Yeah, it was basically a high-end PC.
It should be able to run my word processing software,
or I should be able to just tell it to boot to a shell or something like that
so I can do what I want with it.
It seemed like a reasonable prospect to me.
So he tried to put his own software on it, but there was a problem.
It wouldn't run.
So the firmware image needed to be signed, encrypted to a key. And the key was not
known, obviously, to the people who didn't have it. And so I couldn't put my own code in there
unless I had that key. Challenge accepted. Forget about playing the games on the Xbox. The game now
was to find this key and somehow make it so he could run his own software right i mean so a bunch of people
were searching for it at the time and i figured they would just crack it open but you know they
all sort of pointed down to this um what was a hidden key um that's read from a location site
of memory um that would be sort of mapped out after you booted so sort of like you know you
sort of the process to wake up in the morning,
it would go to a secret location, you know, get its keys,
and then it would like sort of brick over the door,
turn it into a regular wall so you couldn't find it again.
So once you're in that outside space,
none of the other exploits could figure out what that key was.
And so it was obviously hidden somewhere in the hardware,
sort of extra architectural feature of the Xbox.
And since I was a hardware guy,
doing sort of research on hardware at the time,
this sort of played into my alley, so I started poking around.
After a lot of research, Bunny had an educated guess
that this key probably travels over a specific wire or bus.
And he tried to figure out a way to sort of sniff the data
that was going over that bus.
Simply put, I built a little circuit board
that could capture the data going across that bus
and log it to another piece of hardware
that we could use for later analysis.
And then essentially, when we sort of boot the device,
we could watch that secret ROM going to the CPU, and then, you know, observe the key embedded inside
that secret ROM. And this worked, he captured the data, which looked kind of like it could be a key.
He tried using the key in different ways to test some code, but it wasn't working. But then he used the key with
a certain offset and shazam, the whole thing started being decrypted. I had to pinch myself.
I mean, I couldn't believe it. And then I was like, this can't be like, this had to be a mistake
in the code. Couldn't be right. You know? And so then I just double checked and double checked.
I was like, holy cow, this is it. Like, this is, this is the key. I couldn't believe it.
I think it was like 4 a.m., right?
And so my girlfriend was asleep already in the hut, so I wasn't going to bother her, right?
But I was, like, jumping out of my skin and, like, couldn't, like, you know, scream and shout.
So, you know, I sent a note into the IRC forum that was on at the time, and other people validated it that it was correct.
And then the next day, I saw my PhD advisor and told him about it. And that's when he informed me about the DMCA and all the consequences that could have happened as a result of this. I was like, oh my God, I didn't even realize this was like, I didn't even realize this was like a thing. Like, why? How could this even possibly be illegal for me trying to run my own code on my own box?
The DMCA, or Digital Millennium Copyright Act, specifically says it's illegal to disseminate technology in order to circumvent copyright protections.
But the excitement of cracking a key on the Xbox was thrilling.
Bunny kept tinkering with it and eventually got the Xbox to run Linux, which was a victory in this little game he set out to play.
But now there was this looming issue little game he set out to play. But now there
was this looming issue that this whole thing might be illegal. Bunny, being a good MIT student,
wanted to do the right thing. We want to do the whole responsible disclosure thing, like, you know,
sort of tell Microsoft about the problem, you know, figure out the right way to present the research,
you know, that sort of stuff. And so for several months,
it went back and forth with lawyers and whatnot to try and figure out what was the right way to
disclose the research without, you know, doing it irresponsibly.
Bunny and Microsoft came to an agreement. Microsoft said, you can publish your report, but...
Basically, just don't share the key, right? You can tell how you did it and,
you know, what the research was and all the methods, but just don't print the exact key. That's reasonable, right?
Bunny started writing about how to reverse engineer the Xbox, but he had to make a choice on where to stop with all this hacking.
I kind of wanted to avoid anything that could be perceived as unlawful, particularly because I wanted to go public with it and I wanted to share the results
of the work, right? So you can't really play it both ways. Either you go white hat or you go black
hat, right? And so I just solidly decided I was going to go white hat on this one.
So one thing led to another and Bunny ended up writing an entire book on how to hack the Xbox
and reverse engineer it. He ended up actually
self-publishing the book and sold it through his own website. And guess what? It became fairly
popular. Drive up to the post office with like this, I had this old Maxima sedan, you know,
filled floor to ceiling with books and envelopes. And they kind of like, oh, it's that guy again,
that weirdo with the car full of books. And they'd bring out a big, whatever the rolling cartons are,
and I would just dump it all in there.
And this book inspired many hackers to learn how to do this
and to take this so much further.
I think the problem that every technologist faces
is that every technology is potentially dual use.
This happened with the atomic bomb.
Some people thought they could, you know,
create an energy source for humanity and other people saw a weapon. There is, I think there is
a responsibility of the technologists to consider potential ethical ramifications of what they do,
but it's also not the place for technologists to deprive all of humanity because they solely
judge that that you know
technology may be used one way or the other it's just something you have to be aware of and then
disclosure and how you educate people how to use it you know uh we didn't say oh yo man shouldn't
touch fire because fire can lead to burns right we it also leads to cooking and heating and staying
alive right so you know i, the question does keep me up
a lot at night, but at the end of the day, some people are going to do what they want to do.
Right. And I, I, you know, who am I to say what's right or wrong. And, uh, you know, over time,
sometimes things will evolve in a direction you can't control, but, uh, you know, I think to each
their own at that point in time, it's like, you know, there's only so much you can't control, but I think to each their own at that point in time.
There's only so much you can do to sort of control destiny, right?
These are true stories from the dark side of the internet.
I'm Jack Recider.
This is Darknet Diaries. I'm Jack Recider.
This is Darknet Diaries.
This episode is sponsored by Delete Me.
I know a bit too much about how scam callers work. They'll use anything they can find about you online to try to get at your money.
And our personal information is all over the place online.
Phone numbers, addresses, family members, where you work, what kind of car you drive.
It's endless.
And it's not a fair fight.
But I realize I don't need to be fighting this alone anymore.
Now I use the help of Delete.me. Delete.me is a subscription service that finds and removes personal information from hundreds of data brokers' websites and continuously works to keep it off.
Data brokers hate them because Delete.me makes sure your personal profile is no longer theirs
to sell. I tried it and they immediately got busy scouring the internet for my name and gave me
reports on what they found.
And then they got busy deleting things.
It was great to have someone on my team when it comes to my privacy.
Take control of your data and keep your private life private by signing up for Delete Me.
Now at a special discount for Darknet Diaries listeners.
Today get 20% off your Delete Me plan when you go to joindeleteme.com slash darknet diaries and use promo code dark net at checkout.
The only way to get 20% off is to go to join delete me.com slash dark net
diaries and enter code dark net at checkout.
That's join delete me.com slash dark net diaries.
Use code dark net.
Okay.
I guess the best thing to start is basically from the beginning. Wait, wait, wait,
wait. Before we get started, what should we call you? Skitzo's fine. Okay, Skitzo it is.
Skitzo was a member of the Xbox hacking crew called Team Avalanche. It was big in like 2009.
Oh, and I should give a warning somewhere at the beginning here this episode and the next episode they're explicit in nature there are a lot of cuss words in these
two the second one gets dark we're going to talk about drugs and depression then but if you can
make it through that holy cow are you in for an amazing story it's so amazing i can hardly believe
any of this except i do believe it because I spent months fact-checking this as much as possible,
but it's still unbelievable.
Ah, jeez.
Team Avalanche is a collective group of hackers and hardware enthusiasts.
Let's put it that way.
The main focus there was Xbox.
There were, I mean, some members
that ventured into different areas. You had individuals like Lantis that was really, really
great with the emulation side of things. People like Redline who could do wonders with networking.
