Send News. Want a reply? Read this. More in the FAQ.   News Forum - All Forums - Mobile - PDA - RSS Headlines  RSS Headlines   Twitter  Twitter
Customize
User Settings
Styles:
LAN Parties
Upcoming one-time events:

Regularly scheduled events

Half-Life 2 Source Code Leak

A post to the Halflife2.net Forums by Gabe Newell finally has a comment on the leaked Half-Life 2 source code, brought to the world's attention by Gamer's With Jobs and Slashdot. Here's the deal:

Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.

Yes, the source code that has been posted is the HL-2 source code.

Here is what we know:

1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.

2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.

3) For the next week, there appears to have been suspicious activity on my webmail account.

4) Around 9/19 someone made a copy of the HL-2 source tree.

5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).

6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.

Well, this sucks.

What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.

We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.

Gabe

View
329 Replies. 17 pages. Viewing page 16.
< Newer [ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 ] Older >

29. Re: Thanks ATI! Oct 2, 2003, 18:14 The Truth
 
It's possible that some of the best hackers in the world were behind this, and I don't think any firewall or virus protection in the world short of the CIA is going to keep them out.

You know, ive always wondered about this, why if you have a super secret piece of software/data keep it on a computer thats connected to the net? Maybe im just niave or something, but surely u would keep youre work network seperate from the outside world? and then it wouldent matter how good the hackers are, unless they can get a signal to spark from the socket thru the air and into a comp then they are not getting in,..

just my thoughts,.

http://www.poorintern.com
- The Voices In My Fruit Loops Tell Me that a happy fredster is a fredster being force fed hot broken glass,...
 
------
Diablo & Diablo 2 for the DS, it makes sense Blizzard!
Reply Quote Edit Delete Report
 
28. Thats too bad. Oct 2, 2003, 18:14 ProdigyXL
 
I really do feel bad about the situation. It's said to think someone would do something like this, which only will add some amount of delay to the development process. Like someone mentioned, we could possibly even see a delay in just multiplayer, which of course everyone is equaly interested in. Hopefully Value finds the person who did this, and holds them accountable within every power of the law. I'm in no way a Valve fan boy, I'm waiting for DoomIII, but something like this is just terrible for any developer.

 
Reply Quote Edit Delete Report
 
27. No subject Oct 2, 2003, 18:10 Hump
 
gotta love all the Monday morning quarterbacks here....

----------------------------------------------------------------------
PAH!
 
Avatar 10137
 
----------------------------------------------------------------------
"Both the “left” and the “right” pretend they have the answer, but they are mere flippers on the same thalidomide baby, and the truth is that neither side has a clue."

- Jim Goad
Reply Quote Edit Delete Report
 
26. Balls Oct 2, 2003, 18:09 Da-Fly
 
I think you've got to have balls to do this to someone like Gabe Newell. Although he's probably a softer target than, say, Carmack. I think if Carmack found you were tinkering with his machine remotely he'd go absolutely mediaeval on you with his code skillz - like every time you go online your email account sends death threats to the FBI or summit heheh.

So, yeh it takes balls, but then again I'd laugh my balls off if this person did a bit of time in the clink for this and maybe missed the HL2 release date. In their sad mind this would probably be the worst punishment in the world.

 
Reply Quote Edit Delete Report
 
25. Re: What the hell? Oct 2, 2003, 18:07 HBringer
 
Hey kxmode -

Genius! You ever stop and think that they're making games FOR WINDOWS?? It might make sense to run WINDOWS then, eh? Not to mention the fact that they have to interact with a whole bunch of other people and businesses around the world - most of whom use WINDOWS. *sigh* I'm also willing to bet that YOU use Windows!

The people trying to blame this on Valve need to take a look in the mirror - their fanaticism is what has bred this sort of attack!

--Noel "HB" Wade
Ex-Sierra / WON.net employee / Level-Designer

 
Reply Quote Edit Delete Report
 
24. Re: Thanks ATI! Oct 2, 2003, 18:05 Von Helmet
 
Also, how can you blame them for dodgy security? If the trojan hasn't shown up anywhere else, and was a custom version for Valve, as he suspects, then what the hell was he supposed to do?

It's possible that some of the best hackers in the world were behind this, and I don't think any firewall or virus protection in the world short of the CIA is going to keep them out.

 
Reply Quote Edit Delete Report
 
23. Re: Thanks ATI! Oct 2, 2003, 18:04 HBringer
 
Hood - It sounds like the initial attack was BEFORE that patch was out from MS. And hell, even TODAY they're finding more buffer-overflow problems. MS products are chock-full of 'em. Every one is an open door for hackers.

There isn't ANYTHING a Sys. Admin or tech guru can do - MS has the code to its products, so there's no way anyone BUT MS can close off these overflow issues. The Valve Sys. Admin. is in hot water to be sure - but there probably was nothing he could do to stop it. Whoever did this was very determined and very methodical, if they crafted something to target Valve & Gabe in particular.

Anyone who laughs about this is an idiot. These guys make these games because they enjoy it. They've worked on this stuff for 5 years. If *YOU* suddenly had 5 YEARS of work destroyed in one moment, you'd be pretty f'ing upset.

The human-aspect aside, I'd also guess this is 15 - 30 MILLION dollars in losses, in terms of man-hours at Valve, and licensing fees they COULD have gotten from 3rd party developers (that may now get the engine code for "free").

