In response to persons unknown sending large numbers of fake DMCA notices to YouTube while impersonating its anti-piracy partner, Bungie filed a lawsuit in the US seeking millions in damages. At the time the name of the 'Doe' defendant was unknown. This is how a Bungie investigation followed digital breadcrumbs to track down and identify that person by name and physical address.

Destiny 2Earlier this year, Bungie and its enthusiastic Destiny fan community were plunged into chaos.

Using the DMCA’s takedown process as a weapon, persons unknown sent copyright notices to YouTube, claiming that the targeted videos should be taken down for infringing Bungie’s rights.

YouTube began removing videos, including some uploaded by high-profile Destiny content creators. Other notices targeted Bungie’s own channels, causing confusion and frustration within the Destiny community.

While Bungie supports fan-created content and allows videos to be uploaded to YouTube, a growing number of fans came to the conclusion that Bungie was somehow to blame. With its reputation on the line, Bungie went into investigation overdrive and later confirmed that the takedown notices were all fraudulent and it wasn’t responsible.

In late March, Bungie took the unusual step of filing a lawsuit at a Washington court. It revealed in detail how two Google Gmail accounts were crafted to impersonate Bungie’s anti-piracy partner CSC. The accounts were then used to send masses of fraudulent takedown notices to YouTube.

The scale of the disruption caused was significant and Bungie’s language in the complaint pulled no punches. In addition to damages relating to the fraudulent notices, the company piled on with additional claims for copyright infringement, false designation, business defamation, breach of contract, and violations of consumer protection law.

The immediate challenge for Bungie was that the company either didn’t know or couldn’t prove the identity of the culprit before filing the lawsuit. A first amended complaint filed by Bungie this week moves things on significantly by naming a single defendant as the person responsible. It also reveals how Bungie tracked down and identified the architect of the DMCA fraud scheme as one of its own customers.

Bungie Gets to Work
Bungie’s early attempts to obtain information from Google/YouTube ran into trouble. The company tried to subpoena Google using the DMCA but the chosen mechanism only allowed Bungie to identify an alleged copyright infringer, not the sender of allegedly abusive DMCA notices.

Google initially refused to comply but after some work, Bungie started getting the information it was looking for earlier this month.

On June 10, 2022, Google handed over “significant information” on the accounts used to send the fraudulent notices, among them JeremyWilandCSC@gmail.com (Wiland account) and damianreynoldscsc@gmail.com (Reynolds account). Google also provided a list of every takedown notice sent via the accounts, copies of all correspondence between Google and the accounts, plus a log of IP addresses used to access them.

The logs revealed that the Wiland and Reynolds accounts were consistently accessed from a particular IP address (ending in .241), traceable to Consolidated Communications, a residential ISP serving Rocklin, California. On March 22, the Reynolds account logged out of Google and less than a second later, the Wiland account logged in, suggesting the same person was behind both accounts.

But Bungie had more. Much more.

IP Addresses Meet Offical Accounts, Physical Goods
The same .241 IP address mentioned above was also used to send abusive emails to Bungie’s anti-piracy vendor, CSC. Even more problematic was its association with two official Destiny 2 accounts.

One of those accounts made a physical purchase of the Destiny 2: The Witch Queen OST. That was subsequently delivered to a physical address in Rocklin. The purchase came with a bonus download link for an emblem, sent to the buyer via email. The recipient clicked the link and Bungie logged the same .241 IP address.

By now the net had almost completely closed but in evidence terms, Bungie was nowhere near done. The clickable emblem link was sent to PerfectNazo1@gmail.com and during the chaos of fake notice campaign, a YouTuber called ‘Lord Nazo’ was hit with fraudulent DMCA notice, sent by the Wiland Google account.

Apparently angered by this injustice, Lord Nazo fired a DMCA counternotice back at YouTube in which he criticized the wave of fake notices and claimed his video was not infringing since it was a “transformative case of fair use.”

Lord Nazo’s counternotice contained his email – PerfectNazo1@gmail.com – matching him to the Destiny account at Bungie. It also contained a physical address in Rocklin, California. Whether by carelessness or design, it also included his real name: Nick Minor.

