At the beginning of the investigation, Bowser faced 11 serious charges, although he has only pleaded guilty to conspiracy to evade security mechanisms in technological devices and traffic in evasion devices. Team Xecutor developed pirated software and emulators for Switch, Nintendo 3DS, Xbox, PlayStation and NES Classic.

The defendant admitted to working with this group between 2013 and 2020, during which time he managed illegal websites and sold software to hack consoles and devices. In the lawsuit against Team Xecutor, Nintendo claims to have lost more than $65 million USD due to this group.

Nintendo thanked the law enforcement agencies involved in the investigation, which include the Federal Bureau of Investigation (FBI) and the Department of Homeland Security (NHS).

The video game company has always tried to take strict action against the illegal use of its products. Previously, Nintendo won a lawsuit against the RomUniverse platform, forcing the website’s administrators to pay $2.1 million USD compensation, plus they had to destroy all the illegal ROMs developed.

More recently, Nintendo began sending out copyright warnings against the GilvaSunner YouTube channel for its Nintendo soundtrack videos, which will likely lead to the channel’s definitive shutdown. 

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post Hacker sentenced to 3 years in prison for developing pirated software for Nintendo Switch appeared first on Information Security Newspaper | Hacking News.

Authorities in the British city of West Yorkshire announced the arrest of three individuals accused of using a sophisticated device capable of deceiving the security systems of some models of keyless cars, which allowed them to steal more than 30 Mitsubishi Outlander keyless cars between May and July this year.

During their crimes, this group employed a device disguised as a Game Boy console to send a signal to these keyless cars, making the affected system believe that they were using the legitimate opening device.

Dylan Armer, Thomas Poulson and Christopher Bowes were arrested July 20 after stealing a car from the entrance of the home in Scholes. The recordings of a security camera allowed verifying that the defendants placed this false Game Boy to open and start the car, leaving as if they were the owners.

According to Detective Vicky Vessey of the Leeds District Crime Team, the three individuals engaged in the theft of dozens of cars, generating tens of thousands of dollars in losses for the victims.

Cybersecurity specialists mention that this class of devices can be found for more than $ 20,000 USD on the black market and allow compromising a wide variety of models of keyless car in a matter of seconds. As if that were not enough, the British authorities recognize a considerable increase in the reporting of this kind of incidents, with very few cars recovered after the theft.

In the videos recovered by the authorities, the defendants can be seen hanging around the area of the robbery and manipulating one of the stolen cars. In addition, during his arrest the authorities seized a smartphone that stored some videos with a kind of tutorial for the use of this hacking Game Boy.  

While Armer and Poulson pleaded guilty to the charges brought against them, Bowes says he was only driving a vehicle used by the group during their attacks. The three individuals are awaiting their sentences, which could reach up to 33 months in prison, probation and the payment of fines equivalent to the losses generated in the robberies.

To learn more about information security risks, malware variants, vulnerabilities and information technologies, feel free to access the International Institute of Cyber Security (IICS) websites.

The post This $20,000 Nintendo Game Boy can hack and steal any keyless Mitsubishi Outlander in a minute. Never seen before cybercriminal tool appeared first on Information Security Newspaper | Hacking News.

The Nintendo Switch handheld console has become very popular, emulating sales of consoles like the PlayStation 4. However, there is a problem with this device: video game crackers have deciphered possible methods of hacking the console, affecting Nintendo’s profits, mentioning information security awareness experts.

Team-Xecuter hackers, jailbroken in the first generation of Switch in 2018, have just announced the development of SX Core and SX Lite, tools to crack all versions of Switch.

According to information security awareness researchers, a cracked switch can be used by downloading network resources and does not require players to purchase authentic games, either in their physical or digital version. After Nintendo announced the correction of exploited vulnerabilities, Team-Xecuter hackers followed their investigation into the console code, putting various cracking tools up for sale through its website.

What has Nintendo done about it? There is currently a legal procedure to prevent Team-Xecuter from further selling these cracking tools. However, given the nature of cracking developed by this group, Nintendo cannot do much to stop users using pirated software, so only new versions of the console remain to be released: “Team-Xecuter illegally designs and manufactures an unauthorized operating system, in addition to the hacking tools that complement it,” Nintendo’s demand mentions.

The company has also managed to shut down some hacking websites, although video game crackers do not stop. In the event that things don’t change, information security awareness specialists anticipate that Nintendo will start reporting ever-increasing economic losses, so it will be difficult to develop quality video games without the fear of loss.  

The post Every Nintendo Switch model could be jailbroken with this tutorial. Nintendo suing the hackers appeared first on Information Security Newspaper | Hacking News.

The companies committed included Qualcomm, Motorola, Mediatek, GE, Nintendo, Disney, Johnson Controls, among others.

Details about this incident were compiled by Reverse Engineering Specialist Tillie Kottmann. Much of the information exposed in this incident is available in a GitLab repository available to any user. Apparently, code from more than 50 companies is available in the repository. However, there are multiple empty folders, but it is also possible to find login credentials.

So far, database security audit experts have found code samples from various companies across multiple business areas, for example

• Financial technology: Fiserv, Buczy Payments, Mercury Trade Finance Solutions
• Banking institutions: Banca Nazionale del Lavoro, based in Italy
• Technology development: Pieran Access One, among others

Speaking around for the BleepingComputer platform, Kottmann mentioned that repositories contain information that is really easy to access, although companies and researchers are making a great effort to remove access to this data and prevent further damage: “I try to do my best to prevent any relevant detail from being compromised,” Kottmann added.

Researchers have also been responding to record deletion requests that affected companies have issued, and they also expect to communicate with their IT teams to strengthen the security of their IT infrastructure. Some companies, such as Mercedes-Benz, have already requested the deletion of records present in the repository.

Database security audit experts mention that not many requests have been made to remove the information exposed, which is common in these kinds of incidents. In most cases, the companies concerned are limited to being curious about how their information was compromised.

On the lifetime of compromised information, experts mention that the GitLab server is full of outdated data or that they have not even received updates since its creation.

Kottmann considers this to be a more common practice than is believed; on a Telegram channel, Kottmann offers details about leaks affecting many other companies, although the channel is especially focused on Nintendo leaks and its classic video games.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

The post Qualcomm, Motorola, Mediatek, GE, Nintendo, Disney, Johnson Controls & other companies’ source code leaked appeared first on Information Security Newspaper | Hacking News.

These new devices, sold by the Bulgarian company SOS Auto Keys, are made up of components very similar to those of the classic Nintendo Game Boy handheld console. At the moment these devices’ worth is over $20k USD, although their price will decrease soon, the company mentions.

Although the sale of this device includes a warning against its use for malicious purposes, cloud computing security experts point out that it is really easy for a threat actor to obtain one of these products.

Through a YouTube video you can see how to use this device to open recent models from manufacturers like Mitsubishi, Hyundai or Kia in less than a minute. This “Game Boy hacker” records the car information and acts as an answering machine that the target car recognizes as an authorized control (fob). Finally, the car will open as if the SOS Key user used the legitimate fob.

Official Bulgarian figures reveal a 50% increase in vehicle theft, which in many cases involves the use of hacking methods. In view of this, the authorities have expressed concern about the launch of this device to the market, as its sale could lead to theft of cars to unusual levels.

On the other hand, specialists in cloud computing security point out that manufacturers’ low concern for the safety of these vehicles also plays a key role in the growth of this problem and the ability to use such a tool. Moreover, because this is a crime that is considered a low priority, it is really strange that the authorities seek out and prosecute these criminals.

Members of the cybersecurity community are still truly surprised by how easy the security systems of these cars have become tricked: “It’s as easy as stealing a vehicle in Grand Theft Auto,” says Jack Cousens, a specialist in keyless car systems. 

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

The post How Nintendo Game Boy is being used to unlock & steal cars without breaking their windows appeared first on Information Security Newspaper | Hacking News.

For obvious reasons, the company is not happy at all, although enthusiasts of the Japanese franchise have found the ideal opportunity to unravel two of Nintendo’s most popular titles for the handheld console.

The IT security services experts believe this incident is fully linked to the leaks that began in April, after a group of unidentified threat actors compromised Nintendo’s servers and exposed the demo version of Pokemon Gold and Silver online, resulting in the disclosure of multiple secrets about these games.

While the latest leaks don’t seem to have brought anything new about the titles exposed so far, there are still multiple files to be scanned, so the next few weeks could be really interesting for the gamer community. When a similar leak is presented, enthusiasts hope to uncover secrets in video games that have remained hidden for years.

Regarding 3DS console leaks, IT security services experts mention that the information exposed includes multiple details about your development files. Apparently, the source code of the game’s operating system was initially filtered on 4Chan; specialists believe that video game leaking also occurred on this platform.

It is not yet clear what actions Nintendo will take in this regard, although it is possible that the company will do nothing at all, as 3DS goes through its last moments of useful life, while the company has focused all its recent efforts on exploiting the market for handheld consoles with Nintendo Switch. What is certain is that the company’s security will be enhanced after suffering two cyberattacks in less than two months.  

On the other hand, the International Institute of Cyber Security (IICS) believes that things could get worse for the company if hackers manage to access more recent developments. Most of the games exposed so far were released almost ten years ago, so they do not represent losses for Nintendo, although the firm could suffer considerable losses if the most recent games are exposed as well. Both Nintendo and Pokemon have experienced hacking incidents in the past, so none of the companies should dismiss the possibility of this happening again. 