And then you had some greed and you had some people that took up space
for God knows what. The original Xbox that came out was amazing. The graphics were stunning. The
games were great. Halo was my favorite, of course. The AI of the enemies in that game was just like
anything I've ever seen before. It was amazing. But after the Xbox was out for a while and that
initial sheen sort of wore off, some people didn't like the dashboard that came with it.
The Xbox dashboard is the menu within the Xbox,
and it lets you pick the games you want to play,
log into Xbox Live, look at your settings, that kind of stuff.
The stock dashboard just wasn't enough for this group of hackers,
so they got together to try to make a better dashboard.
They wrote the software themselves and then got the Xbox to play it.
This wasn't easy to do, then got the Xbox to play it.
This wasn't easy to do, to hack the Xbox into playing your own homemade software,
but eventually they got it. And the dashboard that Team Avalanche made was pretty popular among the people who liked modding their Xbox. Another thing this group tried to do is play other games on the
Xbox, like Nintendo games and PlayStation games. And you know what? They were doing it. They were
hacking the Xbox to play all kinds of games
that Xbox was not supposed to play.
But really, if we take out our moral compass here,
changing the dashboard and running emulators on your Xbox
might be just entering the yellow area of hacking.
Yeah, it's against the terms of service and might be illegal,
but it's not really that big of a deal
for someone like Microsoft to crack down on, investigate,
or hire some lawyers to go after you.
It was very, it was, you know, you want to do this with your Xbox,
you're going to do this with your Xbox.
But it was never a malicious attack on anything.
It was a hobby.
So Team Avalanche tinkered and toyed with getting the Xbox
to do all kinds of things.
When the Xbox 360 came out in 2005, they were all over that too.
And that's more or less where I come in.
During that time of the OG Xbox scene, I was more into the Sony and Dreamcast scene.
It wasn't only until the 360 scene, that's where I came in with Team Avalanche.
The Xbox 360 architecture was more secure than the original Xbox. Remember how Bunny was able
to sniff that key off of one of the buses on the Xbox? Well, the 360 made it so the key never left
the chip that it was on, making it impossible to do what Bunny did. So all new methods for
getting custom software to run on the xbox had to be done
team avalanche figured this out and built a custom dashboard for the 360 a few things were released
publicly for other people to also do but a lot of hacking was just kept secret within the group
and wasn't publicly shared i mean obviously we ruffled feathers but we weren't there to play
pirated games i mean obviously ultimately when when people
when majority of people that will do this want to do that i mean i i was more than happy playing cps
three games and super nintendo games and xbmc on on my og xbox um then i was more concerned about
you know playing uh playing a pirated game.
So you kind of get the feel of what Team Avalanche is up to, right?
They're figuring out how to mod the Xbox, take it apart, make it do things it's not supposed to do.
One of the members of Team Avalanche was named Rowdy Van Cleave.
He was 38 years old, living in California.
Howdy got lucky.
So hold on.
I call him Rowdy.
You call him Howdy. You call him Howdy.
I call him Howdy.
Okay, but he goes by both?
He goes by both.
Howdy, um, Howdy was at the right place at the right time.
Howdy had a friend who had access to a recycling facility.
So this is like an electronics recycling facility.
Computers often contain a lot
of toxic components and need to be disposed of properly. And Rowdy heard there were Xbox DVD
drives for sale at this facility cheap. So he went down there to take a look. While he was down there,
he found a couple of Xbox 360 motherboards. But these look different than what Rowdy knew
an Xbox 360 motherboard looked like. So he took a few of
these motherboards home and popped one into his Xbox 360 and booted it up. The words that Rowdy
said next were, holy shit, this is a freaking dev motherboard. The Xbox 360 dev motherboards were
used by programmers themselves to make video games for the Xbox. You could only get one after
Microsoft vigorously
screened you to be a legitimate developer. It enabled a lot more features on the Xbox and gave
them extra access to do things. So under no circumstance did Microsoft ever want these in
the hands of consumers, much less Xbox hackers. They called these dev kits and they looked, acted, and worked just like a regular Xbox 360, but with a ton more features.
Rowdy knew this, and to him, this was a jackpot of a find.
He went back to the facility to look for more, and couldn't believe what he saw.
There were thousands and thousands and thousands of kits.
Here, I'll put it to you in this way.
I had a kit that was covered in mud.
And that's how the kit went to this facility.
It was covered in mud.
I called it the Joe Dirt kit.
And I never cleaned it because I found it hilarious.
I was like, what the hell did Microsoft do to these kits for it to be covered in mud?
So you can imagine a fairly popular and long-running Xbox hacking group
stumbling upon a find like this?
It's like finding actual treasure.
Rowdy was finding complete Xboxes there too.
These are complete kits set to be destroyed.
Did you have any idea where these were coming from?
Microsoft.
I want to say probably 100% of these kits were meant to die.
Now when he says meant to die, he means recycled, destroyed, discontinued.
Because maybe Microsoft didn't have a need for these anymore,
or these were returned ones, or defective, or something.
But Microsoft just didn't need them anymore and wanted them gone.
Rowdy grabbed all that he could and started passing them out to everyone in Team Avalanche.
And people didn't take just one.
You took one just to take apart.
And then you grabbed another to try modding it.
And then you grabbed another to see what it was capable of on Xbox Five and stuff.
And there was just so many kits going around that it was so easy to get multiples of them.
It sort of became a business for Rowdy.
Not that he really wanted to get rich off it, but he wanted to put the kits in the hands of
Xbox hackers that he knew and trusted. During that time, I got introduced into it of like,
hey, why don't you have a quick peek at what's going on here? So now Schizzo is stoked on getting
his hands on one of these. The Xbox 360 dev kit is exactly the same as a regular xbox just with all kinds of developer
options enabled and one of the most amazing things about owning a dev kit was the ability to access
partner net basically it's the developer version of xbox live so all kits had a air quotes credit
card so you could make any profile and and just jump on partners net and
you could um if need be purchase um xbox live points at that time but 90 of the time developers
would put their games up for testers to get a hold of it or to demo and uh you download it. It acted exactly as a retail Xbox Live did at that time.
So through PartnerNet, you could potentially see and play unreleased games,
or unreleased patches, or unreleased add-ons for games, or unreleased maps.
It was amazing for this hacker crew to all have the first peek at all this stuff,
and it was like the Wild West for them.
While playing games on it was fun and lasted a while,
the hot new game was now to hack the dev kits
and to see what you can get them to do.
The goal was basically, hey, how can we run code on this?
And what can we do to it?
That was the ultimate goal.
Can we get an emulator running on it?
Can we get MAME on this thing?
Can we get anything to XBMC? Things of that nature. What was the hard drive structure and the encryption um how did hyper v
work it was it was just you know it was that pandora's box of like you know to your point
like how excited were you it wasn't necessarily exciting getting the system but getting under the
hood that that made it fun.
This was very exciting times for Schizo, Rowdy, and everyone on Team Avalanche.
They knew that this was something the public was never meant to see.
And here they were, a whole team of people hacking away at it.
The public should never have this.
It's the gateway into all the millions of millions of dollars in manpower that you spend on securing
your system it's why don't you tape your house key to your front door when you get home
you're pulling the curtain behind the console right you know with the right tools you can get
into the console you can see how things load you can do time attacks on it you can do a number of
different things to this to the console,
have an easier time doing it than retail that's locked up.
Around this time, Halo 3 was about to be released, and those who pre-ordered it got access to the
beta version a few months before the release. With these dev kits, Schizzo and the team could
play the public beta version of Halo 3. Nothing really special here, but the beta only lasted a short while just to test it,
and then the game was not playable for a few months until the official release.
But Team Avalanche, using their dev kits,
figured out a way to keep playing Halo 3 long after the public beta was closed.
We were able to run that on partner.net dev.
And we were on the server that Bungie had set up, and we would play.
