In an indictment unsealed today, the Justice Department revealed that it had charged four men with stealing information from the US Army, Microsoft, and a host of other game developers. Two of the charged men pleaded guilty on Tuesday.

The unsealed indictment—which was returned by a federal grand jury in April—alleges that starting in 2011, the four men targeted Microsoft and stole “Log-In Credentials, Trade Secrets, and Intellectual Property pertaining to its Xbox gaming system,” specifically the still-in-development Xbox One.

The four men also allegedly turned to Epic Games and used SQL injection attacks “and other incidents of unauthorized access” like stolen passwords to pilfer “unreleased software, source code, and middleware” from the upcoming Gears of War 3 title.

The indictment goes on to say that Valve, Activision, and Zombie Studios were also broken into by the four men throughout 2011. Then the men apparently tried to up their game. “Beginning in or about October 2012, the United States Department of the Army was the victim of unauthorized access to and trespass into one of its protected computer networks that resulted in the theft of confidential data valued at more than $5,000.” A Department of Justice press release accused the men of stealing Apache helicopter training software built by Zombie Studios for the US Army.

The four men were charged with 18 counts of “conspiracies to commit computer fraud, copyright infringement, wire fraud, mail fraud, identity theft, and theft of trade secrets,” the Justice Department says, as well as counts of “aggravated identity theft, unauthorized computer access, copyright infringement and wire fraud.” The men were identified as Nathan Leroux, 20, of Bowie, Maryland; Sanadodeh Nesheiwat, 28, of Washington, New Jersey; David Pokora, 22, of Mississauga, Ontario, Canada; and Austin Alcala, 18, of McCordsville, Indiana.

Pokora and Nesheiwat pleaded guilty on Tuesday and will be sentenced in early January.

In the indictment, the Department of Justice noted that the men took pains to conceal their efforts, citing one instant message from Pokora from August 2011:

POKORA stated: Have you been listening to the shit that I've done this past month? I have shit to the U.S. military. I have shit to the Australian Dept. of Defense. … I have every single big company: Intel, AMD, Nvidia, any game company you could name, Google, Microsoft, Disney, Warner Brothers, everything. … It's not like I'm trying to prove a point, but I'm just saying, if they notice any of this, eventually they're going to come looking for me.

The indictment goes on to allege that the men sold log-in credentials, authentication keys, and other private data. Pokora, apparently, was eager to monetize the compromised accounts, stating in an Internet audio call, “I don't think you understand the plan that I had. I've already compromised a fuckton of Paypals from those databases we have. Not that I logged into them, but I've compromised enough that we could have already sold them for Bitcoins which would have been untraceable if we did it right. It could have already been easily an easy 50 grand.”

After the men broke into Microsoft's system, Leroux allegedly ordered parts from Newegg to build a counterfeit Xbox One, which was code-named Durango at the time. The indictment says that Leroux then sold the counterfeit console to a person whose name is redacted, and that person placed the console for sale on eBay for $5,000.

The Guardian reports that the two men who pleaded guilty could face up to five years in prison when they're sentenced in January. The paper also says that at least one defendant is hotly contesting the Department of Justice's assessment that over $100 million in intellectual property was stolen.