The post Source code of the Pokemon Diamond, Pearl along with Nintendo 3DS leaked online appeared first on Information Security Newspaper | Hacking News.

The leaking includes source code for consoles such as Nintendo Wii, N64, GameCube, in addition to the demo versions of some N64 games.

Network security course researchers believe this leak could be linked to a security incident that occurred at Nintendo a couple of years ago. Alex Donaldson, a journalist and web developer, mentions that this is a “biblical proportions” incident. Nintendo has not issued any official statements in this regard.

Although code dating back to 1990 was leaked, there is now a large community of enthusiasts of these video game systems, so the technical details regarding the operation of Nintendo’s classic consoles remain a topic of great interest.

According to network security course specialists, most of these classic video games (or released in the 1990s) have already undergone reverse engineering processes, so enthusiasts can make their own versions of these “emulators” developments. However, leaking this code will allow them to produce much more sophisticated versions.

The code was gradually leaked through anonymous sources on 4chan, a platform known for its multiple software leaks and inappropriate content. A security firm managed to download a copy of the material, which appeared to correlate with the description of a data breach revealed in a gamer forum.

All leaked material is believed to be about 2 TB, although so far only the third part has been made public, a member of the gamer community says that it has tracked the incident through his YouTube channel.

Although nothing is confirmed, everyone believes it is possible that the leak is related to a security incident Nintendo suffered in 2018. According to the International Institute for Cyber Security (IICS), the user Zammis Clark of England pleaded guilty to the intrusion, and was sentenced to 15 months in prison, starting from April 2019.

While working for a security firm, Zammis was also accused of hacking Microsoft’s internal network in early 2017, stealing 43,000 files and loading malware into compromised networks.

The post Nintendo hacked completely. Source Code for N64, Wii & GameCube published appeared first on Information Security Newspaper | Hacking News.

Recently, hundreds of Nintendo console users reported various signs of suspicious activity on their accounts through social media. According to network perimeter security experts, these alleged attackers entered users’ accounts to use their payment cards and purchase products from Nintendo’s digital store.

Just a few hours ago Nintendo acknowledged the incident, mentioning that these threat actors attacked the Nintendo Network ID (NNID) login system in early April, compromising users’ accounts. This system is mainly used by console owners such as Nintendo 3DS and Wii U, which are no longer supported. It should be noted that this is a different system from that used by Nintendo Switch users, which requires a Nintendo account.

According to network perimeter security experts, an NNID account can be linked to a Nintendo account and used as a login option. In the event that a threat actor accesses a linked NNID, it could easily access the corresponding Nintendo account. Once inside the account, hackers would have access to the victim’s payment cards and even their accounts on payment systems like PayPal.

The company did not provide technical details about the intrusion, although it added that the hackers obtained NNID accounts illegally through a third party. In response, Nintendo disabled the feature to access Nintendo accounts using NNIDs, in addition to having reset the passwords of the compromised accounts, the network perimeter security experts mention. 

User reports also mention that threat actors might also have modified some data in users’ profiles, such as “nicknames”, dates of birth, place of origin, and email address associated with NNID. Not everything is bad news, as Nintendo claims that users’ credit card data was not compromised during the incident, so hackers only used it inside the virtual store.

This incident demonstrates that the gaming community is a frequent target of threat actors, experts from the International Institute of Cyber Security (IICS) mention. Recently the code of two popular video games was leaked, which caused various problems for developers and users. As if that wasn’t enough, experts warn about a new variant of ransomware that could affect thousands of Fortnite players.

The post Nintendo hacked. Details of 160,000 accounts leaked. Hackers can spy through Nintendo Switch appeared first on Information Security Newspaper | Hacking News.

Now, about three months after its release, the Nintendo Switch Lite console has been hacked. It should be remembered that the original Nintendo Switch was hacked less than two months after its release.

A couple of days ago, the renowned video game hacking organization Team-Xecuter released a video showing a Nintendo Switch Lite console running their SX OS 3.0 operating system. Although the video does not show further technical details, it is obvious that the hack allows users to install “homebrew” applications (in practice it is another way of saying piracy) on Nintendo’s console.

Ethical hacking specialists are still unclear on how this hack works, so there’s nothing left but wait for Team-Xecuter to reveal the procedure used, which they are supposed to do during the first days of 2020. It is expected that, as they have done on previous occasions, interested parties will have to pay Team-Xecuter to access the technical details of the hack.

To be more specific, it is necessary to mention that the concept “homebrew” is attributed to an open source software package management system that makes it easier for developers to create their own software. Usually this is a resource used for the creation of media players or web browsers without malicious purposes, although in the case of the video game industry, the homebrew applies for unofficial and unlicensed software, created by amateur developers on hacked operating systems.

