Half-Life 2 Source Code Leak

A post to the Halflife2.net Forums by Gabe Newell finally has a comment on the leaked Half-Life 2 source code, brought to the world's attention by Gamer's With Jobs and Slashdot. Here's the deal:
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.

Yes, the source code that has been posted is the HL-2 source code.

Here is what we know:

1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.

2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.

3) For the next week, there appears to have been suspicious activity on my webmail account.

4) Around 9/19 someone made a copy of the HL-2 source tree.

5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).

6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.

Well, this sucks.

What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.

We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.

Gabe
View : : :
329 Replies. 17 pages. Viewing page 2.
Newer [  1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  ] Older
309.
 
No subject
Oct 7, 2003, 00:22
No subject Oct 7, 2003, 00:22
Oct 7, 2003, 00:22
 
Rather then rant or rave about whether this was Valve's fault or whether it was a hoax (That theory has more holes then a block of swiss) I would like to know how a large, powerful (In relation to other Game software companies) and seemingly invulnerable giant like Valve could have allowed this to happen. Not only did they have the source on an "open" PC, but they use Outlook Express. Maybe I'm assuming too much, but do any of "us" use Outlook? I prefer Eudora myself, but who in their right mind uses Outlook for mail? I know Gabe used to be an MS lackey...but is his devotion so great that he used a flawed and buggy email program to contact his team? I always thought Gabe was smarter then that.

On the bright side (If there even IS one) this should make other developers think twice about slacking off on their security.

My $10,000 Collection!
(Ten of my games aren't in the IGN database)
http://users.ign.com/collection/Kairaega
Avatar 13929
308.
 
Re: i(Half)Life
Oct 6, 2003, 22:16
Re: i(Half)Life Oct 6, 2003, 22:16
Oct 6, 2003, 22:16
 

HALF LIFE 2 WAS NEVER MADE, THIS IS A HOAX BY THE DEVELOPER TO COVER UP THE FACT THAT THEY PLAYED COUNTERSTRIKE 24/7 FOR THE PAST 5 YRS...INSTEAD OF MAKING HL2 AND TF2

307.
 
i(Half)Life
Oct 6, 2003, 16:40
i(Half)Life Oct 6, 2003, 16:40
Oct 6, 2003, 16:40
 
Gabe should do one of those Apple switch commercials. I can see it now:

"My company and I lost a hell of a lot of money cause of Windows. No wait, it was our own stupidity..."

I think it could be an instant classic...

I loved the post about the hacker and the brick throwing. Truer words have not been spoken in a while.

So until Apple comes out with an iBox... I'll keep using my PC for games only and have all my important stuff on my Apple. Least people don't try to hack it. The Xbox version of HALO was a hell of a lot better than the crap one we got by the way.

And if the code was so important, why not have the stations that had access to it cut off from the internet? Just a small network within valve with no outside connection. Problem with that?

306.
 
Re: Its all Valves fault.
Oct 6, 2003, 10:55
nin
 
Re: Its all Valves fault. Oct 6, 2003, 10:55
Oct 6, 2003, 10:55
 nin
 
Being an IT in the navy I think I know about network security.."

Yes, we all know that the brightest minds enlist in the U.S. armed forces.

http://www.theregister.co.uk/content/archive/28263.html

http://www.theregister.co.uk/content/archive/28283.html

http://www.theregister.co.uk/content/archive/28293.html



Supporter of the "A fredster By Any Other Name Is Still The Same" fan club.

http://www.hybridsoundsystem.com/
305.
 
Re: Its all Valves fault.
Oct 6, 2003, 10:50
Re: Its all Valves fault. Oct 6, 2003, 10:50
Oct 6, 2003, 10:50
 
"Being an IT in the navy I think I know about network security.."

Yes, we all know that the brightest minds enlist in the U.S. armed forces.

