I wonder what sport Pau Gasol, an NBA basketball player, played in high school. Maybe basketball?
"Your password has been reset, please type in a new password for your account," the screen prompted.
I made his new password 'PGasol16' but this is where it became tricky. Once the password was reset, the player wouldn't be able to get in his account anymore. If they were smart, they would know their account was compromised, but if they weren't, then there was still a shot of maintaining access. Luckily IQ falls well below height, speed, vertical, agility and a list of other attributes on the chart when professional teams are scouting them.
Due to the reset, I thought my window of opportunity was limited so I logged into Pau Gasol's control panel and became acquainted with every intricate detail of the system. There were four tabs at the top: account balance, user information, guests and order history.
His current balance was $7,000, which dwindled down from the $30,000 originally bestowed upon him.
The user information showed his name, email address, phone number and home address. Which was valuable in it's own right.
No guests were listed; at least for the time being.
Previous order history made for useful intelligence gathering. He didn't make any orders over the last 5 months, which meant he probably wasn't logging in anytime soon. I also found out he was a fan of long leather coats and cowboy boots, which made me laugh for the first time in an otherwise serious-faced task.
I wanted to play it smart, so I waited two days to see if anyone would notice the password was reset. They didn't...so it was time to strike.
I logged back inusing my neighbors unlocked Wi-Fi, and figured it was best to make the order as a guest. I did research on Pau Gasol's family and discovered he has two brothers. One was Marc, who also played in the NBA, and the other was Adria, who was mostly unknown.
If there was someone supervising the account, they might question Pau Gasol making an order to Arizona while his season was taking place in Los Angeles, but they may overlook the order if it was listed under his brother's name.
I created a new dummy email account for Adria, and sent the guest confirmation link. This is when I realized that creating a new guest would also generate entirely new login information, thus enabling me to maintain access even after the original account holder changed their password back. Perfecto.
Once I was registered, I ordered a pair of Lebron James basketball shoes, two pairs of shorts, two dri-fit shirts and six pairs of socks. The total ended up just over $300 and I briefly cringed before finding the courage to click 'Ship My Order'.
For the next few days, I stood by the front window of my condo, nervously peeking through the blinds. I was looking for the FedEx guy, who showed up three days into my stakeout and dropped each box on my doorstep – no signature required.
I impatiently ripped each box wide open so I could unearth my newly acquired gear. Then I proudly placed them on one article at a time, being most satisfied with the socks, which came with 'L' and 'R' stitched into each foot. How could I stop now? These socks were awesome.
Later that night I logged back into Pau Gasol's account and took three essential notes before moving forward. The first, no one changed the password yet, so Nike's IT security was lax. The second, and most important, was discovering how orders from a guests account didn't show up in the order history on the main account. Lastly, the name Adria Gasol and the email I made for him was listed under 'Guests' in Pau's account.
So now, after having completed enough homework, I felt comfortable to expand my operation. I wanted to get in as many accounts as possible, but I knew they all wouldn't be inactive like Pau Gasol's. The plan was to get in, create a guest account, get out and sit idle for a week. It's not like there was anything else for me to do.
Instead of finding a family member for every player, I decided to make the guest name the same as the actual account holder. This way, if they clicked on the 'Guests' tab, they would see their own name and hopefully think nothing of it. I also needed to make the fake email accounts similar to those of the actual account holders if I wanted to fully avoid detection.
With all the strategizing, prepping and dry runs completed; the only thing left to do was get more accounts. First in line was none other than future NBA hall of famer Steve Nash.
Surprisingly, his username was 'SNash'. His security question was "Who was your hero growing up?" This would normally be much harder to find, if it weren't for a recent press release publicizing how Steve Nash was co-directing a documentary on his hero...Terry Fox.
I encountered more trouble than expected entering it in correctly. I tried 'TerryFox', 'terryfox', 'TFox', 'tfox', 'TerryF', 'terryf', 'Terry', 'terry', 'Fox' and 'fox' NOTHING was right.