And Bungie was trying to take the server down.
And Bungie had a custom welcome screen for us,
because we kept a dev kit running called halo 3 dummy
and halo 3 dummy kept that server alive so we could get in and play well after the uh
the air quotes beta time expired on partners and they did so much more with these dev kits,
grabbing stuff from Xbox Live and moving it to dev
so they could play it as developers.
You could enable things like double experience points
or load up special loot.
It's like you could be a GM in many games.
And they played a lot of beta games and unreleased stuff.
It was great times.
It was amazing times. It was
amazing
and astonishing
to look back at a lot of this stuff.
Rowdy kept getting more kits to
send to people, and mostly these kits would
only be put in the hands of people in Team
Avalanche. He wanted to keep this secret
and underground. But for a while, it was
very close-knit. It was and underground. But for a while it was very close. It was
a family.
We were a family
and I know that term is used
a lot.
But all good things must come
to an end.
And you had greed
that started happening
with the one guy who
kept getting the kits.
And it was always just for us, just for us.
And next thing you know, shit started to flood the market and every jackass out there with, you know, 500 bucks is getting a fucked up kit.
And the kits started getting into the hands of people that shouldn't have had it.
And you had garbage cans of human beings, you know, getting closer to the scene.
And then you had the new Bloods that came in and it was just, fuck it.
Just go.
So let's talk about these new Bloods.
First, let's meet Dylan.
Hello, can you hear me?
Yeah, can you hear me? Yeah, can you hear me?
Yeah, I hear you.
Perfect.
This is Dylan, right?
Yeah, Dylan.
Dylan was young. In 2010, Dylan was only like 14 years old.
So this is kind of what he meant by like new Bloods, right?
These are young kids just getting in the Xbox hacker scene.
Because Schizo and Rowdy were much older and had
been in the scene for many years at this point they were like veterans but now young kids like
dylan are showing up and back then dylan's hacker name was day d-a-e day came around and
he he he he really didn't give a fuck. He truly did not care.
Okay, Dylan, what is
one of your first hacks?
I got suspended twice during high school
for actually getting to computer
networks I probably shouldn't have gotten into.
Oh.
I think it was the
frill of knowing what's behind
doors that kind of got me into it.
Look at this recipe.
Young kid, doesn't care much about the rules, loves video games and the Xbox,
loves hacking, and is hungry to learn more and do something crazy.
Combine that with a high level of curiosity
and someone who has always-on energy, you get Dylan.
I think back then it was just not knowing what you can and can't do.
So just not being told, you know,
this is wrong, kind of
doesn't necessarily go past
a teenager's mind. So I
think I just
liked the thrill of it and it was kind of like
a rush. So it was like an adrenaline rush every time
I got into something.
And, you know,
seeing things that I shouldn't have seen, it was And, you know, seeing things that I shouldn't have seen,
it was probably, you know,
that's kind of what makes you
want to do it even more.
And Dylan was so fascinated with Xboxes
he wanted to learn how to hack it.
So yeah, he starts joining Xbox
hacker forums and hanging out in the chat
rooms and getting to know who's who in the
scene. And there's another person
who showed up in the Xbox hacking scene around this time too.
Um, so Diane all set up?
We ready to go?
I just hit record.
Yeah, she just hit record.
So we're good to go.
So let's start out with you, um, telling us your, your name.
Like, what is your name?
So my name is Sanad Neshawat.
Um, for some reason on my birth certificate, the doctors messed up and put my middle name and first name together.
That's why it says Sanad Odeh Neshawat.
But it's just Sanad.
So Sanad grew up playing console games and loving them.
Yeah, I was definitely a hardcore gamer.
I mean, I had Dreamcast, Playstations, and I've been gaming since I was about eight years old.
I didn't really get
into the whole hacking thing up until the Dreamcast came out. That's when I really started
getting into things. And Sanad is a hardware guy. Well, I mean, I like taking things apart,
figuring out what they do and trying to modify them in ways that will benefit me.
When he was younger, he had a soldering iron, a oscilloscope, lots of chips, electronic parts everywhere. At one point, I asked him a question
about electronics and geez, he just went like off the rail, crazy deep on me. Listen to this.
So what a BGA station does is it has heat plates and it shoots up hot air from the bottom and hot
air from the top. And it allows you to take the chip off and clean out the solder and put brand new solder balls on it.
Okay, okay, you get it right.
Sanad is passionate about electronics.
He's a hardcore gamer
and he loves breaking things
just to open them up
and see what's inside and how they work.
He loves Dreamcast and Xboxes
and these kind of things.
And Sanad was deep in the console hacking scene.
At one point, he and a friend created a launcher
that would run pirated software on the Xbox.
But his friend started telling him about the Xbox dev kits that were going around in the scene at the time.
His friend said,
Hey, you guys can totally use dev kits to make your launcher a lot smoother and you can debug it in real time and so on and so forth.
So I was like like all right so we put together a you know a paypal
donation account and a bunch of people donated so i was actually able to get everybody on the team
a dev kit through rowdy and you know that's when i first got one there was something absolutely
magical about being a console hacker in like 2010 and getting an xbox dev kit in the mail this was something you
weren't supposed to have this was forbidden and here sanad is opening it up eager to plug it in
and play it like it's a doorway to a magic kingdom oh what fun he could potentially have with this
uh my first dev kit i actually bricked within like two hours. But luckily, I had made a flash dump of it before
even messing with it. And I was actually able to revive it.
Once he got it up and working again, it was amazing.
Going on PartnerNet was phenomenal. Like, imagine going on Xbox Live,
but everything that you download is betas and it's all free.
So many unreleased games were available to play.
Correct. Like, for example, when Sonic 4 Episode 1 was going to be released, they had it on PartnerNet almost a year before it came out.
This was a magical time in Xbox history.
Oh, it was great. I mean, being able to play stuff before everyone else, that's a rush, you know?
It was really, really, really cool at the time.
After knowing Rowdy for, I want to say, almost a month, he started telling me about this
program that Dave had.
Ah, yes, Dave.
He's one of our main characters in the story,
so let's talk about him now.
He lived in Toronto, in Canada,
and was only around 16 years old at the time.
He was finishing up high school
and was planning to go to University of Toronto after that.
Even though he was young and a new blood to the scene,
he was fascinated with video games
ever since he was three years old.
He taught himself how to program along the way and make web pages.
Dave was an Xbox hacker, and he had been buying dev kits from Rowdy
and doing all sorts of cool stuff with them.
And what it would do is it would actually parse the XML file for PartnerNet
and allow us to download files that were hidden on PartnerNet.
It was a little bit more complicated than just parsing an XML file,
but what happened was that this allowed this small, tight-knit crew
to carve even more content out of PartnerNet,
allowing them to see unreleased maps or extra features
not even devs wanted other devs to see.
It wasn't enough to just have access to beta content,
but now they were starting to get access to pre-beta content.
Dave had a way of attracting people to him.
He was good at socializing with other hackers and making friends online.
Once people started finding out that he had Xbox dev kits, they liked him even more.
David was finding a way to mod Halo 3 and post some of his findings on halomods.com.
A guy named Anthony was fascinated with David's posts and started chatting him up online. David started trusting Anthony,
so he sent him an Xbox dev kit, and together they figured out how to do more Halo 3 mods,
like they would be able to jump higher and alter the way the bullets looked. Anthony was good at
reverse engineering things, and he was able to look at, like, machine language and convert it to readable code, and together they made mods that were hilarious and awesome to play.
Anthony also helped David download unreleased Halo maps from PartnerNet. They could then
screenshot those and pass them around to their friends, showing what new content was coming out
soon. Anthony and David grew close and would often chat long into the night talking about video games and hacking Xboxes.
They were finding some really impressive hacks.
And then David would post some of these mods online and this would help him rise in popularity and make even more friends.
