Leaked Nintendo documents have revealed a frightening surveillance operation carried out against a hacker who was researching exploits for the 3DS handheld. In addition to monitoring his private life, including aspects of his education, when he left the house and where he went, the company followed its target from his place of work in order to pressure him into stopping his activities.
Unfortunately for Nintendo, leaked documents are now revealing how frightening things can get for console hackers in their crosshairs, even when those targets have already declared that their work isn’t designed for piracy purposes.
Leaked Documents Reveal Police-Style Surveillance Operation
During the past 24 hours, various Twitter accounts (1,2) have been posting snippets from documents that were recently leaked from Nintendo. While there are numerous items of interest, the most shocking revelations involve Neimod, a hacker who several years ago developed exploits for the 3DS handheld console.
Of course, it’s not surprising for a company like Nintendo to have a keen interest in work carried out by someone like Neimod. Nintendo’s documentation described him as a “highly skilled hardware engineer” with “a very high reputation within the hacker scene, for Nintendo products.”
However, the scale of the operation, which is revealed in detail in the leaked documents, shows just how far the gaming giant was prepared to go to stop his work.
For example, the leak reveals personal profiling that dug deeply into Neimod’s education status, listed details of his working life, while offering evidence of physical snooping on his daily lifestyle. What time he could be found at home, who came to see him there, and even when he visited places like banks and restaurants are all included.
Reposting this to hide the sensitive information, but Nintendo literally stalked this guy. pic.twitter.com/rFCHIJ1CI4
— Forest of Illusion (@forestillusion) December 22, 2020
While this kind of surveillance is creepy in its own right, additional documents reveal a detailed plan to use the gathered intelligence to physically confront Neimod in order to pressurize him into complying with the company’s demands.
Detailed Operational Planning to Intercept Target
According to Nintendo’s planning, the operation would begin around April 15, 2013, with its team meeting at a local hotel to discuss and finalize their plans. Following a review of Neimod’s movements of the previous week, the team would then decide where and when contact would be made – after work or at home, for example.
With an undercover investigator monitoring Neimod to discover what time he left work, Neimod was to be approached by a ‘contact team’, who were instructed to approach their target “in a friendly, non-threatening, professional, and courteous manner. “Provide a business card,” the instructions read.
After Neimod had been engaged in conversation, the team was instructed to flatter the hacker by “acknowledging his engineering/programming aptitude.” They were also told to reference his stated aim of not “facilitating piracy” with his hacks but point out Nintendo’s concerns that a release of his hack could do just that.
Whether Neimod complied or resisted, Nintendo prepared for both eventualities. The following slide, posted to Twitter by Eclipse-TT, shows a flow chart that begins with instructions for the “Knock and Talk Team”, details a staging area, rules of engagement, and plans for what should happen when things go to plan – or otherwise.
The Nintendo “Final Enforcement Proposal” document describes a “carrot and stick” approach, with the stick being a laundry list of potential offenses committed by Neimod under Belgian law and the carrot representing a number of sweeteners that might be of interest to the hacker.
If cooperation was achieved, Nintendo suggested it could refrain from filing a criminal complaint. It may also enter into a “bounty” contract with Neimod with payments made for finding and documenting exploits. Within certain parameters, his discoveries could still be announced to the public, allowing him to retain “bragging rights.” This could help Nintendo’s image, the company wrote.
“If successful, Nintendo’s public image may be further bolstered as a modern, tech-savvy company, while hinting that hackers should be cooperative rather than aggressive with Nintendo in the future (in contrast to Sony’s missteps with George ‘geohot’ Hotz),” the document adds, noting that a trip to Japan to meet Nintendo’s hardware engineers might also prove attractive.
Of course, significantly boosting public image long term is only possible when details of invasive surveillance operations stay out of the public eye. With the leak of the full “Hacker Enforcement Proposal” now in full swing (here, pdf), that will be just a little bit harder for Nintendo.
On the other hand, it might also give hackers pause for thought. Or, indeed, drive them further underground.
Many thanks to TorrentFreak for the breaking news.