Still, I knew I had the right answer so I pressed on and for the first time in my history of typing passwords, I used a space. 'Terry Fox' and it worked!† Steve Nash was not only sneaky on the court, but he also used spaces in his passwords; he's one slick dude.
After registering the guest, I took a gander around his account and spent more than a few minutes looking at the $450,000 worth of gear he ordered over the past ten years. I could only imagine what his closet looked like.
Next on my hit list was–you guessed it–Evan Longoria.
As those who fell before him, his username was first initial and last name, or 'ELongoria'. His security question was "Who is your favorite superhero?"
I googled "Evan Longoria favorite superhero" expecting to see at least one result but there was no mention of it. You would think, after all those interviews, someone would have asked him who his favorite superhero was, but I wasn't that lucky. Naturally, the next step to take was searching his Facebook account for clues.
Fortunately, he was still a Facebook friend with my fake blonde girl's account. It didn't take long to get a hot lead; he was wearing a shirt imprinted with The Joker's face in his main profile picture. Could this be the answer?
I tried 'Joker', 'joker', 'TheJoker' and 'thejoker'. Swung and missed. Then I went Steve Nash style and tried 'The Joker' and 'the joker' yet it still did not bare fruit. So I moved on to other characters by trying 'Batman', 'batman' and then I tried 'Robin' and presto, I was in.
Robin ... now that's a shitty favorite superhero.
I registered his guest using the fake email account [email protected] – since his real email account was similar.
What do you expect from a guy whose favorite superhero is Robin?
As previously noted, I held a vendetta against him, so I took his hack a step further and changed the registered email to my fake one on his main account. Which meant I owned his account, the only way for him to get back in was to call Nike and whine about it.
For the next week, I spent every night attempting to gain access to new accounts and I was pretty damn successful. Google and Facebook were helpful for security questions but when they failed to produce results, I turned to my account on BeenVerified.com to conduct background checks for any questions regarding relatives or what street they grew up on.
When I was done compiling my hit list, I looked it over and I successfully gained private access to the following accounts: Pau Gasol, Steve Nash, Evan Longoria, Troy Tulowitzki, Ben Gordon, Luol Deng, Daniel Gibson, Jon Lester, Roy Hibbert, Jarrett Jack, Matt Holliday, Josh Powell, Luther Head, Luke Walton, James Posey, Julian Wright, Jonny Flynn, Al Horford, the assistant football coach for LSU and Michael Jordan. The assistant coach for LSU's username was 'NRobertson' and I originally thought it was Nate Robertson, the midget basketball player but sadly it wasn't. Michael Jordan's account was being controlled by the clubhouse manager for the Charlotte Bobcats but his username was 'MJordan'... so hey, it counts.
I gave it another week to see who would reset their password, and I was shocked to find out just about every one of them did–besides Evan Longoria–because he couldn't.
With roughly 20 accounts lined up, I patiently waited one more week to let the dust thoroughly cl
ear. Now the only way I could be spotted is if they noticed the dollar amount decrease on their balance; the odds were in my favor.
I struck Luol Deng first, for a 3-wood driver and a baseball bat totaling $700. Then I ransacked Matt Holliday for $300 in shoes and workout clothes I fancied. They were placed neatly in my closet for a pile I envisioned growing much taller.
Next I pillaged Pau Gasol for another $500 in workout gear, and even plundered Steve Nash for a few bills worth of clothes. Nash's actual address was less than a mile from my apartment, so I wasn't too worried about raising any eyebrows with his account.
I looted Matt Holliday and Pau Gasol continuously for the next few weeks, with each order averaging $500 a piece at the rate of two orders per week. My front door was like one of the hungry hungry hippos, gobbling gear instead of marbles; with no end in sight.
Up until this point, I didn't want to involve anyone else. However, after making numerous orders to the same address, I needed to find a new docking point. Plus, my closet was so packed it was comical to even look at; I actually stopped inviting people over just so they wouldn't see it.