Okay, so the Xbox scene was, it was pretty big.
But the people who actually programmed, for example, or example or you know released any programs or did
anything they they were quite small and david made a name for himself where he kind of he was known
for this guy who did the kind of halo you know mods you know he could change the variables of
a game and i think that's what kind of drove me to, oh, he's a very good name there.
He's got a very good background with programming.
He's talented.
So I guess that's where I kind of had some sort of level of trust, as to say, for him.
Dylan, being young and impressionable, looked up to Dave as some cool hacker guy in the scene.
Dylan wanted to be part of the scene.
At some point, David found a weird way
to make some money off these hacks. Someone found a vulnerability on the Xbox 360s. On the bottom of
the Xbox were a strange set of pins known as JTAG. These JTAG pins would allow devs to debug the
Xbox to fix problems with it. Well, someone figured out that if you put a mod chip on these JTAG pins, it would enable you
to do various cheats in the game. So kids all over were getting their Xboxes modded with these JTAG
hacks, which would allow them to cheat in their Xboxes. And this was all fun, but the cheats
really didn't work that well on Xbox Live. But David figured out a way. By using his dev kit to start a game lobby on Xbox Live, people could then
use their systems to join and use the cheats. For instance, Dave would start up a Call of Duty
online game with his dev kit, and this is where people from anywhere in the world could then join
together and play the game. But Dave's lobby was set up so people would be able to join it and cheat. Like walking through
walls, jumping higher, or having 100% accuracy. While this was fun to play, Dave was seeing how
kids were going crazy over these hacked lobbies that he set up. They loved playing them. Because
if you were the only hacker in the lobby, you had an unfair advantage over everyone else in the game.
And Dave realized the only way you could do this is through his dev kits,
making those hacked lobbies.
So he decided to start charging people to join these hacked lobbies.
It started off on websites like Seven Sins and a whole bunch of sites
where a bunch of Call of Duty gamers would hang out and stuff that wanted to actually cheat.
So they just started advertising on there, and they would invite people into infected lobbies and they would charge them a fee for it.
We're talking like $100 for 30 minutes of playing as a hacker.
This was working. Dave was pulling in sick cash with this.
He thought that it was probably a lot of kids taking their parents credit cards and using that to play in these games. It was crazy. He was making so much money
it allowed Dave to take his girlfriend out to like upscale restaurants and stay at $400 a night
hotel rooms. Okay you saw that your online friends were doing this. Did you ever try making money off
of one of these paid lobbies? I did lobbiesies for one night i made a thousand dollars off it and then i was like i'm not doing this
anymore why would you stop i mean that's a pretty nice thousand dollars in one night well i mean
the whole thing behind it it's you know kids using their parents credit cards and stuff like that like
kids would literally steal their parents credit cards just to get their lobbies,
just to basically get all their stats up and everything.
Eventually, Microsoft figured out that people were using the JTAG pins to hack like this,
and they issued a fix making the JTAG hack completely unusable.
This put an end to Dave's little money-making scheme.
And following that, Activision, the makers of Call of Duty,
sent a cease and desist letter telling him they're not happy with these little hacks.
But Dave just kind of shrugged this off and said, quote, I mean, it's just video games. It's not like we're hacking into servers and stealing any information, end quote. But that soon changes.
And you know what? Everything that's happened so far is small potatoes compared to what happens
next.
So stick around, because it's going to get so much better.
Support for this show comes from Black Hills Information Security.
This is a company that does penetration testing, incident response, and active monitoring to help keep businesses secure.
I know a few people who work over there, and I can vouch they do very good work. If you want to improve the security of your organization, give them a call. I'm sure they can help. But the founder of the company, John Strand,
is a teacher and he's made it a mission to make Black Hills Information Security world-class
in security training. You can learn things like penetration testing, securing the cloud,
breaching the cloud,
digital forensics, and so much more. But get this, the whole thing is pay what you can.
Black Hills believes that great intro security classes do not need to be expensive,
and they are trying to break down barriers to get more people into the security field.
And if you decide to pay over $195, you get six months access to the MetaCTF Cyber Range,
which is great for practicing your skills and showing them off to potential employers. Head on over to BlackHillsInfosec.com
to learn more about what services they offer and find links to their webcasts to get some
world-class training. That's BlackHillsInfosec.com. BlackHillsInfose C.com. Black Hills. Info sec.com.
Things are about to kick into high gear with this team.
And it all starts with Dylan.
Okay.
Yeah.
So I was quite a good friends with someone in the scene.
He went by the name gameramer Freak 1727.
Dylan was still only like 15 years old at the time and was online friends with someone named Gamer Freak.
And somehow his friend got a hold of a database dump for an online forum to a website that discusses video games.
My guess is that his friend or someone else found the vulnerability in that bulletin board and exploited it and stole the user database but didn't really know what to do with it after that. Just one day he gave me this list and went
oh you know I don't know if it has any use but you know maybe you can come up with something out of
it. This was a list of gamers, their usernames, emails, and plain text passwords. This was very
fun for Dylan. If he wanted he could at least log into the forum
as anyone on the list.
That's cool, but maybe there's something more
he can do with this.
I went, okay, so who is important on this list?
He looked down the list of email addresses
and saw some of the users had email addresses
from Epic Games.
Now, Epic was the creator of the hit games
Unreal and Gears of War,
and they're a massive video game company.
And this caught Dylan's eye.
Let's see if they reuse passwords.
He found another gaming wiki
and tried to log into the wiki
using one of the logins from the list he got.
And I was able to log into that.
So that, you know, kind of narrowed my list down
to how many of these accounts that were employees actually did use this password for something else.
Here I kind of pivoted to, okay, let's see if they have a personal account linked to these.
And I actually stumbled across one IT employee there who actually, I kind of found his Gmail account.
At this point, Dylan has logged into the Gmail account of one of the IT employees of Epic Games.
And while in this inbox, he looked through different emails to see if he could find passwords or logins to anything else. Which actually gave me, I guess, the keys to the castle
because that password was what he used for his work email.
Admin060606.
Being a kind of teenager, young teenager,
I think it was probably late at night, possibly early morning,
because I believe I logged into his email directly after, like his work email, and I went, oh my god, this works.
I can't believe, you know, I got something out of this. And I guess, yeah, it was an adrenaline rush.
Now, Dylan has a valid login to someone in the IT department who works at Epic Games
and can log into Epic's network with this login.
I go back to GamerFreak1727 and I say, okay, we've got something.
I managed to actually find some passwords that were of use.
So now him and Gamer Freak do a little mapping
to try to figure out what exactly they have access to.
And they discover this person is actually an IT admin for Epic Games.
And they found the server to let them VPN into Epic's network.
Whoa, this is some big time access
into one of the hottest game makers out there.
Dylan thought this kind of access would earn him a lot of street cred
with these Xbox hackers,
and he wanted to be part of the scene.
I basically approached David
and, you know, I kind of said to him,
you know, I might have something of value.
Would you be willing to team up?
And, you know, to David's surprise, I guess,
I mean, I don't think he would have normally been approached that way.
I don't think someone's just going to go, hey, you know, I've got the keys to this.
Would you like to, you know, take a test drive?
So Dave is curious with what Dylan has to show them.
They do a Skype session and Dylan shows David the access he has to Epic's network,
and together they poke around in it. So during a kind of Skype session, we were kind of searching for their things, and we found, oh, there's all this source code. Oh, for him as well, I believe
it was very kind of thrilling to be able to then, you know, do it himself and go, wow, there's so
much we can do here. Digging into these directories, they found the source code to Gears of War 3.
Whoa, this is getting serious now.
When we found Gears of War 3,
I think that was a really big thrill for us all.
It was like, wow.
The Gears of War 3 was over a year away from being released,
and here was the source code to it.