304.
 
lol
Oct 6, 2003, 06:20
lol Oct 6, 2003, 06:20
Oct 6, 2003, 06:20
 
All those stupid theories you people come up with are making me laugh. But what you don't realize is that a source code leak is a hundred times worse than a alpha or beta leak. They didn't just have their game stolen. That's going to happen anyway as soon as they release it. Don't forget this is a brand new, top of the line, most technologically advanced engine right now (other than Doom 3 probably). They had their trade secrets stolen as well as licenced code they could get in serious trouble for. Now instead of other game companies wondering "ahh this feature is cool in Half-Life 2; how did they do it?", they can just look at the source code and copy it.
Do you honestly think that they would just give away all their fucking trade secrets just to have an excuse to delay the game or as some sort of ploy to gain more market share? Valve Software doesn't need to make stupid excuses when they delay the game. When they delay it, oh well. It's not the end of the world. Anyone remember how many times Half-Life was delayed? Remember when TF2 was 'just about to come out'? Did they give you any excuses then?
Wake up, people. Go outside or something.


This comment was edited on Oct 6, 06:21.
--- WindWalker
303.
 
Its all Valves fault.
Oct 6, 2003, 05:30
Its all Valves fault. Oct 6, 2003, 05:30
Oct 6, 2003, 05:30
 
This is really starting to get on my nerve's how people think its all Microsofts fault. It is 100% Valves fault that the HL2 source code was leaked. Honestly why in the world would you post your companys livelyhood on an outlook server thats part of the biggest network in the world?(internet for you retards) I know valve is a big company and has to have a network to conduct business, but there are literally hundreds of other LAN/WAN options they could have used. Being an IT in the navy I think I know about network security and that anything on the internet can and will be comprimised. Had valve not been lasy and took their work more seriously, not just development wise but the way they conduct business, HL2 might be coming out soon. Im actually reconsidering purchasing this product. Its a sign on how Valve works. How much use is the tallest building in the world if the foundation that holds it up crumbles...............Dick

302.
 
Re: No subject
Oct 6, 2003, 05:21
Re: No subject Oct 6, 2003, 05:21
Oct 6, 2003, 05:21
 
Short of being physically broken into good security and practices are an effective measure. Leaving your source code on an unsecure open pc is like leaving your front door closed but unlocked (with your car keys hanging up behind it).

It is more the practice of how to move about secure material rather than secure up the open/internet PC. Pretty silly mistakes when you have a million dollar project isn't it?

Its not the cough that carries you off but the coffin they carry you off in.
301.
 
Re: Valve is at fault
Oct 5, 2003, 22:34
Re: Valve is at fault Oct 5, 2003, 22:34
Oct 5, 2003, 22:34
 
I am starting to suspect that Gabe may have released the source himself in order to thwart Stream. If I was working inside Valve I think I might sabotage myself some Source, think pure evil.

300.
 
Re: Valve is at fault
Oct 5, 2003, 22:12
Re: Valve is at fault Oct 5, 2003, 22:12
Oct 5, 2003, 22:12
 
Hate to tell u but he can say anything he wants and a million ppl will believe him.. they knew it wasn't comeing out the 30th for whatever reason and they made something up to make it look legit to why it wasn't released.. Does everyone realy believe that they would e-mail the code via e-mail over a network to each other u got usb flash drives etc.. now adays.. so what are they gona do since it got stolen change the code or tweake it some how so it won't come out till late next year probly.. but thats ok halo is pretty tight.. so is star wars Jedi Academy

This comment was edited on Oct 5, 22:14.
299.
 
Re: Valve is at fault
Oct 5, 2003, 21:08
Re: Valve is at fault Oct 5, 2003, 21:08
Oct 5, 2003, 21:08
 
Heres what im guessing Valve did the leak on purpose do to them not releaseing the game on time so this will keep everyone guessing etc.. A game company should know if they are on a network to protect it the best they can.. or not even put it on a network why would they be e-mailing the source code anyways ? to me thats just plain stupid.. I bet anything this was not hacked it was let out on purpose so they have a excuse to why it was not released on sept 30th..

if you read the post made by gabe, which is basically this entire news story, he basically states that the source was stolen before the 30th.

so it's not an excuse for a delay, it's the reason for the delay.

298.
 
Valve is at fault
Oct 5, 2003, 17:33
Valve is at fault Oct 5, 2003, 17:33
Oct 5, 2003, 17:33
 
Heres what im guessing Valve did the leak on purpose do to them not releaseing the game on time so this will keep everyone guessing etc.. A game company should know if they are on a network to protect it the best they can.. or not even put it on a network why would they be e-mailing the source code anyways ? to me thats just plain stupid.. I bet anything this was not hacked it was let out on purpose so they have a excuse to why it was not released on sept 30th..