I was dating a girl named Katie at the time who was a young, petite and gorgeous 19 year-old brunette (who was one of the girls to move in with Dave). She also held a carefree spirit similar to my own, which was crucial towards accepting the deliveries and keeping it low-key.
So I invited Katie over, in part, to show her what I was working with. She laughed in astonishment at the sea of orange boxes and then continued staring in disbelief while I focused on the backside of her yoga pants, which I planned to replace with a newer Nike model.
After stiff negotiations, she agreed to accept the package, er, I mean packages. In return, I planned to make it worth her while.
With a new drop spot on the roster and my first liaison recruited, I donned a hoodie, put my laptop in a new Nike backpack and walked around the corner to Starbucks at 2am. I assumed my IP address was being registered with every requisition, and although I never used my own; I thought it would be wise to switch it up.
A new address allowed me to use new accounts, so I chose my next prey. They would be Ben Gordon of the Chicago Bulls and Daniel Gibson of the Cleveland Cavaliers.
Starbucks left the patio furniture outside at night so I sat down in the padded chair and looked off at the moon resting just over the mountain on the other side of Scottsdale Road. Conditions were prime.
My idea of a reasonable order was growing, similar to the tolerance of a drug addict. I also needed to add more gear for Katie, so I picked out a pair of baby blue Air Max 360's, two pairs of yoga pants with matching yoga tops and socks. Once my cart was full, I closed my laptop shut and disappeared into the darkness; each order totaled over $1,000.
"They're here! Did you really order golf clubs?" Katie texted.
"Absolutely, I'm on my way," I sent back.
Katie wore faded sweatpants and an old gray sweatshirt when she guided me to her bedroom to show off the boxes neatly organized in the corner. She didn't open any of them, but I could tell she was already conjecturing over which ones contained her gifts.
She wasn't born rich and she wasn't materialistic, which was out of character for a girl in Scottsdale, so receiving a few hundred dollars worth of new clothes actually meant something to her. It also made me happy.
"These are fucking hot!" said Katie, after opening up the box to her baby blue shoes.
"I think they'll look good on you," I told her, and then she jumped up to give me a hug.
Out of all the benefits from the operation thus far, nothing felt better than the satisfaction of seeing Katie's smiling face while she looked over her new outfit in the mirror. This was the first time in my life I was in a position to give, and man it felt good.
I packed the golf clubs into my car and headed back to my apartment, which became a restricted hazard zone to anyone but Katie due to half of the square footage being occupied with orange boxes.
At night, another Ben Gordon and Daniel Gibson invasion was in motion. It took place at the Wildflower Bread Company, another local eatery conveniently offering free Wi-Fi several hours before dawn. This time Katie was getting purple Air Max 360's, a puffy white snowboarding jacket, a wide array of shorts, headbands and my favorite – more socks.
I routinely checked the accounts to see if Nike picked up on my trail. So far, there were no reasons to suspect they were. In fact, the only downside presented itself when I found out Katie's roommate was growing jealous of the contents in her closet.
Normally I wouldn't fret, but her roommate was hanging out with Evan Longoria at the time, and I didn't want him to catch wind of my scheme. So, like a mafia boss, I ventured over to their apartment to make her roommate an offer she couldn't refuse.
Bang, bang, bang.
I knocked on their door, planning to proposition her roommate any gear she wanted in exchange for silence. Historically, she was a pretty girl, but she opened the door wearing no makeup; looking remarkably dreadful and noticeably discontent.
"Brad, I know all about the deliveries you're making and if you do it again I'm going to call the cops!" she screeched before slamming the door shut.
I stood baffled. I didn't know which was worse, what she said or catching a glimpse of her appalling face without makeup. There was also a third issue; another order was already on the way to their place.
Thankfully Katie reasoned with her over not making a fuss about one more coming through. The Arizona side of my operation came to a halt.
Over the course of two months, there was $5,000 supplied from Pau Gasol, $4,000 from Matt Holliday, $5,000 from Ben Gordon, $5,000 from Daniel Gibson, $700 from Luol Deng and a few hundred from Steve Nash. Bringing the total just over $20,000.