Dave wanted this, but wanted to be
safe on taking it from that network. There were big folders, and this was going to take a long
time to download. He needed someone who could do it safely and quickly. And then Dave didn't want
to log in because he was scared that his IP would get registered. So that's when Dave reached out to
me. Dave knew Sanad had the perfect way of connecting into Epic's network without getting caught.
Okay, so I had a hacked cable modem on Comcast.
This hacked cable modem gave Sanad 100% free internet.
And on top of that, the way it was hacked made it show to Comcast this was an unknown customer.
So Sanad had full confidence that whatever he did with this modem would not be tracked back to him oh and it was super fast too so he was able to download illegal stuff quickly
and without any fear and um dave messaged me and he's like hey he's like this is the deal
gears of war 3 is definitely on there this was a year before gears of war 3 was even due to come
out and um i was like okay cool so i'll So I'll just grab Gears of War 3.
And then he started telling me about source code
and everything being on there.
And I'm like, okay, well, I'll just grab all that too.
So Dave gives Sanad the username, password,
and IP address to log into.
And this was a Cisco web VPN portal.
Basically, it was only for IT staff at Epic to log into through a normal
web browser. And as soon as you do, you are greeted with a list of folders and computers you can
connect to. It was really quite simple for Sanad to figure out where to go and then define the
folders and source code. There was a lot more than just Gears of War stuff on there. There was,
you know, Gears of War 1, 2, and 3 stuff.
Then they had some unreleased games
and unannounced games on there.
Sanad started downloading
the source code for these games.
It was late at night,
but damn, this was way too exciting.
There would be no sleeping tonight.
Oh, no, no, no.
I stayed awake.
I was, you know,
I was watching literally everything download and the progress on them.
The second that Gears of War 3 finished, I put it on my dev kit just to run it for a little bit, just to see what it was like.
The game was nowhere near fully complete at the time.
There was a lot of placeholders and whatnot.
There was one part where Marcus was supposed to be looking at a screen with his dad talking.
And there's just a gray box with an X on it.
So at that point, I realized I'm like, this isn't going to be fully playable.
But, you know, nonetheless, it was still cool.
This was amazing.
This was crazy.
Now they're getting deep.
This wasn't just acting like developers and grabbing developer stuff on Xbox PartnerNet.
Now this group is actively hacking into Epic's network and stealing source code for pre-released games.
Unbelievable.
Once I get all that stuff, I had a Blu-ray burner because I had a PS3 dev kit.
So I was just like, hey, I'll just burn them all to a Blu-ray for you, and I'll encrypt them, and I'll just ship them to you.
So that's what I did, and I ended up going to the post office on the customs forum.
I put down wedding videos in case anybody tries to open it.
It's just some discs that could possibly be wedding videos, you know what I mean?
Dave gets his package in the mail. It's marked wedding videos.
He has a little trouble getting the data off the Blu-ray disc, but eventually got it.
And so now he was playing Gears of War 3.
So cool.
This rough-formed hacker crew was starting to take shape now.
David was doing some reverse engineering himself and sort of organizing people and bringing them together.
Anthony was finding ways to hack Halo 3.
Dylan kept getting into Epic's network and finding more stuff.
And Sanad was downloading it all and distributing it. And David was helping all these people get
dev kits and access to unreleased games and content. Now playing games a year before its
launch date might sound amazing, but it's actually a terrible experience. There was no textures on
like half the things. Instead of seeing an enemy, you would just see like a gray box.
Or instead of seeing a house, you'd see like a weird green wall, like it was a green screen or something.
But it was still exciting to have early access to the game like this and see where the developers are at.
I think it was the thrill of it, right? It was, hey, this isn't even out. Nobody has this.
I think that was the kind of fun in it.
And of course, some people in this hacking crew would invite their friends over sometimes
to play these unreleased games.
But they were quiet as to how they got these games.
Another new blood showed up on the scene.
A 20-year-old named Justin May.
He wanted to buy an Xbox dev kit from Dave, and Dave sold it to him.
So Justin went by the moniker MTW.
MTW was, is a skit.
He is absolute garbage.
He is the guy that wanted to be famous.
And this is a guy that went to fucking PAX and got arrested.
Okay, okay, okay.
Let's back up here for a second.
Justin was living in Wilmington, Delaware at the time.
And was there in the Xbox hacking scene trying to help out wherever he could.
Like for instance, Rowdy had an obsession with grabbing as much stuff as he could from PartnerNet.
They changed the game's fucking font.
For example, title screen font or some shit like that he he would spend day all day fucking refreshing
partners looking for something new so justin was helping rowdy download this stuff which got him
into this circle and dave was able to get a dev kit to justin and justin was becoming part of the
scene uh he was majorly involved in a lot of this a lot of the times he was actually the one doing things alongside, you know, you know, I was probably using my computer, screen sharing, team viewer,
whenever we wanted to use that time. I think I team viewed a lot and I just, you know,
gave him access and went to go for it. But the crew noticed a strange coincidence with Justin.
They'd all been playing Gears of War 3, the game they stole from Epic, and they were keeping it very tight-lipped amongst themselves.
But when Justin got access to the game, just a few days after that, it showed up on the Pirate Bay for anyone in the world to download.
Nobody knows for sure who leaked the game, but this wasn't good, and it suggested Justin might have leaked it.
Epic saw their unreleased game was out there in the wild and freaked out.
Epic called the FBI to open an investigation to try to figure out how this happened.
And during that time, Dylan and Sanad were in Epic's network,
downloading the latest builds of Gears of War 3 and still poking around.
Dylan was still in the inbox of that IT employee that he hacked,
looking at emails,
reading them, and one day he came across a chilling one. So yeah, we saw, oh shit, you know, they've got the FBI involved. Epic was working with the FBI to see how Gears of War 3 got leaked. Emails
were going back and forth between the IT admins and the FBI,
and Dylan and Sanad were reading those emails because they were in the IT admins' inbox.
They were talking to each other, and the FBI agent was like,
oh, I don't see any intrusions. I just see some malware from, like, South Africa or something
like that. And I'm just like, okay, so they're not onto us. So let's, you know, let's stop while we're ahead.
I mean, I was definitely a little freaked out.
I told Dylan, like, once we saw that, I was like, look, they don't know that we're in there.
Let's just kind of stop logging in and let's let things die down.
And it was an unspoken rule with all of us, which was, you know, don't poke the bear.
Because you don't want to draw any unnecessary attention.
Around this time, the Penny Arcade Expo, or PAX, took place in Boston. At this video game conference, you could play new games, have huge LAN parties,
and see the latest stuff from game makers and hear talks from industry leaders. Of course, members from the Xbox hacking scene were curious to know what was there.
And since Justin lived in Delaware, he headed over to PAX and told the gang he'll be there.
When that happened, so when that happened, Howdy was at my place. Howdy was staying over at my
place. And Schizo and rowdy were on the west coast
so they couldn't see what was going on at pax but they knew justin was there so rowdy knew sanad
had justin's phone number rowdy was like hey can you call justin and you know i'll talk to him
and i was just like why he's like i don't want him knowing my number i'm like all right whatever so
i three-way justin and justin doesn't even know i'm on the phone at this point he just thought it was rowdy calling him so rowdy tells him he's like
look he's like you know try to connect to their network wirelessly if you can't just don't worry
about it and he was like oh okay okay like you know just kind of giving him the the bs like okay
whatever type of thing because maybe if you're on the same wireless network as some of these big game makers,
you could get access to something cool.
But Justin couldn't really get on that secured wireless.
But just imagine Justin there, an Xbox hacker, walking the expo floor full of video game
companies all sharing their latest demos and giving everyone sneak peeks at upcoming releases.
He's got to be looking for an opportunity for something to steal or grab to bring back to the
boys. But day one goes by and nothing happens. On day two of PAX, Justin goes back. He finds a
booth of a video game maker demoing a game that isn't out yet. The game was called Breach,
and they were demoing it on a couple of Xbox dev kits
that the game company had.
