Ensconced in his Mississauga home, David Pokora played a leading role in an international group of hackers, diving into supposedly secure networks and gaining access to data from Microsoft, video game developers and the U.S. Army.

On Tuesday, the 22-year-old Pokora pled guilty to conspiracy to commit computer fraud and copyright infringement in a U.S. federal court in Wilmington, Del. It is believed to be the first conviction of a foreign-based individual for hacking into U.S. businesses to steal trade secret information, according to the U.S. Department of Justice.

The hacking group is accused of stealing more than $100 million worth of intellectual property, including then-unreleased video games “Gears of War 3” and “Call of Duty: Modern Warfare 3” and information on how to build Microsoft’s Xbox One gaming console, still in development at the time.

The hackers also accessed a copy of helicopter simulation training software for the U.S. Army that had been created by video game firm Zombies Studios, according to court documents. The hacking spree, which spanned from January 2011 to April 2014, included an episode of physical theft from Microsoft’s offices, documents indicate.

Pokora faces up to five years in prison when sentenced in January with co-conspirator Sanadodeh Nesheiwat, 28, of Washington, N.J., who pled guilty to the same charges.

Pokora was arrested on March 28, 2014, while attempting to enter the U.S. at the port of entry in Lewiston, N.Y. Court documents do not indicate the reason for his entry into the country.

His American lawyer, Solomon Wisenberg, declined comment. A woman who answered the door where Pokora lived with his family in the quiet northwest Mississauga neighbourhood of Meadowvale refused to speak to a Star reporter on Wednesday.

Also charged are Nathan Leroux, 20, of Bowie, Md., and Austin Alcala, 18, of McCordsville, Ind., according to a Delaware court indictment from April unsealed Tuesday. Leroux and Alcala have yet to be tried.

Prosecutors said the small group of gaming enthusiasts called itself the Xbox Underground.

“These were extremely sophisticated hackers. Don’t be fooled by their ages,” Assistant U.S. Attorney Ed McAndrew said after Tuesday’s court hearing. McAndrew told reporters the other members of the group looked to Pokora as a leader.

An agreed statement of facts shows that Pokora and three other American men, along with co-conspirators around the world, hacked into the computers of at least seven American video game companies and Microsoft, stealing intellectual property and confidential business and financial information.

Chris Parsons, a post-doctoral fellow at the University of Toronto’s Citizen Lab and expert in Internet security, told the Star the technique used by the group, known as “SQL injection,” is one of the most common attacks used.

“I’m not saying that these individuals are more or less sophisticated, but you really do not have to be terribly clever to run SQL injections,” said Parsons, who has no involvement in the case.

The technique at its most simple involves tricking a database used by the organization into thinking that the hacker has the power to run administrator-level commands.

Documents show that the FBI first became aware of hacking at one of the gaming companies, Epic, in July 2011, but that did not deter the group, who hacked into emails being exchanged between the FBI and Epic employees about the initial hacking. They openly talked about being on the police radar in online conversations included in the statement of facts.

Pokora is quoted as telling a fourth co-conspirator not charged in the U.S., identified only as J.D. in court documents, that “if we do this right, we will make a million dollars each,” in relation to ongoing hacking activities.

Nesheiwat, in a later online conversation with Pokora, said in relation to J.D.: “He knowingly logs into Epic knowing that the feds chill in there …They were emailing FBI people …but he still manages to not care.”

Loading... Loading... Loading... Loading... Loading... Loading...

Microsoft and its then-unreleased Xbox One gaming console became the main target for the hackers around 2012. Prosecutors say they stole data on how to build and operate the console, with Leroux allegedly ordering the hardware components needed to build the machine.

“The group discussed their expectation of being able to resell the intellectual property they planned to steal from Microsoft for up to $30,000,” reads the statement of facts.

Parsons says the value of intellectual property and material like the group was after is difficult to gauge. He said they could sell it, or trade it online.

“Certainly some information would be more valuable than others. There might be a large variation for how much you might pay for a prototype Xbox One, versus information about how the U.S. military trains its apache helicopter pilots,” said Parsons. “It would vary substantially in terms of what the information is and the completeness of it.”

There’s no indication in the court documents that the group attempted to sell military information.

One of the counterfeit consoles was sent to an individual in the Seychelles in August 2012, but intercepted by the FBI, say the documents, while a second was allegedly sold by J.D. on eBay for $5,000, with part of the proceeds going to pay for Leroux’s tuition at the University of Maryland.

In September 2013, two unidentified individuals used a stolen security card to enter Microsoft’s building in Redmond, Wash., stealing three Xbox One development consoles valued at about $30,000.

The pair was caught on surveillance video. One of the two, identified as A.S., admitted to Microsoft that one of the consoles was shipped to Alcala in exchange for stolen data, according to documents, while a second was sent to Pokora in Canada.

U.S. authorities are continuing their investigation.

With files from The Associated Press

Read more about: