DOJ: Pirated Sports Streamer Hacked Accounts, Extorted MLB
The U.S. Attorney’s Office for the Southern District of New York has charged a man for illegally streaming MLB, NBA, NFL, and NHL games via the web and hacking into sports leagues’ customer accounts.
The charged individual is Joshua Streit, 30, of Minnesota, who allegedly streamed illegal re-broadcasts of major American sports leagues, including the Major League Baseball (MLB), National Basketball Association (NBA), National Football League (NFL), and the National Hockey League (NHL).
The Department of Justice says that Streit operated a “live streaming” website for profit, offering access to the illegal sports content in exchange for subscription fees of $129.99 per season.
The website is ‘hehestreams.com,’ which is now under the control of ACE (Alliance for Creativity) and redirects visitors to legal channels of content distribution.
Prosecutors say that Streit gained access to the sports league’s content by hacking into the accounts of the league’s subscribers.
The site operated from 2017 to August 2021, during which Streit allegedly obtained at least $5,000 in subscription fees, but the actual amount may be higher.
Hehestreams offered multiple payment methods besides crypto, making it easier for law enforcement to trace payments and find out who was running the service.
The FBI states that at least one sports league suffered approximately $3,000,000 in damages, and they are still investigating the injuries to the other victims.
Extorting the MLB
In addition to streaming the MLB’s content illegally, Streit is also charged for attempting to extort the MLB for $150,000 by threatening to publish alleged platform access vulnerabilities that he abused to steal the streams.
“Furthermore, Streit allegedly hacked MLB’s computer systems and attempted to extort $150,000 from the league,” U.S. Attorney Damian Williams said in a press release.
Streit is alleged to have exploited a flaw in a third-party service’s access token system, allowing “hehestreams” users to access live sports streams by authenticating as legit users of the actual platforms.
MLB’s complaint to the law enforcement authorities presents Streit as frustrated for not finding a bug bounty program to report the network vulnerabilities, accusing MLB of “shocking lack of gratitude.”
You’d think that, upon disclosure of a vulnerability that directly impacts a multi-billion-dollar revenue stream, you’d at least receive a reply.— joshmn (@joshmn) March 18, 2021
Streit is now facing five counts, for computer intrusion, illicit digital transmission, wire fraud, and transmission of interstate communications with intent to extort, with the maximum penalty of 25 years in prison.
Outsourced Data Protection Officer – It is mandatory to appoint a Data Protection Officer. We help our clients quickly comply with their PDPA & data protection requirements.
Vulnerability Assessment Penetration Testing – Find loopholes in your websites, mobile apps or systems.
Smart Contract Audit – Leverage our industry-leading suite of blockchain security analysis tools, combined with hands-on review from our veteran smart contract auditors.