A 24-year old security researcher has pleaded guilty to hacking both Microsoft and Nintendo servers to steal very confidential information. Zammis Clark, has been charged with multiple counts of computer misuse in a London Crown Court last Thursday.
Prosecutors reveal that Clark, who is from England, used an internal username and password to gain access to Microsoft on January 24th, 2017.
Clark who is known online as Slipstream or Raylee, uploaded a web shell to access Microsoft server network for at least three weeks.
He then uploaded multiple web shells which allowed him to search through Microsoft’s server, upload files, and download data.
Confidential Files Were Hacked From Windows Server
The Verge reported that since 2017, a total of 43,000 confidential files of pre-released versions of Windows were stolen. Clark targeted build numbers to gain information on pre-released on Windows in over 7,500 searches for unreleased products, code names, and build numbers.
He then shared access to Microsoft’s servers through an Internet Relay Chat (IRC) server chartroom. This then allow others to gain access to Microsoft’s server and steal confidential files.
There are also hackers from France, Germany, the United Arab Emirates, and other countries who had access to Microsoft’s servers.
According to the report, “police found the stolen files on Clark’s home computer after a joint investigation involving Microsoft’s cyber team, FBI, EUROPOL and the NCA’s National Cyber Crime Unit (NCCU).”
The Microsoft intrusion only ended when Clark uploaded a malware to Microsoft’s network and he was then arrested in 2017.
Nintendo Targeted After Microsoft Hacking
After his arrest, Clark was then bailed and released without any online restrictions. He then proceeded to hack Nintendo’s internal network in March of last year.
Using a Virtual Private Networks (VPN), Clark was able to gain access to Nintendo’s confidential game development servers. These servers store development code for unreleased games, Clark was then able to steal 2,365 usernames and passwords.
Nintendo learned about the breach only in May of 2018. Nintendo estimates a cost of total damage between $900,000 to $1.8 million. Microsoft also presented in court an estimate of $2 million in total damages.
Hacker Won’t Be Serving Jail Time
Initially, Clark was sentenced to a total of 15 months of imprisonment. Despite the severity of his actions, Clark won’t be serving jail time, at least not yet. As it turns out, he is both autistic and has face blindness.
The judge deemed that prison would pose a risk to Clark’s safety because he would then be vulnerable to violence inside the prison. He decided to suspend the 15-month sentence.