Army Network Breached by Gamers Targeting Apache Helicopter Simulator
Cyber espionage; Network intrusion; Stolen credentials; Software vulnerability
Hackers who were after gaming secrets wiggled their way into an Army network in the process.
Federal officials have accused a group of twenty-something-year-old players calling itself Xbox Underground of accessing an Army computer system for two months in late 2012. They entered via a hack at Zombie Studios, a game developer that was working with the military service on flight simulation software to train Apache helicopter pilots.
As soon as the Army was notified, military officials “addressed the particular manner in which they were branched," said Assistant U.S. Attorney Ed McAndrew, when asked about the military's response to the hacking.
During a three year raid on the gaming industry, the group siphoned off more than $100 million in proprietary data related to the Xbox One gaming console and Xbox Live online gaming system and popular video games such as "Call of Duty: Modern Warfare 3" and "Gears of War 3."
FBI officials were alerted to the hacking operation in January 2011 by a confidential informant.
So far, four men in the group have been charged with infiltrating the computer networks of Microsoft Corporation, Epic Games Inc., Valve Corporation, Zombie Studios and the U.S. Army.
They cracked the corporate systems by stealing computer passwords from employees and software development partners. Once inside, the intruders grabbed unreleased software, software source code, trade secrets, copyrighted and prerelease works, and other information.
The hackers also gained access sometimes by piggybacking off of software coding errors to execute a “SQL injection” and carry out unauthorized commands.
“The members of this international hacking ring stole trade secret data used in high-tech American products, ranging from software that trains U.S. soldiers to fly Apache helicopters to Xbox games that entertain millions around the world,” Assistant Attorney General Caldwell said in a statement.
Entertainment; Government (U.S.)
September 30, 2014
Link to report
location of breach
location of perpetrators
date breach occurred
from January 2011 to March 2014
date breach detected