Zynga gaming chip hacker gets jail

by Sarah Griffiths on 21 March 2011, 11:37

Tags: General Business

Quick Link: HEXUS.net/qa46o

Add to My Vault: x

Poker face

A British hacker who stole over £7m of virtual gaming chips has been jailed for 2 years.

Ashley Mitchell hacked into social networking gaming giant Zynga's mainframe, stole the identity of 2 employees transferring their chips to his account and then sold them via Facebook, according to The Guardian.

He reportedly managed to pilfer 400bn chips worth over £7m before the scam was stopped and he will now face 2 years in jail.

Mitchell reportedly decided to sell the chips on the social network to gaming enthusiasts to fund his gambling addiction and apparently made £53,612 in just 2 months from selling around a third of the stolen chips.

There was clearly a lot of demand for the chips, perhaps because a staggering 50m people play Zynga games every day, which notably include Mafia Wars and Farmville, where Zynga money and virtual chips can be exchanged for virtual goods. It is believed there is now a black market for cut-price chips.

Prosecutor James Taghdissian reportedly told the court that Zynga lost around £7m from Mitchell's scam and that it only became aware of the problem in August 2009 after it realised heaps of chips were vanishing and the trail led to 2 employees, who had had their ID stolen by Mitchell.

Investigators apparently found out the system had been hacked and eventually zoned in on Mitchell and this led to his neighbours also having their computers seized after they found Mitchell was using their un-secured Wi-Fi connections to conduct the scam. He was eventually caught as he apparently used his own Facebook profile during one of his attempts to hack into Zynga's mainframe.

"It was clear there had been a systematic approach adopted in probing and accessing Zynga. Checks on [Mitchell's] bank account showed at this time he bought items including a Rolex watch and was also spending money on online gambling." Taghdissian reportedly said.

"He made determined and repeated efforts to attack Zynga's systems. He succeeded and transferred 400bn chips and sold them to realise a substantial profit," he apparently added.

In a bid to defend Mitchell, Ben Darby reportedly said that it was impossible to Zynga to put a value on the loss of the chips as they are virtual and it can create infinite numbers of chips. He apparently added that Mitchell did not benefit hugely from the scam as he ploughed most of the proceeds into real-money online gambling sites to feed his addiction.

Darby reportedly said that gambling had taken over Mitchell's life and his client now runs his own poker site called Gambino on Facebook, which should net him around $100,000 a year.

Mitchell apparently owned up to computer misuse and 4 counts of money laundering, asking for 41 similar cases to be considered. He was reportedly also sentenced to 30 weeks for breaching a suspended sentence for hacking into Torbay council's computer systems, where he was once employed.

Judge Philip Wassall reportedly told Mitchell: "The dishonesty in this case was substantial and protracted. Online security is a priority for everyone these days. You deprived Zynga of income. It is quite clear you used a considerable degree of expertise and persistence to hack into the system. It is a considerable aggravating feature that someone hacks into systems in this way when so much business and personal finance is done using electronic means."

He reportedly continued: "From internet banking to major international transactions, people rely on the security of systems and anyone who comes before the courts who has gone through these security systems from their own ends can expect custody. The sentence has to reflect the impact on public confidence in security systems and online business when someone breaches security in this way."



HEXUS Forums :: 1 Comment

Login with Forum Account

Don't have an account? Register today!
“The sentence has to reflect the impact on public confidence in security systems and online business when someone breaches security in this way.”

I understand where the judge is coming from, but at some of the blame has to be laid at Zynga's feet for not having responsible, effective security procedures in place. These measures, such as changing the login passwords (at least of Admins) every 8 weeks or so, are neither expensive nor time consuming, yet Zynga did not feel the need.