FBI Catches Hacker That Stole Nintendo's Secrets For Years

An anonymous reader quotes a report from Ars Technica: A 21-year-old California man has pleaded guilty to hacking Nintendo's servers multiple times since 2016, using phishing techniques to gain early access to information about the company's plans. Ryan S. Hernandez, who went by RyanRocks online, worked with an unnamed associate to phish employee login credentials for proprietary Nintendo servers, according to an indictment filed in Washington state federal court in December and unsealed over the weekend. Hernandez used that unauthorized access to "download thousands of files, including proprietary developer tools and non-public information" about upcoming Nintendo products and "access pirated and unreleased video games."

That information (and discussion of Nintendo's internal server vulnerabilities) was leaked to the public via Twitter, Discord, and a chat room called "Ryan's Underground Hangout," prosecutors said. At one point, "RyanRocks" drew at least a little infamy in the Nintendo hacking community for allegedly leaking a Nintendo Software Development Kit that had a piece of hidden Remote Access Tool malware added to it. FBI agents confronted Hernandez about his hacking in 2017, according to a prosecution press release, and secured a promise from Hernandez "to stop any further malicious activity." But the hacking continued in 2018 and 2019, according to the indictment, until a June 2019 FBI raid that obtained hard drives with thousands of proprietary Nintendo files. The seized hard drives also included sexually explicit images of minors in a folder labeled "BAD STUFF," according to prosecutors. Hernandez has agreed to pay almost $260,000 to Nintendo as part of a plea agreement. Prosecutors are recommending a jail term of three years for Hernandez's crimes when sentencing is decided in April.

Re: More consumer electronics spam from BeauHD!

[BAReFO0t]

What, no fucking?

It's MsMash as in MISS Mash, right? Not Microsoft Mash, right?

Re:

[Aereus]

I assumed this to mean copies of their games from pirate sites to study how they were cracked or to have hashes to check against other sites for the same files.

Re:

[Tim Hamilton]

Hernandez used that unauthorized access to "download thousands of files, including proprietary developer tools and non-public information" about upcoming Nintendo products and "access pirated and unreleased video games."

So Nintendo had pirated games on its servers?

I see a lot of posts on this site about "English is a living language," and I am not sure whether they are trolls or what. This is a classic example of ambiguity bred from that kind of mindset. Nintendo pirating games is definitely how I read it, but who knows. I don't have the greatest confidence in Ars anymore.

Re: Pirated games

[e3m4n]

I was about to make the same comment. Why was Nintendo pirating games?

Also how many fucking times is the FBI going to magically find child porn on the HDD of every suspected hacker they arrest?? How are people not demanding an oversight committee to go through every PC, every thumb drive, and every laptop in their cybercrime division? Obviously has to be planted evidence. Cybercrime has more childporn convictions than the human trafficking division actually tasked with prosecuting child porn at this point! Its statistically impossible that every hacker happens to be a pedophile.

Re:

[OwenGray]

I am in the industry and agree with you. Child pornography takes a special type of psycho, usually not the hacker type. Please rate the above comment insightful.

Re:

[rogoshen1]

however if you follow the logic the industry uses against piracy -- that it harms them by cutting into revenue; wouldn't pirating such material be a positive?

(slightly flippant, please don't throw rocks at me, thanks!)

Re:

[Lucky_Strikez]

That was my first thought too, Of course there was child porn, it's the equivalent of "Stop resisting!" with computer crimes.

Re:

[account_deleted]

Comment removed based on user account deletion

Re: Pirated games

[e3m4n]

Yeah that does not meet the burden of proof of beyond reasonable doubt. Did you miss the part where the directory was called bad stuff? Pretty sure web browser cache doesnt make a directory called bad stuff.

Re:

[Opportunist]

I would expect from someone who knows a thing or two about computer security (and, well, let's pretend for a moment he does or I'd have to assume that Nintendo is too stupid to use passwords more complex than "12345" for their admin accounts) to encrypt shit like this in a way that the FBI couldn't tell from a hard drive overwritten with if=/dev/urandom.

Re:

[hey!]

I would expect from someone who knows a thing or two

Yeah, you would, wouldn't you? But knowledge and wisdom are two different things. For one thing knowledge doesn't preclude wishful thinking.

Re:

[meta-monkey]

I thought there was an article on Slashdot a few months back about how shitty the cybersecurity of crackers is? Just because they know how to break into somebody else's shit doesn't mean they bother being smart about securing their own.

Bigger Question

[alvinrod]

So are kids these days going to go from "My uncle works at Nintendo" to "My uncle hacks the guys who work at Nintendo" when talking bullshit on the playground?

Re:

[the_skywise]

Like the old - My kid beat up your honor student bumper sticker?

Stole images of children from Nintendo?

[jfdavis668]

Why did Nintendo have "explicit images of minors"?

US definition of "explicit".

[BAReFO0t]

In many countries, it is normal for kids below a certain age to go naked e.g. at beaches, lakes, or at home in the summer. And if parents take photo of them, nothing special is thought of it. (Cause we haven't got those perverted minds that are so popular in, sorry, can't say it in a nice way, Abrahamic religious countries.)

Most parents here in Germany probably have photos of their kids as naked babies or playing on a rug or in the grass or at a lake/beach as small children.

Also, the separarion of child and

Re:

[meta-monkey]

Those parents don't keep the photos of little Bobby in the bathtub in a folder marked "BAD STUFF" though.

I hope those who fell for the phishing are fired.

[BAReFO0t]

Seriously, there should be a natural selection to separate the weed from the chaff that falls for this crap.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[mark-t]

There is no ethically sustainable point in pleading guilty to something you did not do. If you plead guilty to something you did not do, you may be helping the actual guilty party escape justice, and at the very least, are still committing purjury.

Re:

[rogoshen1]

How it usually shakes out is:

"If you plead guilty, you'll be out in 2, and 5 years probation. Fight it, and you'll be facing 20 to life"

Re:

[mark-t]

I would ask why the court is more interested in incarcerating an innocent person than they are in actually finding the guilty party. If I am wrongfully imprisoned for a crime I did not commit, it is out of my hands... that the justice system might offer me a lighter sentence if I deliberately lie and say I did it than they would if they decided to incarcerate me without regard for the truth, that is also irrelevant.

Re:

[tlhIngan]

I would ask why the court is more interested in incarcerating an innocent person than they are in actually finding the guilty party. If I am wrongfully imprisoned for a crime I did not commit, it is out of my hands... that the justice system might offer me a lighter sentence if I deliberately lie and say I did it than they would if they decided to incarcerate me without regard for the truth, that is also irrelevant.

it's more a product of a "justice" system geared towards retribution, rather than rehabilitat

Re:

[Agripa]

I would ask why the court is more interested in incarcerating an innocent person than they are in actually finding the guilty party.

The court is not paid to find the innocent not guilty.