Hacking group Team-Xecuter has long been a thorn in the side of major gaming companies.
The group offers hardware and software solutions that allow people to install and play unofficial games – including pirated copies – on various consoles, including the popular Nintendo Switch.
Team-Xecuter often defended its work by pointing out that their products are not necessarily pirate tools. They are supporters of the ‘right to repair’ movement and back people who want to play homebrew games on their devices for personal use.
The affected game companies disagree, with Nintendo in front. The Japanese game company has been chasing down Team-Xecuter for years and a few months ago the company took several online stores to court for selling Team-Xecuter products. Last week, these enforcement efforts reached a new level when the US Government launched a criminal prosecution of three of the group’s members.
Despite the criminal prosecution, Team-Xecuter’s website remains online. Other services, which are allegedly operated by members of the same conspiracy, are up and running as well, including Axiogame.com and Maxconsole.com.
This doesn’t mean that there are no issues at all. In recent days several people reported problems while activating their Team-Xecuter licenses. However, this problem appeared to be just temporary.
Following the news about the criminal prosecution, some third-party vendors removed associated products from their stores. That said, these remain available elsewhere and installation support is still available as well.
To find out more about their future plans, we reached out to Team-Xecuter over email. This message wasn’t delivered due to a technical problem, suggesting that not everything is running completely smoothly at the moment.
What we do know is that there are more people involved in the group than just the three who were indicted. The others may be able to continue business as usual, or not. Since we can only speculate at the moment, we decided to focus on the US Government’s allegations.
Over the past several days, we’ve combed through the legal paperwork of which we will provide an overview below. It has to be stressed that, at this point, all claims against the defendants have yet to be proven.
The first defendant is Max Louarn, a 48-year-old French national who was arrested in Canada where he is being held in custody. Louarn is seen as the leader of Team-Xecuter. He made important business decisions, arranged investors and financing, and oversaw product development and the wholesale distribution chains.
Louarn is a familiar name in the game hacking scene and describes himself as an “officially retired hacking pioneer.” His work reportedly dates back well into the last century when he was linked to the warez group PARADOX. In 1993 he was arrested in a Nintendo piracy case, after which he fled to Spain.
That was not his only run-in with the law. Two years later he was arrested in Washington for his involvement in a credit card fraud and was accused of reselling 3,000 stolen credit cards. This eventually led to a sentence of five years and eight months for the then 23-year-old.
In 2005, Louarn’s name showed up again in federal court records, with Sony accusing him of operating Divineo, a company through which he sold modified Playstation devices and modchips. Sony eventually secured a judgment of more than $5 million in statutory damages against Lourn and Diveneo.
35-year-old Yuanning Chen from China is the only defendant who’s still at large. According to the indictment, Chen was involved in the management of a manufacturing and distribution company where Team-Xecuter’s hardware was made.
The company, “China Distribution,” was labeled as the official wholesale distributor of several circumvention devices. In addition, Chen was also operating the Axiogame.com store, which remains online today.
The third defendant, Gary Bowser, was arrested in the Dominican Republic last month and he has since been deported to the US. Bowser is allegedly responsible for the development of circumvention devices. He was also in regular contact with resellers.
Bowser is best known through his nickname GaryOPA, the supposed operator and a frequent writer on the website “MaxConsole,” which regularly reviewed Team-Xecuter hardware and other hacking tools.
Team-Xecuter’s “Fragmented Approach”
The indictment sees the Team-Xecuter conspiracy as a broad enterprise that included many sites, products, and organizations that are not publicly associated with the group. This is less efficient to manage but was used to isolate all parts from enforcement threats.
“The enterprise used this fragmented approach to protect the overall enterprise in the event that one device or brand were to be targeted by gaming companies, financial institutions, and law enforcement,” the indictment reads.
This fragmented setup involved, among other things, various third-party developers and hackers, operating the distribution chain through a Chinese company, facilitating sales through Axiogames.com, and promoting the products through Maxconsole.com.
To hide the identities of the people involved Team-Xecuter relied on reverse proxies and bulletproof hosting providers. In addition, communication channels were mostly encrypted, using PGP and apps such as Signal and Telegram for sensitive messages.
The indictment stresses that the success of the business relied on the availability of pirated games. To make sure that this was in order, they allegedly “created” and “supported” ROM sites, which were then highlighted on MaxConsole.
“Accordingly, the enterprise undertook efforts to create and support online ROM libraries that could be used by the enterprise’s customers. The enterprise directed users to ROM libraries through the enterprise’s website, maxconsole.com,” the indictment reads.
Several claims in the indictment are backed up by internal communications from and between the defendants. How the US Government obtained this isn’t clear, but it seems to confirm the various connections. For example, Louarn sent the following note to an alleged co-conspirator.
“You are always panicky about things and not taking time to analyze and see the big picture to make real money. First, obviously we know how to host. Just for sites you know we own, we have Maxconsole, Team-xecuter etc. which are 1000 times more traffic than your site ever had.
“Second, of course[,] Axiogame will be back up, it is already back but we have some issues which I am trying to understand. Axlogame has over 200 orders per day…”
Another email, sent by Louarn to Chen, goes into detail about payments requested by chip developers, asking Chen if it’s possible to put up some pre-orders or pay them in another way.
Bowser, for his part, sent an email to a business partner detailing how he was responding to enforcement efforts by Nintendo.
“They have been trying hard to crack down on everything, removing ‘roms’ from various sites which devices like Classic2Magic need, but we have [a] plan in the works to have secure links to these retro rompacks on [a] protected server, so it will not be a problem.”
Investigators Purchased Devices
The investigation into Team-Xecuter started years ago. The indictment mentions several occasions where investigators from the Western District of Washington bought devices that were trafficked by members of the conspiracy.
This includes the Team-Xecuter branded SX Lite, SX Core and SX Pro, all jailbreaking solutions for the Nintendo Switch. Investigators bought an SX Pro kit from an ‘authorized’ seller in July 2018, and several others later on, which they installed on separate Switch consoles.
Other devices, allegedly trafficked by the conspiracy, include the “Gateway 3DS” and the “Stargate” for the Nintendo 3DS, the “TrueBlue Mini” for the Playstation Classic, and the Classic2Magic, for Nintendo’s SNES. Copies of these devices were all bought by investigators.
According to the allegations, the defendants were aware of the illegality of the devices. In order to frustrate enforcement efforts, they would use false merchandise descriptions, tariff classifications, and value descriptions.
For example, defendant Louarn advised his co-conspirator Chen to declare a shipment of circumvention devices as memory card adaptors, with a value of $0.20 each.
While not all individual claims would be seen as criminal necessarily, the indictment argues that taken together, it clearly is a criminal conspiracy.
In total, the three defendants each face 11 felony counts, including conspiracy to commit wire fraud, wire fraud, conspiracy to circumvent technological measures and to traffic in circumvention devices, trafficking in circumvention devices, and conspiracy to commit money laundering.
If proven, these can lead to lengthy prison sentences. For now, however, all defendants are presumed innocent, until the opposite is proven in court.
A copy of the indictment, as released by the US Department of Justice, is available here (pdf)
Many thanks to TorrentFreak for the breaking news.