Tweet
Game operator: "Pay me $1,500 and you will never hear from me again."
By Dan Goodin - Nov 15 2012, 3:15 P.M. EST
Federal officials have accused a Dutch man of hacking into a New Hampshire-based game company, tampering with sensitive user data, and using the stolen source code to start a competing online game.
Anil Kheda, 24, of the Netherlands, began his hacking spree in November 2007 after one of his accounts was deleted from Outwar (an online role-playing game with 75,000 active players), according to documents filed in US District Court in New Hampshire. Prosecutors allege that two months later, he started a competing game called Outcraft using source code obtained from the hacked servers. The game earned Kheda at least $10,000 in profits. Over the next nine months, he allegedly continued the hacks and agreed to stop only if the hacked company—Portsmouth, New Hampshire-based Rampid Interactive—paid him money and provided other benefits.
According to prosecutors, Kheda claimed to have found vulnerabilities in Rampid's network and the Outwar source code that allowed him to gain administrator access to the underlying functions of the game. His ability to repeatedly delete a user database seemed to indicate his claims were at least partially true. The tampering caused Outwar to go down for a total of about two weeks over the nine-month stretch, causing Rampid to incur more than $100,000 in lost revenue, wages, and other costs, according to prosecutors.
"You guys have the following three options," Kheda wrote in a December 2007 e-mail included in the federal indictment. "1. Let me play again on my master account (with everything that was on it), and I will report everything when I come across a vulnerability. 2. Pay me $1,500 and you will never hear from me again. 3. Don't reply to this e-mail and you are gonna wish you picked one of the other options."
Online records indicate Kheda is the registrant of the outcraft.com domain name. He didn't respond to an e-mail Ars sent to the Gmail account listed in the Whois record.
During another exchange with Rampid employees, Kheda allegedly demanded he be given the name and address of a fellow hacker called Pimpster, who is listed as an unindicted co-conspirator in the indictment. Kheda ultimately demanded he be given contact details for the UK juvenile after he backed out of the alleged conspiracy to hack Rampid's network, according to prosecutors.
"Pimpster may have pussed out after [an employee at Rampid] called his mom, I'll never talk to that noob snitch again," Kheda wrote, according to the indictment. "However I am still around, you guys probably thought that pimpster has been doing this all by himself, think again noobs."
If convicted on one count of conspiring to commit computer intrusion and one count of making extortionate interstate threats, Kheda faces a maximum of seven years in prison.
By Dan Goodin - Nov 15 2012, 3:15 P.M. EST
Federal officials have accused a Dutch man of hacking into a New Hampshire-based game company, tampering with sensitive user data, and using the stolen source code to start a competing online game.
Anil Kheda, 24, of the Netherlands, began his hacking spree in November 2007 after one of his accounts was deleted from Outwar (an online role-playing game with 75,000 active players), according to documents filed in US District Court in New Hampshire. Prosecutors allege that two months later, he started a competing game called Outcraft using source code obtained from the hacked servers. The game earned Kheda at least $10,000 in profits. Over the next nine months, he allegedly continued the hacks and agreed to stop only if the hacked company—Portsmouth, New Hampshire-based Rampid Interactive—paid him money and provided other benefits.
According to prosecutors, Kheda claimed to have found vulnerabilities in Rampid's network and the Outwar source code that allowed him to gain administrator access to the underlying functions of the game. His ability to repeatedly delete a user database seemed to indicate his claims were at least partially true. The tampering caused Outwar to go down for a total of about two weeks over the nine-month stretch, causing Rampid to incur more than $100,000 in lost revenue, wages, and other costs, according to prosecutors.
"You guys have the following three options," Kheda wrote in a December 2007 e-mail included in the federal indictment. "1. Let me play again on my master account (with everything that was on it), and I will report everything when I come across a vulnerability. 2. Pay me $1,500 and you will never hear from me again. 3. Don't reply to this e-mail and you are gonna wish you picked one of the other options."
Online records indicate Kheda is the registrant of the outcraft.com domain name. He didn't respond to an e-mail Ars sent to the Gmail account listed in the Whois record.
During another exchange with Rampid employees, Kheda allegedly demanded he be given the name and address of a fellow hacker called Pimpster, who is listed as an unindicted co-conspirator in the indictment. Kheda ultimately demanded he be given contact details for the UK juvenile after he backed out of the alleged conspiracy to hack Rampid's network, according to prosecutors.
"Pimpster may have pussed out after [an employee at Rampid] called his mom, I'll never talk to that noob snitch again," Kheda wrote, according to the indictment. "However I am still around, you guys probably thought that pimpster has been doing this all by himself, think again noobs."
If convicted on one count of conspiring to commit computer intrusion and one count of making extortionate interstate threats, Kheda faces a maximum of seven years in prison.