I seriously hope whoever did this is brought to trial and gets sent to "Federal Pound Me In The Ass Prison", to quote Office Space...

It'd be nice if we could all play games for free; but saving $40 isn't worth ruining the lives of 30 or 40 people... especially not if they're the ones you WANT to be making games!

Besides, any knucklehead out there that thinks this will let them play for free is not thinking straight: the engine code doesn't include artwork, levels, models, etc... So its useless for scamming a free copy of the game. Cheating online is another matter; and like the previous poster, I forsee that being a HUGE issue in the future. *sigh*

Take care,

--Noel "HB" Wade


 
Reply Quote Edit Delete Report
 
22. Re: Crap Oct 2, 2003, 18:04 UberJumper
 
Try hijack this... finds lots of trojans and what not.

http://www.tomcoyote.org/hjt

 
Reply Quote Edit Delete Report
 
21. No subject Oct 2, 2003, 18:04 The Mule
 
I guess someone got tired of waiting for it to be released proper....  
MAIN PC (for Soupkin)
=======
Asus A7N8X Deluxe
AMD Barton 2800
1024 Meg Corsair XMS PC3200 CAS2(2x512 in Dual Channel)
ATI Radeon 9700 Pro
Maxtor 40 Gig 7200 RPM ATA133
Maxtor 60 Gig 7200 RPM ATA133
350W Power Supply
Windows XP Home
Reply Quote Edit Delete Report
 
20. cripes Oct 2, 2003, 18:03 Shadestalker
 
"We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community."

You have got to be kidding me. You ran one of the most exploited applications on one of the least secure operating systems ever, and you want advice on what went wrong from us]?

Considering you guys are this lax about security, I wonder if we can expect to be able to trust any HL2 releases to be trojan-free.

This comment was edited on Oct 2, 18:04.
 
Reply Quote Edit Delete Report
 
19. Re: What the hell? Oct 2, 2003, 18:03 Mad Max RW
 
Looks like Valve has an excuse to delay HL2 another year. Hey fanboys, whatever happened to that brilliant idea of announcing a game a few months before release so as not to have a long drawn out hype machine? Hilarious.

 
Avatar 15920
 
Reply Quote Edit Delete Report
 
18. What the hell? Oct 2, 2003, 17:59 Kxmode
 
First off, if I was the Founder and Managing Director for a company releasing one of the MOST sought-after games, the last thing I would be using is Outlook. Secondly, I wouldn't use Windows altogether. With all the security and virus out there targetting Windows specifically, I'd either go the route of Linux, OSX, or hell even straight Unix and use PINE to check my email. This is YOUR damn fault Gabe. You should know better than to use Windows and Outlook on YOUR work system. Especially one that has access to the Source Code.

 
Avatar 18786
 
Reply Quote Edit Delete Report
 
17. Re: No subject Oct 2, 2003, 17:59 Von Helmet
 
I hope whichever dick is responsible for this is real proud when we're still waiting for the game this time next year.

Well, looks like I'll be playing something else in the forseeable future...

Nuts.

 
Reply Quote Edit Delete Report
 
16. pure speculation... Oct 2, 2003, 17:55 jeremiah
 
why did the game get delayed again? yeah, f' off to whoever did this. very good of ya >:(

 
Avatar 13889
 
Reply Quote Edit Delete Report
 
15. Re: No subject Oct 2, 2003, 17:54 Species8472
 
a beta wouldn't be nice either, but ok compared to this!

all the code incl. Havoc-code, key encoding code(, steam stuff?), in short all their work is really bad...

real shit.

I ask me, when the game will be released now...

--------------------------------------------------
everyone who finds a spelling error can keep it and use it as a base for his own errors
 
--------------------------------------------------
"...you don't see me - 'cause I don't have much to say..."
http://www.gathering.nl
Reply Quote Edit Delete Report
 
14. Re: Crap Oct 2, 2003, 17:54 r0ss
 
Shame.

 
Reply Quote Edit Delete Report
 
13. Re: Thanks ATI! Oct 2, 2003, 17:54 [AIX]Hood
 
So several things are now obvious. Even though they knew that bad things were going on in their network, all he did was a reformat. Apparently with their untold millions, they can't afford to have a tech guru on hand to handle network and security issues. From his statements, we can also gather that he's running a very old copy of Outlook and hasn't run system patches for a good while, as the preview pane bug has been patched for over a year now. We're leaving our systems' security up to these guys (with Steam) who can't even cover simple security issues? My view of Valve just fell through the floor.

This comment was edited on Oct 2, 17:55.
 
Reply Quote Edit Delete Report
 
12. Crap Oct 2, 2003, 17:53 eunichron
 
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer).
Crap, my machine is doing this sometimes too. Guess a reformat is in order, and I too am virus/trojan/worm free, or so says Norton.

 
Avatar 13977
 
Reply Quote Edit Delete Report
 
11. No subject Oct 2, 2003, 17:52 Capella
 
<Rocket J. Squirrel>

Hokey Smokes!

</Rocket J. Squirrel>


 
Avatar 7912
 
"Yeah everyone's gotta have the sickness
Cause everyone seems to need the cure"
Reply Quote Edit Delete Report
 
10. Re: Thanks ATI! Oct 2, 2003, 17:51 DrEvil
 
what better SDK than the source itself!

 
Reply Quote Edit Delete Report
 
329 Replies. 17 pages. Viewing page 16.
< Newer [ 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 ] Older >


footer

Blue's News logo