According to media reports, 21-year-old Australian Shane Duffy has been charged by the Queensland Police Fraud and Cyber Crime Group with three counts of computer hacking and five counts of fraud.
At the time of the hack last August, Riot Games – makers of “League of Legends” – warned North American players that usernames and email addresses had been stolen, alongside salted password hashes.
In addition, the game company warned, approximately 120,000 transaction records containing hashed and salted credit card numbers were accessed from an old payment system that Riot Games used until July 2011.
But, if police allegations are true, it seems that there was an unusual motive for the hack.
Police say that Duffy used the stolen data to sell game players’ IP addresses to opponents, who would then use the information to launch denial-of-service attacks against them.
Well, I guess that’s one way to stop someone beating you at a video game…
According to the authorities, 880 separate payments for the data were made to Duffy in the last month alone.
Australian police believe that Duffy hacked the American video game’s servers via a Dutch ISP, and then posted the stolen database information on a website based in Panama.
Australia, America, the Netherlands, Panama. Once again, it’s made clear that cybercrime is a truly multinational.
Clearly the Australian authorities – who received assistance from the FBI and Riot Games during the six month investigation – have had an eye on this individual for a while, as his property was first searched in November 2013.
Duffy’s mother Leah has come out fighting for her accused son, who she says has Asperger’s syndrome, claiming that although he has advanced computer skills he was not responsible for the hack.
Duffy is due to appear in the Maryborough Magistrates Court on April 8.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.