The Department of Justice (DoJ) has nabbed two alleged leaders of a global, notorious video-game piracy group called Team Xecuter.
The two leaders in custody, Max Louarn (48, a French national of Avignon) and Gary Bowser (51, a Canadian national from Santo Domingo, Dominican Republic), allegedly led the criminal enterprise’s efforts to hack popular video-game consoles so they could be used to play pirated copies of video games. The DoJ also charged Team Xecuter member Yuanning Chen, 35, a Chinese national of Shenzhen, China.
Video-game manufacturers govern the use of major consoles to play copyrighted video-game titles with end-user licensing agreements, which prevents anyone from duplicating, modifying and selling the software. In addition, console manufacturers and game developers implement various technical measures – from specific game cartridge designs to cryptographic keys on the software – to prevent the use of unauthorized firmware that could be used to play pirated video games.
Team Xecuter, which says in underground advertisements that it’s been around since 2001, has bypassed these measures by developing and selling illegal “circumvention” devices. One example is a USB device that the group sold starting in 2018 called the SX Pro, which allows the Nintendo Switch console to run pirated games.
Beyond the Nintendo Switch, the cybercrime group also targeted popular consoles such as the Nintendo 3DS, the Nintendo Entertainment System Classic Edition, the Sony PlayStation Classic and Microsoft Xbox.
“These defendants were allegedly leaders of a notorious international criminal group that reaped illegal profits for years by pirating video game technology of U.S. companies,” said Acting Assistant Attorney General Brian Rabbitt of the Justice Department’s Criminal Division, in a Friday announcement. “These arrests show that the department will hold accountable hackers who seek to commandeer and exploit the intellectual property of American companies for financial gain, no matter where they may be located.”
According to court documents, the Team Xecuter group is comprised of more than a dozen individual members worldwide. That includes: Developers who exploit vulnerabilities in video-game consoles and design the circumvention devices; website designers who create the various websites promoting and advertising these devices; suppliers who manufacture the devices; and resellers who distribute the devices.
According to the DoJ, the group has continuously evaded law-enforcement efforts by using a wide variety of brand names, websites and distribution channels. Between June 2013 through August 2020, for instance, Team Xecuter used a variety of product names for its devices, such as the Gateway 3DS, the Stargate, the TrueBlue Mini, the Classic2Magic and the SX line of devices (that includes the SX OS, as well as the SX Pro, the SX Lite and the SX Core). The group also allegedly masked its illegal activity by pretending to support gaming enthusiasts who wanted to design their own video games for non-commercial use.
The DoJ also said that behind the scenes, Team Xecuter was supporting online libraries of pirated video games for its customers, and several of the devices also came preloaded with numerous pirated games. Ironically, the group also used a licensing scheme to protect its circumvention software from being pirated, the department said.
“According to the indictment, Team Xecuter was so brazen that it even required customers to purchase a ‘license’ to unlock the full features of its custom firmware, the SX OS, in order to enable the ability to play pirated video games,” according to the DoJ.
The video-game and enthusiast markets are lucrative industries for cybercriminals. A recent report highlighted that credential-theft targeting hardcore gamers has hit an all-time high as scams, illicit markets and account takeovers have become a booming business. Meanwhile, hackers are scoring more than a million dollars annually selling compromised accounts for the popular Fortnite video game in underground forums.
Video-game companies are cracking down on these security challenges, and in particular the issue of piracy – with Nintendo filing two lawsuits against Nintendo Switch piracy resellers that were part of Team Xecuter, as well as against UberChips, a website that sold Team Xecuter’s hardware. Last week, UberChips agreed to a $2 million settlement with Nintendo.
The DoJ said Louarn and Bowser were arrested in September in connection with the charges in the case. The U.S. is seeking Louarn’s extradition to stand trial in the United States, while Bowser was recently deported from the Dominican Republic, and appeared Friday in federal court, in New Jersey. Each is charged with 11 felony counts, including conspiracy to commit wire fraud, wire fraud, conspiracy to circumvent technological measures and to traffic in circumvention devices, trafficking in circumvention devices and conspiracy to commit money laundering.
On October 14 at 2 PM ET Get the latest information on the rising threats to retail e-commerce security and how to stop them. Register today for this FREE Threatpost webinar, “Retail Security: Magecart and the Rise of e-Commerce Threats.” Magecart and other threat actors are riding the rising wave of online retail usage and racking up big numbers of consumer victims. Find out how websites can avoid becoming the next compromise as we go into the holiday season. Join us Wednesday, Oct. 14, 2-3 PM ET for this LIVE webinar.