California hacker Ryan Hernandez recently pled guilty to accusations of hacking Nintendo twice, said ZDNet. The attacker became suspect to the Nintendo cybersecurity violation after he leaked plans for the company’s then-new handheld console back in 2016. The hacker is expected to face jail time.
Hernandez, who used the name RyanRocks or Ryan West online, hacked Nintendo’s servers in October 2016 when he posted a phishing module on the official forum for the company’s customers. He was able to obtain the credentials of an employee by infecting the tech support specialist’s system.
Court documents acquired by ZDNet revealed that the malware “secretly scraped the employee’s information and authentication tokens.” With such credentials in hand, Hernandez accessed the firm’s network. After this, he uploaded malware onto its developer site which stole tokens of other users. It also allowed him to obtain administrator access to the portal.
Through this unauthorized access, the hacker was able to “download proprietary Nintendo data‘ include information that has not yet been announced at that moment. This includes the pre-release details of the Nintendo Switch, which was set to be unveiled last March 2017.
After the leak, Nintendo reported the incident to the Federal Bureau of Investigation (FBI), which sent agents to Hernandez’s home. When the authorities first nabbed the attacker in October 2017, he was only 17 years old.
As he was underage at the time, the FBI only warned ‘Ryan West.’ This decision came after he “promised to stop any further malicious activity against Nintendo and confirmed his understanding of the potential consequences of future hacking conduct,” as per court documents.
However, the hacker did not comply with the deal and breached Nintendo’s servers again in June 2018. This time, he exploited the vulnerabilities of its network and was able to obtain a wide range of confidential information. Some of the things he accessed include a staging environment for the eShop and a server group for managing content such as game demos.
Hernandez once again leaked the info he stole. According to the authorities, the hacker runs a Discord channel called ‘Ryan’s Underground Hangout’ through which he shares Nintendo’s vulnerabilities and info.
The FBI paid Hernandez a visit complete with a search warrant in June 2019. During the search, agents found pornographic content involving children. He was slapped with hacking charges and one count of child pornography possession.
He signed a plea deal in which he admitted to the charges. He is currently awaiting sentencing and has agreed to pay Nintendo $259,323 in restitution.
