Prosecutors said the small group of gaming enthusiasts called itself the Xbox Underground.
“These were extremely sophisticated hackers. Don’t be fooled by their ages,” Assistant U.S. Attorney Ed McAndrew said after Tuesday’s court hearing. McAndrew told reporters the other members of the group looked to Pokora as a leader.
Chris Parsons, a post-doctoral fellow at the University of Toronto’s Citizen Lab and expert in Internet security, told the Star the technique used by the group, known as “SQL injection,” is one of the most common attacks used.
“I’m not saying that these individuals are more or less sophisticated, but you really do not have to be terribly clever to run SQL injections,” said Parsons, who has no involvement in the case.
The technique at its most simple involves tricking a database used by the organization into thinking that the hacker has the power to run administrator-level commands.
Parsons says the value of intellectual property and material like the group was after is difficult to gauge. He said they could sell it, or trade it online.
“Certainly some information would be more valuable than others. There might be a large variation for how much you might pay for a prototype Xbox One, versus information about how the U.S. military trains its apache helicopter pilots,” said Parsons. “It would vary substantially in terms of what the information is and the completeness of it.”
There’s no indication in the court documents that the group attempted to sell military information.