Justin waited around the booth for an opportunity.
When one of the employees went to the bathroom,
this left the booth shorthanded,
which gave Justin a window.
He quickly jumped behind the booth
and pulled out his laptop.
And he decided to try to plug
a hardwired Ethernet cable into his laptop and
tried to steal a game off of one of the dev kits. It was working. The download started and he was
pulling the game off the dev kit right there in front of tons of people at PAX. He got like 14
megabytes in and the other employees saw him and started chasing after him. The expo security
quickly saw what was going on and they started chasing him through the expo.
The police were then radioed to help too
and together they caught Justin
and threw handcuffs on him
and started questioning him.
There was a few people there that we knew
that said, they were like,
he was saying, I know people, I know people.
They're doing bigger things, I know people.
He gets arrested.
And I informed Rowdy and I said, look, he's dead.
We sever all ties with him.
No one talks to him.
If you talk to him, very brief.
Anything going on?
No idea, man.
Yeah.
Oh, no.
Once he got picked up, like I and i and i said this to everybody
like let's be smart about this he got arrested you know he's gonna say some shit just don't
don't risk it this rattled the group of xbox hackers justin knew a lot and potentially was
sitting in police or fbi custody that's a scary thing to be facing for a 21-year-old hacker.
What secrets might he be giving up?
How scary were the police to him?
In the kind of hacking world these guys were in,
trust is all you have with one another.
You're a band of brothers.
Because if one person talks, it could bring down the entire crew.
And so everyone was wondering if justin was going
to talk would he tell the fbi or police anything was he given any kind of option to give up
information to like keep him from going to jail did the cops try to threaten him with long-term
prison times we don't know nobody knows like don't get it twisted. I said the motherfucker was a snitch from the start.
I told Howdy that.
I told Shitbag Speedy that.
I told Red that.
Lantis.
Anyone with ears in the fucking scene, I said, do not trust this fuck.
You are talking to the alphabet, boys.
You are dead.
It's that simple.
You know they're going to say some shit. You know they're going're gonna scare you with shit it's their fucking job to do so you in turn are going to be
like well hmm is fucking video games worth this but i don't think dylan cared about any of this
we were teenagers i don't think we had too much of a
sense of risk. Like, oh, if we get caught, it'll be a slap on the wrist, right? Schizo and Sanad
weren't teenagers, and they knew the dangers of all this and laid low. But Dylan seemingly took
no warning here and just kept poking around in Epic's network. He was still only 15 now,
living in Australia. Maybe that's what made him think that nothing will happen to him. He was totally
uncaring that Epic was talking to the
FBI, and he was uncaring
that Justin just got arrested.
Dylan went right back into hacking into
Epic's network. You know, just stumbling
across machines, I
just was pivoting to different servers,
different, you know, all different servers
because they had an ESX kind of
host, so they were
VMware for everything
so everything was virtualized but
it was easy to know which IPs
were servers, which IPs were
it was a very nice network
it made it easier for an attacker as well
to kind of go okay well
let's just scan all the servers
let's see what their host names are
let's see what's in them.
And I guess I was just doing that.
It was kind of like a Shodan Safari kind of inside a network.
So yeah, I guess what happened was I stumbled across one machine
which had a SMB open.
In this instance, SMB is the Remote File Sharing Protocol.
Basically, Dylan was able to see the files on this computer using a remote shared drive.
Yeah, I was like, okay, this is interesting.
So I kind of went into that machine that was hosting the SMB,
and I went, okay, this machine also has a thumb drive connected to it.
That's not, you know, normal.
And yeah, just lo and behold was this password list,
which, you know, exhibit B, you know, the keys to everything.
You name it, it was on that list.
Every, from the IP, what the server did, what the server name was,
you know, the root password, the, you know, everything.
Whoa, this is the master password list that the it department used to access everything administrator accounts root accounts the ip addresses the host
names the passwords it was all neatly presented on this list this is like a golden map to everything
this gave him a lot more access into Epic's network. This gave Dylan a huge
adrenaline rush to see all this, which now gave him new energy to explore more of the network.
Yeah, you're not backing down from that. You can only go further, right?
It was now a daily ritual for Dylan to log into Epic's network and look around,
totally fascinated and curious with what they were doing in there.
In fact, at one point, he even got to physically watch what was going on in the office.
As I said, I was doing a lot of IP scans. I went and jumped onto their employee PCs,
their conference room PCs. One day it was just like, okay, I'm going to jump on a conference room room PC and I was like, oh, there's a webcam.
And I believe I
actually watched the sun come up
and people walking.
You know, the door was
open and I just watched people walking
around.
I was like, oh, okay.
Yeah, so it was kind of
it's the thrill, right? It's the thrill that
you can kind of see beyond just the kind of internet level things.
You can see the real life perception of what's going on in that company.
For the most part, Dylan stayed away from looking in any personal information on anyone's computers.
But there was one person that he did take a peek.
Cliffy B.
Yeah, the face of Epic at the time.
I think that's where it was a bit different.
You know, the poster child for Epic.
He drove their Lamborghini.
He had the Epic Games Lamborghini number plate.
Cliffy B was the lead designer
for some of Epic's most popular games,
like Unreal and Gears of War.
His creative insights were crucial to the success of
Epic and he was a bit of a mini celebrity
because of that. Yeah, we just
stumbled across his computer
and looked at folders
and all this and we were like, okay,
there's pictures, we're not too
interested in that.
But there were some really odd kind of naming things
like he had beach pics
which were very bizarre photos which I won't go into there were some really odd kind of naming things like he had like beach pics which
were very bizarre photos
which I won't go into
detail there.
Why it's on a work computer?
Another question. But then he had
what he called the Lambo
tunes.
These were just his mixtape
I guess for his Lambo.
There was a lot of K-pop out there.
There was some Mariah Carey even, but you know.
Dylan continued to log into computer after computer, server after server,
to see what each of them did and what they stored.
But then something occurred to him.
Epic is the creator of Unreal Engine.
And if you are a video game creator, chances are you're not going to create a video game from
scratch. You're going to bring in libraries and building blocks that someone else made.
And the Unreal Engine is a building block for building a 3D first-person shooter type game.
It handles all the collisions, movements, health, and objects for you. You just need to program it
to make it look however you want.
The Unreal Engine is a massively successful game engine and is used by many huge game companies.
Now, to use the Unreal Engine, you had to pay a licensing fee to Epic.
It wasn't free.
So somewhere in the Epic Game Network would have to be a list of all the game companies that have licensed the Unreal Engine. And probably along with that are going to be usernames and passwords
to manage their license and account.
And I was like, well, you know, where do they store that database?
So, you know, the first thing I thought was,
okay, it's their Unreal development network,
which was kind of their Wikipedia.
Remember, Dylan got into Epic's network
because an IT admin reused
a password from another forum.
His theory is that if he could find the
username and password list for these people licensing
Unreal Engine, maybe
they reused passwords too.
All the companies that
licensed Unreal Engine,
they were using what
they called the UDN, which was their
Unreal Developer Network, which I guess was where their support questions came in, where they had Wikipedia on what to do, how to fix things, what's in the latest patches, all different kinds of useful information for developers.
But obviously, they had their emails attached to it. They had their
passwords attached to it. Dylan's theory was that if all these game companies are licensing the
Unreal Engine, where's that username and password stored to license it? Somewhere in this Unreal
developer network? Maybe. So Dylan starts looking all over for the database that would store that
username and password. And after the break, we'll hear what he found. Stay with us. I recently visited spycloud.com to check my darknet exposure and was surprised by just how much stolen identity data criminals have at their disposal,
from credentials to cookies to PII.