After a console is hacked it is possible to execute code obtained by illicit means; simply put, a console able to run homebrew is the first step in being able to install cracked video games, which represents big losses for developers.

One of the main problems to be solved in the development of a console is the prompt detection of its weakest points, as hackers will try to exploit these flaws in order to execute pirate code, mention the experts in ethical hacking. This protection work does not end in the development stage, as companies constantly release security updates to correct existing failures and prevent the appearance of new weaknesses.

At this point Nintendo must be working on a way to fix the vulnerability exploited by hackers to install the SX OS 3.0 system, so the flaw could be fixed before Team-Xecuter getting revenues of this security error. In the video game industry this has become a kind of race in which developers try to anticipate hackers’ next movement to prevent the emergence of new exploits beneficial for piracy.

On multiple occasions the ethical hacking experts of the International Institute of Cyber Security (IICS) have reported the activities of this hacker group, detected more than ten years ago, and that have been linked to the hacking of consoles such as the original Xbox, Nintendo Switch and other systems.

The post Nintendo Switch Lite Console hacked and cracked appeared first on Information Security Newspaper | Hacking News.

The authorities, just like the video game developer, hope that this measure will help limit the ability of hackers to distribute pirated versions of such software, as well as assist in the fight against malware distribution through these illegal sites.

“The company is trying to push a new ‘Zero Tolerance’ policy on piracy, taking the case to the court and forcing Internet service providers to help Nintendo,” ethical hacking specialists say. The Nintendo Switch console has become one of the hackers’ favorite targets; whether to download games illegally or to inject malware into the devices of unsuspecting gamers, multiple threat actors have tried to find various ways to breach the security of the portable console.

The High Court ruling, for now only applicable to the top five Internet service providers in the UK, forces companies to take a proactive stance in combating piracy, blocking access to major pirated video game distribution websites.

Although authorities and entertainment software developers are aware that this measure will not solve the problem, it could impact hackers’ piracy distribution capability. The High Court has already resolved the ruling, now it remains for companies (Virgin Media, Talk Talk, EE, Sky Broadband and BT) to implement the necessary actions to comply with the court order.

Ethical hacking specialists mention that this is a clear example of how a major company can influence a country’s legislative agenda to implement measures against malicious users that put their users at risk and, of course, their incomes.

This is not the first time British lawmakers have tried to use Internet service providers in the fight against piracy. In 2017, a bill was passed that conditioned companies to alert via email users of these sites about the potential risks of downloading pirated content. However, this only caused users to turn to websites that were not blacklisted by the British authorities, something that many fear may also happen on this occasion.

Specialists in ethical hacking at the International Institute of Cyber Security (IICS) claim that, due to its popularity, hackers are constantly working to find vulnerabilities in Nintendo Switch. A clear example is the release of the latest version of the console firmware, which was hacked the same day it was released. The hackers managed to compromise Switch firmware version 7.0.0 just four hours after Nintendo made it available.

The post Downloading pirate games for Nintendo Switch will be impossible very soon appeared first on Information Security Newspaper | Hacking News.

Nintendo has been unable to patch the Switch software

Nintendo security teams are working to contain the leaks that involve the launching of the videogame Smash Bros. Ultimate, after digital forensics specialists from the International Information Security Institute reported that the game was on sale in Mexico in advance. In addition, it was reported that pirated copies of the game released online were intercepted by data miners to obtain all the game’s hidden information.

While the game’s official release date is December 7th, some people seem desperate to know all the content that Nintendo has included in the game.

The controversy began last Wednesday when someone posted an image of the alleged packaging of the game for retailers. A few days later, specialists in digital forensics and cybersecurity began to spread the word that the game was being sold in advance and relatively wide by certain retail vendors in Mexico; soon, the pirated versions of the game would begin to appear online.

According to experts in digital forensics, the leaks were caused, in part, by a Nintendo Switch console hacking method, which the company has not been able to patch. This hack allows attackers to execute arbitrary code on the device’s system; the situation got worse by the intervention of data miners, who checked the data and codes of the leaked game with hexadecimal editors looking to extract any content that is hiding in the videogame (as a list of characters available in the game, or unlockable elements).

Allegedly, some hackers have managed to develop their own pirated versions of the game and then have them marketed online, although there are also online testimonials stating that these pirated copies can crash a Nintendo Switch console.

Despite the enormous efforts of Nintendo to protect its developments, it seems that its software and hardware are too attractive for hackers to try to bypass the security and anti hacking mechanisms.

The post Pirated Smash Bros. Ultimate copy for sale in Mexico before launching date appeared first on Information Security Newspaper | Hacking News.