http://www.gamespydaily.com/news/fullstory.asp?id=5474GameSpy welcomes any and all help finding genuine bugs and security breaches on our servers. What we don't welcome are people publishing security hacks that have the potential to hurt our products. GameSpy products are supposed to be about having fun, but hacks and Denial of Service (DoS) attacks take the fun out of it. It doesn't simply hurt GameSpy; it hurts every person playing games with our products.
What this person did was more than reverse engineer two of our products, RogerWilco and GameSpy3D -- he was describing our backend services and publishing CDkey generation information without letting us know. At first we welcomed his bug alerts. We responded to him immediately and thanked him for his bug research, as we do with everyone who contacts us with bug information. We even sent him a thank you letter, which we have on file.
But then we found out he was also publishing how to brute force our RogerWilco CDkeys and had published hacks on other game CDkeys as well. He was doing more than reporting bugs; he was publishing game pirating techniques. He published how to attack our network. This is not the way ethical security researchers operate. It was at this point that we stopped our communication with him and asked him to remove the materials in question.
When we were first contacted, this person was associated with a small software security company. They asked if GameSpy wanted to pay a "consulting fee" to fix the hacks. However, these were not bugs; it was information about how our products work. When we brought this to the software security company's attention, they disavowed their relationship with that person and removed him from their servers.
Let me repeat: We welcome any bug alerts and will fix any and all security breaches that come to our attention. We find and fix nearly all of them before any external sources find them. It's all about playing games and having fun, people! That's why we do what we do! However, we won't pay "consulting fees" to people who create CDkey hacks of our proprietary software, then post the results if we don't pay them.
Gamers trust us. We have to protect them from any and all attacks on our network that affect gamers.
I welcome contacting me about this issue! Please send an email directly to me at marks@gamespy.com.
Mark Surfas
Chairman & Founder
GameSpy