Nintendo hacker pleads guilty

Teen who hacked Nintendo twice and leaked data on the company's yet unreleased Switch console pleaded guilty last week.

nintendo switch

A California man who broke into Nintendo servers on two different occasions pleaded guilty last week to hacking charges and is awaiting sentencing.

The man, named Ryan Hernandez but known online as RyanRocks or Ryan West, built a reputation online in 2016 after he leaked details about Nintendo's upcoming product, the Switch gaming console.

Although being tracked down by authorities and given a second chance, Hernandez squandered this opportunity and is now almost certain going to prison.

The 2016 hack

Hernandez's hacking spree started in October 2016. According to court documents obtained by ZDNet, Hernandez phished a Nintendo employee by posting a malicious link on the company's official forum, requesting help with a technical issue.

US authorities say the link redirected the Nintendo employee to an external website where the tech support worker was infected with malware.

According to court documents, the malware "secretly scraped the employee's information and authentication tokens" that Hernandez later used to access Nintendo's internal network.

Hernandez then used his new-found access to "upload malware onto the Nintendo developer site, which logged the tokens of legitimate users logging onto the site, and later to gain administrator access to the Nintendo Developer Portal."

Court documents say that at this point, Hernandez proceeded to "download proprietary Nintendo data" including pre-release
information about the upcoming Nintendo Switch console.

Hernandez then proceeded to leak the Switch information online, ahead of the Nintendo Switch official launch, which took place several months later, in March 2017.

At the time, Nintendo reported the security breach to the FBI, which tracked the hack back to Hernandez's home in Palmdale, California.

FBI agents paid Hernandez and his parents a visit in October 2017. Because Hernandez was only 17 at the time, agents gave the teen a pass after he "promised to stop any further malicious activity against Nintendo and confirmed his understanding of the potential consequences of future hacking conduct."

The 2018 to 2019 hacks

But Hernandez didn't keep his promise, or at least, not for long. According to his plea agreement, the teen went back to hacking Nintendo again by June 2018.

Using vulnerabilities in Nintendo servers, he gained access to backend systems from where he donwloaded other swaths of confidential information. We quote from the plea agreement:

"For example, one of the server groups targeted by HERNANDEZ related to a staging environment for the Nintendo eShop, which is used for pre-production testing. In June 2018, HERNANDEZ accessed the servers, using without authorization a legitimate certificate, and requested and downloaded pre-release information and data, including development tools and files relating to retail titles.

"Similarly, beginning in June 2018, HERNANDEZ accessed the device authentication server group using an illegitimate certificate obtained from an application extracted from the previously compromised staging environment server group. Beginning in July 2018, HERNANDEZ accessed the server group that managed content for Nintendo retail kiosks, including advertising material and game demos."

Just like two years before, Hernandez didn't stay quiet about the hacks and began leaking the stolen Nintendo files online, on Twitter and on Discord.

In addition, authorities say that Hernandez also operated his own Discord channel named "Ryan's Underground Hangout," where he often leaked hacked files, and also shared information with others about Nintedo server vulnerabilities.

The arrest and the child pornography charges

Just like in 2016, Nintendo again discovered the hacks and complainted to authorities. However, this time around, FBI agents didn't come knocking for a meeting with the teen's parents.

This time they came with arrest and search warrants. Hernandez was arrested, had his house searched, and devices seized on June 19, 2019.

During a search of the seized devices, US investigators said they found a folder named "Bad stuff" that contained 669 photos and 968 videos depicting minors engaging in sexual acts.

Hernandez was subsequently charged with one count of possession of child pornography.

The suspect, now 21, pleaded guilty last week, to both charges. As part of the guilty plea, prosecutors agreed not to pursue a prison sentence bigger than three years for both charges -- of hacking and possession of child pornography.

However, in a press release, the US Department of Justice said the final sentence in the case is up to the judge, who can ignore the plea deal and send Hernandez up to 5 years in prison for the hacking charges and up to 20 years in prison for possession of child pornography.

Hernandez's sentencing hearing is scheduled for April 21, 2020. As part of the plea deal, he already agreed to pay $259,323 in restitution to Nintendo for the remediation costs caused by his two hacking sprees.