Xbox Underground

Xbox Underground was an international hacker group responsible for gaining unauthorized access to the computer network of Microsoft and its development partners, including Activision, Epic Games, and Valve, in order to obtain sensitive information relating to Xbox One and Xbox Live.

Microsoft
Microsoft's computer network was compromised repeatedly by the Xbox Underground between 2011 and 2013. According to a 65-page indictment, the hackers spent "hundreds of hours" searching through Microsoft's network copying log-in credentials, source code, technical specifications and other data. This culminated in the perpetrators carrying out a physical theft, by using stolen credentials to enter "a secure building" at Microsoft's Redmond headquarters and exiting with publicly unreleased prototypes of the Xbox One codenamed "Durango". Group members say they were driven by a strong curiosity about Microsoft's then-unreleased Xbox One console and associated software.

"Beginning in or about January 2011, Microsoft was the victim of incidents of unauthorized access to its computer networks, including GDNP's protected computer network, which resulted in the theft of log-in credentials, trade secrets and intellectual property relating to its Xbox gaming system. p. 4" "In or about September 2013, Alcala and Pokora brokered a physical theft, committed by A.S. and E.A., of multiple Xbox Development Kits (XDKs) from a secure building on Microsoft's Redmond, Washington campus. Using stolen access credentials to a Microsoft building, A.S. and E.A. entered the building and stole three non-public versions of the Xbox One console... p. 31"

Apache helicopter simulator software
The group is also accused of breaching the computer network of Zombie Studios, through which they obtained Apache helicopter simulator software developed for the United States military. David Pokora was quoted as saying: "Have you been listening to the [expletive] that I've done this past month? I have [expletive] to the U.S. military. I have [expletive] to the Australian Department of Defense ... I have every single big company – Intel, AMD, Nvidia – any game company you could name, Google, Microsoft, Disney, Warner Bros., everything."

Members
Four members of the group have pleaded guilty to charges. David Pokora, the first foreign hacker ever to be sentenced on United States soil, received an 18-month prison term on April 23, 2014, and was released in July 2015. Holly LeRoux and Sanad Odeh Nesheiwat were sentenced on June 11 and received 24 months and 18 months respectively; Austin Alcala was due for sentencing in July, though, he went on to cooperate with the FBI in resolving another criminal case involving the illegal trade of FIFA coins.

Dylan Wheeler (referred to in the indictment as D.W), currently out of reach of the United States, lived in Australia at the time and was charged with a varying degree of charges. He was not convicted, having fled from Australia to Dubai and eventually the Czech Republic over human rights and political issues with his trial from where he cannot be extradited since he holds Czech citizenship, and is currently living in the UK. His mother, Anna Wheeler, was later jailed for more than two years for helping him flee Australia to avoid criminal charges.

Wheeler alleges that a sixth member, Justin May (referred to as "Person A"), worked with the FBI "to bring down the group". May had previously been placed on pre-trial probation for an earlier offense involving data theft, the agreement of which required him to stay off Xbox Live. He came under renewed interest from the FBI in 2017 after they seized a new BMW coupe and $38,595 in cash that was hidden throughout his home. In June 2021, May was sentenced to seven years in prison for defrauding over 3.5 million dollars from several tech companies, among them Microsoft and Cisco Systems, by exploiting warranty policies to illegitimately receive replacements which were then sold online.