Knowing what's putting you and your organization at risk and what to remediate
is critical for protecting you and your users from account takeover,
session hijacking, and ransomware.
SpyCloud exists to disrupt cybercrime,
with a mission to end criminals' ability
to profit from stolen data.
With SpyCloud, a leader in identity threat protection,
you're never in the dark about your company's exposure
from third-party breaches, successful fishes,
or info-stealer infections.
Get your free Darknet exposure report
at spycloud.com slash darknetdiaries.
The website is spycloud.com slash darknetdiaries. The website is spycloud.com slash darknetdiaries.
Dylan kept poking around the Unreal Developer Network
looking for the database of people who licensed the Unreal Engine.
Sure enough, he found it.
He had every email address that licensed it
and every hashed password to go
with it. Time to crack some passwords. So Dave had the best video card out of everybody. And
him and Dylan realized that it was just an MD5 insult for the log list for their passwords and
usernames. So they were able to use Passwords Pro to just de-hash everything.
They weren't able to crack all the passwords, but some are better than none.
They now had a couple of usernames and passwords for other developers from other game studios,
not just Epic anymore.
People who got cold feet because Justin got arrested are now coming back into the scene
because this kind of breathed in new life to it.
Dave, Sanad, and a few others, and of course Dylan, wanted to see what they could access with these new passwords.
Maybe the developers reused their passwords somewhere else.
If you were a developer for a game company, you're more likely to have access to the Xbox developer network as well, which, you know, that was kind of David's kind of field where,
you know, he was interested in Microsoft itself. So with this list of licensed Unreal Engine
usernames and passwords, they wanted to see if any of them could log into GDNP, which is the
Xbox Game Developer Network portal. Basically, if you're going to publish a game to Xbox,
you're going to need an account at the GDNP. It uses the same, you know,
login system as Hotmail. And what I found out was for that, if you put in a invalid username,
it gave one error. But if you put in a username that was existent with the wrong password,
it gave a different error. So we were able to kind of decipher, you know, which GDNP accounts worked from that.
Whoa, now they have a few valid logins to the Xbox Game Developer Network?
Obviously, these developers were not practicing good security and reusing passwords.
All of them used their company domain names, so they all use their company emails.
And then, of course, human error.
Some people like to reuse their password
to make life easier for themselves.
Yeah, so we went from there.
We were like, okay, these usernames and passwords,
these all work.
Let's reference them.
Let's see if we can get into their other networks.
Dillon noticed that Xbox developers often used a middleware called Scaleform.
This is software that helps game developers create user interfaces and menu systems within video games.
So he went to Scaleform's website.
They also had a forum itself inside there.
And that forum, I believe, was running either, I believe it was PHP BB.
So, you know, it's just another open source open board.
So Dylan started plugging in usernames and passwords trying to log into Scaleform,
using the logins from the GDNP he found earlier.
Sure enough, he got into Scaleform's forum.
And not only did he get in, but when he checked his permissions,
he was logged in as an
admin to the site. We had kind of like this admin access and, you know, sadly they didn't have
permissions, you know, set where admins can't dump the user database. So we just did backups
of the database every day. And, you know.
Once they dumped the database, again, they ran it through Dave's password-cracking computer
and were starting to get usernames and passwords for Scaleform users.
And from there, they got a lot more usernames and passwords.
And these were connected to email addresses to big gaming studios like Microsoft, Bungie, Activision, EA, and Blizzard.
What this crew now potentially has is valid logins for developers on these networks.
Skillform's database was a potential goldmine to this hacking crew.
They've already scraped everything out of Epic, and they had access to GDNP and Skillform,
but now they're looking at a big list of usernames and passwords for many more companies.
Yeah, that's when I started to really not want to know.
This is Schizo again.
At the time, I was kind of over it, and I saw what was coming and and you know I come from the era and when there
were some raids taking place in 99 and dodging that fucking bullet and I didn't want that like
it had all the shit of this is not gonna end well for anybody but all these logins not only got
Dylan more excited to go deeper,
but it brought Sanad back, and David and Anthony were interested too. And things got crazy after
this. They find one of the logins had an email ending in Activision.com. So they went to
Activision's website, and they found a VPN or admin portal or something, and boom, they'd get
right in. They're now in Activision's network and then they'd find
someone who worked at ea on their list of credentials and boom they'd be able to log
into ea's network within a very short time they had access to a ton of game developer networks
they were now in the networks for microsoft bungie blizzard ea activision epic zombie studios what EA, Activision, Epic, Zombie Studios. What about Valve Studios? Steam.
We had Steam even.
Well, me personally, I only messed with Microsoft stuff, Epic stuff, Activision stuff, and Valve
stuff.
But Dave had access and Dylan had access to way more.
They started going to like Zombie studios, Disney, Intel.
There was, I kid you not, there was probably a good like 20, maybe 25 companies that they had access to.
And of course, each company that they would gain access to would be a huge adrenaline rush.
They were on fire getting into one network after another. And when they'd get into the video game company's network, all they were looking for were unreleased games that weren't out yet,
and what they could download and play before anyone else. My whole thing was no taking money,
no selling stuff. And see, this is the problem. The more companies they hacked into, the more
games they got, and the more amazing it felt. But they were only able to share how amazing this was with like their four or five people in this small circle of trusted hacker friends.
But this excitement was so hard to contain that every now and then someone did leak something.
And when that would happen, this little hacker group started rising in popularity.
More and more people wanted to join up.
Suddenly, there were two new members
of the group. Austin was a high school kid from Indiana. Nathan was homeschooled, living in
Maryland. Nathan had already done some successful hacks and had a knack for creating in-game gold
out of thin air. Austin and Nathan worked together to connect into Zombie Studios Network. It's a
game company, and they just wanted to look for anything good. And they ended up stealing stuff from the U.S. military. Okay, so how they
got into that was, it wasn't exactly hacking into the U.S. military. They went into Zombie Studios,
which was contracted to make the Apache helicopter flight simulator for the U.S. military.
And they had a tunnel between the U.S. military and Zombie Studios.
So that's how they were able to get that Apache helicopter flight simulator.
Austin and Nathan had stolen the source code to the flight simulator for the Apache helicopters.
Unbelievable.
Apparently, Zombie Studios had a contract with the military to create parts for this software.
This is a hacking rampage unlike anything I've ever seen.
And again, the only reason they're doing it is just for the thrill of it
and to play games that just weren't out yet.
What a massive hack for such a small motive.
There was nothing we didn't have or we
couldn't pivot to. And I guess that's where it became this big issue. It was, it was, our team
became from maybe, you know, four or five people. It became, you know, almost a dozen of us.
Oh yeah. And picture this. At this time, Dylan is still going to high school.
Yeah. I mean, I was in high school. Pretty low grades, pretty lackluster. I was probably a
straight D student, if anything. Can you imagine that feeling of excitement
when school's out for Dylan? I mean, he's been thinking about what to hack all day,
and then as soon as it's over, boom, he runs home to conduct a massive amount of hacking all night
long. Dylan was barely able to pay attention in class at all because it just seemed so boring compared to what he was doing online.
He was even failing his computer class.
I mean, okay, so back then, you know, computing classes weren't what you get now.
They weren't as involved.
You didn't get your, you know, certifications.
You didn't get any of that.
All you got was, hey, let's go on a computer. Let's do this. Open this. Let's make that. And I never really came across
the guy who really, you know, gave two shits about that kind of stuff, if I can say. I mean,
you know, I was in a class full of people who had no prior interest in IT. And I would say I was
smarter than even the IT teachers themselves. Yeah, that's a good point. Imagine being like an expert dancer and taking a beginner dance class with a bunch of people
who don't want to learn how to dance.
You'd be bored out of your mind.
These hacks went on and on for months and months.
David started getting a little worried.
There had been too many digital tracks left all over.
