Read on Twitter
Storytime: I did some pentesting and advising work for Nintendo after they approached me (via email, not stalking) in 2015. This was professional work on a freelance/consulting basis.
That NDA has expired. I won't talk about project details but let's talk about how that went.
That NDA has expired. I won't talk about project details but let's talk about how that went.
The people I worked with, including engineers and lawyers from all three main branches of Nintendo (NCL, NOA, NERD) were largely very nice people. Communication was formal.
Sadly, the project was hampered by corporate policy, politics, and mistrust, as often happens.
Sadly, the project was hampered by corporate policy, politics, and mistrust, as often happens.
I was able to accomplish some smaller goals, and give advice on direction, but I sadly wasn't able to have high impact because the environment didn't allow me to.
This was, as usual, largely due to management, not the people I worked with directly.
This was, as usual, largely due to management, not the people I worked with directly.
The leaked documents show some of these same problems internal to Nintendo. They paint a story of a large multinational with communication, focus, and trust issues across cultures and teams, which is sadly common.
(Read beyond the ninja docs, there's more)
(Read beyond the ninja docs, there's more)
Remember, corporations are made of people, and those people are often trying to do good. It's the corporate structure, and the people in specific (usually higher) positions that end up making things go wrong.
So keep that in mind as you read through the leaked docs.
So keep that in mind as you read through the leaked docs.
What about the stalking?
Well, way back in the Wii days, they were already using similar tactics. After bushing tried to responsibly disclose (!) an issue, Jodi Daugherty, former director/lawyer at NOA, tracked down his work phone and called him, as an intimidatory tactic.
Well, way back in the Wii days, they were already using similar tactics. After bushing tried to responsibly disclose (!) an issue, Jodi Daugherty, former director/lawyer at NOA, tracked down his work phone and called him, as an intimidatory tactic.
This approach clearly continued with neimod in 2013.
It seems things changed sometime between then and when they approached me in 2015. All of my conversations were cordial, starting over email, then phone and in-person. Nobody ever came anywhere near my house as far as I know.
It seems things changed sometime between then and when they approached me in 2015. All of my conversations were cordial, starting over email, then phone and in-person. Nobody ever came anywhere near my house as far as I know.
I want to think that they changed their approach at some point (partially due to personnel changes). At least that's the impression I got.
I didn't have any direct interactions with Jodi, and her LinkedIn says she retired in 2016. Maybe things are better now. They were with me.
I didn't have any direct interactions with Jodi, and her LinkedIn says she retired in 2016. Maybe things are better now. They were with me.
If you're ever offered an NDA, this isn't an EULA. You get to negotiate the terms. The only reason I can talk about this now is I insisted on the expiry date, and clauses that designate info I had prior, and info published through no fault of my own (this leak), as out of scope.
Anyway, now you know why I stayed away from hacking on a certain system.
Also, I got to stand behind Miyamoto-san when I went to order at a cafe in their office in Kyoto; 9/10 would work for Nintendo again.
Also, I got to stand behind Miyamoto-san when I went to order at a cafe in their office in Kyoto; 9/10 would work for Nintendo again.