From Bad to Worse and Beyond
As far back as December 2021, then blissfully unaware of the chaos to come, Bungie was already experiencing problems with Nick Minor and his ‘Lord Nazo’ YouTube Channel.

Bungie’s anti-piracy vendor CSC targeted the channel with a DMCA takedown after it published The Last Stand, a track from the Taken King OST. It took until January 25, 2022, for the video to be removed and on that very same day, Minor created the Wiland Google account that was later used to send some of the fake notices.

After purchasing the Witch Queen OST and taking delivery in Rocklin, Minor began uploading tracks from the OST to his ‘Lord Nazo’ YouTube channel. Around March 2, 2022, CSC initiated a series of 41 DMCA takedowns, 23 of which targeted Minor’s uploads. A day later, YouTube terminated his channel for repeat infringement.

Minor took to Twitter and complained directly to Bungie, asking the company to retract the copyright complaints so he could get his YouTube account back. On March 16, Minor tweeted again.

“This is getting out of hand. Bungie needs to rectify these copyright takedowns and lock down their brand management,” he wrote.

One day later a wave of fraudulent notices was submitted to YouTube; 36 from the Wiland account and one from another Google account, Jacobaverz@gmail.com (Averz account). Bungie thinks that Minor meant to use the Reynolds account to send that notice because soon after an identical notice was also sent from the Reynolds account.

Whether the switching of accounts played a part is unknown but on March 18, Google flagged both notices as fraudulent and asked Minor to provide documents to prove his identity. Minor then switched to the Wiland account to send more fraudulent notices and when Google put him under pressure to prove his identity on the Wiland and Averz accounts, Minor withdrew those specific takedown notices.

Stoking Controversy, Playing The Victim, Making Things Worse
On the day that Google asked Minor for documents, he used his ‘Lord Nazo’ Twitter account to send messages to Bungie accounts. “It seems like it’s not just the music community getting hit. 2 non-music channels cannot be a mistake,” he tweeted. “Either someone is making fake copyright claims on behalf of @BUNgie or their CSC is out of control.”

On March 20, Minor responded to Bungie’s tweet informing its Destiny community that the company wasn’t behind the takedown campaign. “I just knew it wasn’t you guys,” he tweeted back at Bungie. “I just couldn’t believe that you’d do this to us after 8 years. I’m so glad I was right.”

Three days later, Minor directed a tweet at YouTube: “@TeamYouTube People with Destiny 2 content on their channels have been getting hit with fake takedowns and even Bungie confirms the takedowns aren’t legit. My channel even got terminated because of all these fake takedowns. Is there anything you can do about this?”

Minor then tweeted at Bungie again, complaining that his videos hadn’t been restored yet. On March 26, in yet another tweet to YouTube, Minor asked for his videos to be restored because the DMCA notices in question were fake. They were genuine, Bungie had sent them earlier.

VPN Deployment Came Too Late
At this point, news of Bungie’s lawsuit began to appear online, something that led to Minor accessing the Wiland and Reynolds accounts using a VPN. But of course, VPNs can’t undo the mistakes of the past and in this case, probably wouldn’t have helped Minor get away with his campaign, even if he’d used one from the beginning.

For example, Minor’s use of the same email addresses across multiple sites started long ago. As part of its investigation, Bungie accessed data made public following the 2016 breach of hacking and cheating site Nulled.io. The company found three email addresses in the database linking Minor to the fake DMCA campaign.

The first – PerfectNazo1@gmail.com – was specified in the order for the OST delivery to California. It was also used to issue the YouTube counternotice linking Minor to the ‘Lord Nazo’ channel, which in turn gave up Minor’s real name and physical address.

The second – JacobAverz@gmail.com – was used in error to send a fake DMCA notice and the third – JacobA10000000@gmail.com – was the email address Minor used to open his Destiny account at Bungie.

Bungie’s amended complaint, seeking at least $7.65m, can be found here (pdf)