He told the group, quote, if they notice any of this, they're going to come looking for
me,
unquote. But he was too enthralled with his access into all these networks and just couldn't stop at
this point. David accessed Activision's network and poked around looking for games to play,
and he found a pre-released version of Modern Warfare Call of Duty 3 and grabbed it and shared
it with the group so they could play.
And these hackers would sometimes let their friends come over and play some of these games.
Oh yeah, no, totally.
Like, all the people I knew, like, in the real world,
we were, like, they would come over and hang out with me
and we would play pre-release games all the time.
But I would never give anybody anything
because I just, you know,
who's to say somebody didn't want to, you know,
sell their dev kit or something that they acquired from me,
and next thing I know there's more stuff leaked online.
Was this blowing your friends' minds that you had this?
Oh, yeah. No, it totally did.
Especially, like, when I got, you know, Modern Warfare a little early,
they were, like, going ballistics over it
because most of my friends are huge Call of Duty fans.
Dylan was also having his friends come over and play
but he wasn't telling them any of the secrets either.
Yeah, it was weird that he had this game
but his friends really didn't care.
They just wanted to play.
I'm trying to think back to that
but I don't really think there was much to explain
more than, oh yeah, I just kind of got this.
No questions asked. It was really
oh yeah, you've got this. Cool, let's play.
It's now been a year
since their initial hack into Epic's network
where they stole Gears of War 3.
And now the game is being released to the public.
And here's something that shocks me
about these guys stealing these games.
I didn't play the game all the way through till it launched in stores and I bought the special
edition Gears of War 3 Xbox Slim that came with the game. While Sanad had the ability to play this
game a year before it was released and all the way up until it was released, he only played it a
little so it wouldn't ruin his experience when it officially came out. And not only did he buy it,
but he bought the special edition version of it and a special edition Xbox to go with it. Well, I mean, Epic is a great
company. I wanted to support them. I mean, I know what I did was wrong, but I still wanted to
support them. That's just so weird to me. It's weird because of how much he risked to get this
early access, but then still buy it anyway. But most of these
Xbox hackers were really big into gaming. They didn't have just one Xbox. They had many, actually.
They had special edition ones, and some to tinker with, and some to take apart, and not to mention
the Xbox dev kits that were going around still. Rowdy was continuing to grab them from the
recycling center and sell them to Dave, who he'd then sell to people he trusted. By this time, people were practically hoarding the dev kits. It wasn't uncommon for
some of these people to have like 10 dev kits each. And remember, the dev kits were fully
playable Xboxes themselves. And during all this hacking, every now and then there'd be a hint
that the game companies were onto them. I remember I was on Partners playing some shit, and my console got bricked.
And I told Howdy, I'm like, Howdy, I think they're doing something.
He goes, nah, nah, nah, nah, it's probably an old kit, yadda, yadda, yadda.
So I plugged in another kit, bricked.
Within seconds, bricked.
Plugged in another kit, bricked. Within seconds, bricked. Plugged in another kit, bricked.
Like, we had their attention.
Or they had their attention.
You know, there was...
Something had to have been done.
And it was out of control.
And by the way, Schizo had so many Xbox dev kits
that bricking three of them was not even close to a big deal.
He had so many more that this was not even a worry for him.
But none of this would slow the group down.
They continued to infiltrate, exfiltrate, compile, and play stolen games from video game companies.
I mean, we're already two years into it, and I guess what happened was it got so big
it just blew up so fast
within two or three years
we had everyone
and when I say everyone we literally had
everyone in the gaming industry
and I would
hear all this shit and I was like
guys I just don't want to know
I don't
need to know any of this shit. And, and for a
while I removed myself from everything. Don't get me wrong, dude. It's a thrill. You getting shit.
It's a thrill. You breaking into something, absolute thrill, but at what cost? And I had
talks with certain people, like, just get out.
Focus on school.
I'm going to sound like that PSA ad, but focus on school.
Focus on making money legit and worry about something stupid, like where am I going to go on vacation?
That should be your worry.
You've been there.
You've done that.
You got to say that you did it.
You got to say that you were ahead of the alphabet, boys.
Cool the jets.
It's over.
By this point, they were gaining access to places beyond just gaming studios.
They had access to Disney's network, AMD, Intel, Google, and even Warner Brothers.
It was absolutely insane how much access they had.
More people started
joining this group too. People I can't name here, but they were there. And some were skits, barely
knowing what they were doing. And some were pretty good at reverse engineering, hacking Xboxes, or
hacking networks. Oh, and their old friend Justin started hanging out again. Remember him? MTW? The
guy who got arrested at PAX? He was slowly coming back into the scene. People were talking about whether he
could be trusted or not. People weren't sure. But Justin was doing stuff to try to earn his trust
back. People would see him do illegal things and he was getting away with it, which got them
talking. Some people believed he was okay. He's doing these Amazon scams and stuff. If, you know,
if he was a snitch or whatever, he wouldn't be doing that stuff.
Justin was cooking up all kinds of scams at this time. He was learning how to exploit
like returned merchandise that he didn't have. Basically, he'd call a company and say an item
is defective and lie to them and get them to send him a new one. And he was teaching others how to
do this in the group. And it was sort of a way to prove that he was willing to do illegal stuff he was like yeah all what you need to do is have a prepaid master card with a dollar on it and do an rma
and they only put a dollar on the card just to make sure that the card is valid
and he would have rma scams from from amazon God knows where else, to an abandoned house out in Delaware that he would sit because he knew the post people's time.
And he would sit there, pick up the shit, and go.
This guy ran scams for years.
He was also scamming the shit out of Apple on Craigslist and eBay.
You'd get people to give them the serial
number and run that scam
as well. It's scam king.
Fuck them. You should get hit by a car.
So just to go over some
of the members of this group again, we have Rowdy
who's selling Xbox dev kits like crazy
now. Skitzo, who's just trying to stay
low and out of the scene altogether.
Div, who's organizing a lot of this and
modding and hacking and cracking passwords.
Anthony is also participating
in a lot of this and doing some reverse engineering.
Sanad, who's trying to reverse
engineer the Xbox and downloading a ton
of stolen data on his hacked cable
modem. Dylan, the teenager in
Australia, who's just wreaking havoc on
everything. And Justin, who
may be a little hard to trust, he's
teaching people how to scam and
austin and nathan are fiddling around with the apache helicopter software that's just like nine
people alone there were many more than this too and this group didn't really have a name that
they called themselves but the media would later refer to this group as the xbox underground xbox
underground comes from okay so there was a forum.
That was once.
You know.
Existing.
Called the Xbox Underground.
And.
I'm not sure.
You know. How they came across it.
But you know.
We were like.
Oh yeah.
In prison.
We'll all be together.
As like the Xbox Underground.
Gang.
Like it's a joke.
Just.
You know.
These guys.
You know.
You know. You have this. Gang presence. In and like prisons so we're like you know fuck it that's that's what we're gonna call ourselves
things were getting bigger and crazier with this group they had hacked into practically the entire
xbox gaming industry and they had access like nobody else had by this point it's grown so out
of control and there are now dozens
of people with all serious levels of access into networks, and each day they're digging further
into it, showing each other what they found. There's no safe way to come back down from this.
Everyone is too high from the adrenaline of stealing these things and trying to one-up each
other. Being online, hanging out with this group was so different than whatever
real-life world experiences people were going through. It was like when they sat at the computer
late at night, they were wearing a mask, and they take it off to go out. But if you wear that mask
more than not, it's really hard to start taking it off. It becomes more a part of you than you.
This can't end well for anyone.
And it doesn't.
This story isn't even close to being over yet.
Everyone knows there's going to be a crash.
But every developer will tell you it's not about avoiding the crash.
It's about being able to safely recover from one.
Are you ready for their crash?
If so, join me in the next episode to hear how this operation gets terminated unexpectedly.