Thanksgiving was a week away and it couldn't have come at a better time; I needed to vacate the area. Nonetheless, I was still in a giving mood and I wanted to show appreciation for those who helped me in the past. So, without their knowledge, I dropped $3,000 worth of gear in front of Justin's door and another $3,000 worth of gear in front of Dave's door.
I boarded my flight a cheerful man, but I was only getting started.
When I got back to Virginia, I consciously resisted the gamblers itch to keep it going.
My activity was idle for the first week, but then I cracked and went right back at it. This time I raided the accounts of Al Horford of the Atlanta Hawks, Jarret Jack of the New Orleans Hornets and Jonny Flynn of the Minnesota Timberwolves.
I was only going to be in town for one month, so obtaining items I could easily ship became a top priority. The most befitting item for this purpose was the Nike Sportband, only a few inches in width yet retained a value of $59. With the limit set at a maximum of 30 per transaction, each order came out to $1,770 and my idea of a reasonable shipment was rising once again.
So was my idea of the number of shipments I placed; I recruited another liaison with the purpose of putting the remaining hacked accounts to good use. Hawk, my friend from high school, was getting his masters in North Carolina and was always an avid fan of sports gear; so another proposition was made.
"I don't want them coming to my house, but there are some empty places across the street. Actually, there's quite a few," Hawk suggested.
"Sounds good to me, let's do this," I told him.
With multiple addresses, I could activate multiple accounts. We used Jon Lester of the Boston Red Sox, Roy Hibbert of the Indiana Pacers, Julian Wright of the Toronto Raptors and we even re-used Ben Gordon's.
Before each one, we got on the phone and Hawk told me a list of the items he wanted; he also added notes on what items he thought carried the best resale value. It got to the point where I gave him the login information for Luke Walton's account to make it less strenuous, but I'm not sure if he ever did anything with it.
Then, for the first time, I thought Nike might be catching on. During one of our last shipments, three out of the four orders failed to show up. I was worr
ied, paranoid and began thinking of an exit strategy. Then I checked the tracking information on FedEx's website and it stated hazardous weather as the cause for failure. Still, I was skeptical.
Hawk took his cut and brought the rest to Virginia when he returned home for Christmas break. My bedroom upstairs became a bigger calamity than my apartment in Arizona ... there was no room to walk.
Like Kazmir said, Christmas was the time when everyone drained the accounts. With this in mind, I went on a five-day spree, placing $3,000 shipments every single day on each of the three different accounts. Let's just say Santa was putting plenty of presents under the tree this year.
I almost couldn't believe what I did. Al Horford, Julian Wright and Jarrett Jack each had roughly $19,000 in their accounts before Christmas, and just below $2,000 when it was over.
With a planned skiing trip after New Years, I wasn't finished just yet. †I got back on and ordered jackets, ski pants, gloves, socks, undershirts and beanies for everyone who was going. With a few grand worth of attire on our back, legs, hands, head and feet – I think it's fair to say we were looking quite professional on the slopes.
I realized, upon our return, there was over $50,000 worth of apparel and sports equipment in my bedroom ... it was hard to grasp. Tiger Woods golf shoes, sportbands, collared shirts, winter jackets, compression pants, hoodies, a mountain of Air Max 360's, golf bags filled with clubs, batting gloves, sunglasses and of course plenty of socks. If Nike made it, there was a good chance it was in my room.
I didn't want to ship all of the gear across the country, so I got on eBay and sold as much of it as I could. This was the first time I saw a monetary profit, and it was paying well. In fact, the proceeds were so lucrative I got on craigslist and began looking at condos in Arizona. My eyes were locked on a particular penthouse in Tempe, inside the Arizona State University campus.
Before I could head back to Arizona, my friend Scott Sizemore was getting married in the Caribbean and invited me to be in his wedding. This was my first time attending a wedding and furthermore, it was my first time taking a trip with excess money in my pocket. I packed a bag with fresh clothes and boarded a flight to Jamaica mon!
Player Season: The Pickup Artist Who Hacked Nike Page 21