How investigators tracked down a Modern Warfare 2 cyber pirate
November 7, 2009 |
[Updated] The posting last Thursday on Craigslist was alarming. Someone was selling a Modern Warfare 2 Xbox 360 bundle, with both a console and a game, for $500. The problem was that Modern Warfare 2, one of the most anticipated games of the year, doesn’t officially go on sale until Nov. 10.
Activision Blizzard, the game’s publisher, called in IPCybercrime.com, a Dallas private investigation firm that specializes in online investigations. The investigators tracked down the seller and stumbled into a scheme to pirate the game and sell a bunch of fake copies over the Internet. While the bust led to the arrest of just one hacker among many, it sheds light on the shadowy underground of the business of illegal piracy. It also offers a peek at how investigators try to head off a major piracy disaster before it happens.
“It all happened very fast,” said Rob Holmes, owner of IPCybercrime. “If these guys get their stuff out, then they can do some major damage to sales and spoil it for everybody. We plug leaks every day, but this was one of the biggest ones of the year.”
The investigators started by calling the Craigslist ad phone number and talking with the seller, who said he had two items for sale. They negotiated a deal to buy two bundles for $800 each. Then IPCybercrime dispatched its investigators in Los Angeles to perform an undercover pickup. Then another Craigslist ad appeared for the same Modern Warfare 2 bundle. A search on social networks revealed that the first seller was a friend of the second seller. And the second seller said on his social networking page that he worked as a “box boy at a major retail chain.”
IPCybercrime’s client, Activision Blizzard, approached the sellers, who then admitted having stolen a crate of the bundles from the backroom of a game retail store. Then IPCybercrime folks turned the case over to the loss prevention department at the retailer, which dealt with the thieves. This kind of inside job involving physical theft is becoming common, though it’s hard to do because retailers get a major game just a week in advance and then lock the boxes up in a high-security part of their warehouses.
On Oct. 30, the client told IPCybercrime that an individual going by the name “cedelamo” and “cdelamo815″ had posted a message on the piracy forum at xbox360iso.com. [Update: The post asked for users to donate funds to him in exchange for copies of the game.]
There wasn’t an obvious way to track the person who made the post. But IPCybercrime checked on Facebook to see if the email address belonged to someone with a Facebook account. The search turned up a page for someone who was anonymously offering “modding services.” Modders are people who hack into Xbox 360 systems and turn them into repositories for pirated games. They stand in a gray area of the law, as it’s legal to make your own backup copy of a copyrighted disk, but it’s not OK to sell that copy commercially. To evade the law, the modders often describe their services in ads as selling “backup disks.”
The Facebook page had a cell phone number and it said that customers could contact that number via text message. Holmes’ investigators stayed in contact with the person sending text messages for four days as they negotiated a business deal. At one point, they convinced the person to call them with a cell phone. Holmes called that number back and then managed to get a business address out of the person.
Meanwhile, the person on the web forum said that he had received a copy of Modern Warfare 2 on Oct. 30. Over the weekend, the hacker went to work on the copy protection built into the DVD disk with the game on it. He cracked the code — something that isn’t that hard for hackers to do these days — [update: apparently, there isn't anything for him to crack; it's just a copying process using a ripping code flashed onto an Xbox 360.] and announced that he had done so on Monday. Coincidentally, pirate digital copies of Modern Warfare 2 flooded onto torrent sites, which are peer-to-peer sites for sharing software, on the same day. That has likely caused untold losses for Activision Blizzard, Holmes said.
Holmes was looking into the business address he got from the Facebook modder. The location (pictured right) was a computer business in Miami, owned by the subject’s father, Hiram Del Amo. IPCybercrime sent an investigator to the address and then determined that the cyberhacker was Christian Del Amo, an 18-year-old who was known as a modder and had a site for selling modded Xbox 360 hard disks on iOffer.com, an eBay-like site. The modder advertised 250-gigabyte Western Digital hard drives, loaded with 125 copied games, for $150 (pictured below). [Update: Those games still had to be taken from the hard disk and burned onto disks to be playable in an Xbox 360].
IPCybercrime handed the case over to the Miami-Dade police department. They conducted a buy-bust sting where Del Amo had sent a “runner” to make the exchange. The runner gave them a disk with the Modern Warfare 2 limited edition image on it. That meant that not only was Del Amo making pirated digital copies on DVDs, he was also sophisticated enough to know how to make disks that look like legitimate copies. On his Twitter account, Del Amo was in a conversation with an underground hologram maker. Holograms can be used to make the disks look like legitimate copies of the game. Those who bought the pirated game would be able to play it in modded Xbox 360s.
“This kid was in a position to sell thousands of these,” Holmes said.
Police interrogated the runner, who led them to Del Amo’s home. They then arrested Del Amo yesterday (pictured right). Del Amo’s attorney has not returned a call for comment. The whole process, from finding the first tip to the bust, took less than a week. While the operation snagged a perpetrator, it didn’t move fast enough to prevent the massive copying of the game on the torrents on the Internet.
“Hopefully it is a lesson,” said Holmes. “If you try to do piracy on a large scale, you will get caught. When you use the Internet, you always leave tracks somewhere.”