297.
 
What is truly funny
Oct 5, 2003, 17:27
What is truly funny Oct 5, 2003, 17:27
Oct 5, 2003, 17:27
 
What's funny is not that it was stolen, but that Valve's IT crew had no idea they were being hacked. I mean, lets face it, nobody with top notch security and an IT administrator that knows how hackers hack is going to get ripped this bad. This makes their entire network infrastructure look like a joke.

Now, what I really wanna know is why didn't the hacker grab any frickin' content? Junk.

296.
 
Re: Shadow
Oct 5, 2003, 16:25
Re: Shadow Oct 5, 2003, 16:25
Oct 5, 2003, 16:25
 
Hey Fredster Zeph, you didn't answer any of my questions? Please answer my questions. And for your information, you can add 100 to that number and you'll still fall short of the test result. Instead of insulting people's intelligence, maybe you should learn more about the subject you're debating before you go mouthing people off. And by the way, you didn't prove any point.

295.
 
Re: No subject
Oct 5, 2003, 15:52
Re: No subject Oct 5, 2003, 15:52
Oct 5, 2003, 15:52
 
You're
There's
Separate

294.
 
Re: Corporate espionage perhaps?
Oct 5, 2003, 15:23
Re: Corporate espionage perhaps? Oct 5, 2003, 15:23
Oct 5, 2003, 15:23
 
No, you are off base. Vivendi is too large a company (remember, the world's largest music company, Universal studios and theme parks) to risk thie complete business just to get access to a game that in the grand scheme of things is small potatoes in terms of overall revenue.

On an semi-related note, five more posts before 300. Come people, lets get over the hump!

You cannot make anything fool-proof. The fools are too inventive

GW: Tr Gandhi (Ra), Shiva Sung (Mo), Mangal Pandey (Ne), Rana Pratap Singh (Wa), Boddhi Satwa (Ri), Bhagat Singh (De), Bahadur Shastri (Pa)
Avatar 11944
293.
 
Corporate espionage perhaps?
Oct 5, 2003, 14:21
Corporate espionage perhaps? Oct 5, 2003, 14:21
Oct 5, 2003, 14:21
 
I will be very careful what I say here, but to me there could be a possibility it was Vivendi itself. Steam is a way of distributing the game online right? Possibly without Vivendi receiving as large a percentage as they would by having to box it up etc. I don't know, but it was interesting to entertain the thought.

There are some holes to this logic, but then again, what would Vivendi lose by doing this? Nothing, as people will buy the boxed version in any case.

I even wonder if it would be possible to hack Steam to the effect of distributing free copies... of course I am computer illiterate, but anything seems possible these days.

292.
 
No subject
Oct 5, 2003, 14:17
No subject Oct 5, 2003, 14:17
Oct 5, 2003, 14:17
 
Your a dumbass Phyrebird.

"if the hole is there, someone will exploit it"

You think your house couldn't be broken into? Or your car couldn't be stolen?

Theres no such think as perfect security. Even if they had a seperate network for source code then it still could be stolen any number of ways.

Yes your a huge dumb ass.
DON'T LIKE MY COMMENTS?!? THEN STOP RELEASING GARBAGE.
Avatar 8515
291.
 
Re: what is this world coming to ?????
Oct 5, 2003, 13:43
Re: what is this world coming to ????? Oct 5, 2003, 13:43
Oct 5, 2003, 13:43
 
Sorry, but I have to disagree with this sentiment. While I know I'm going to get flamed by people saying "if the hole is there, someone will exploit it", and to an extent I agree, we have to remember that perhaps the guys at Valve have been so busy creating the game they never put much thought to protecting it.

From the tone of Gabe's messages, it's clear that whomever did the infiltration had to work at it. This isn't just a quick "map a drive for a snatch and grab" type situation. They were specifically targeted.

Hold your horses, folks. YES, I agree that a 2nd network would have been a good idea. YES I think that Valve dropped the ball on network security. BUT - and this is the big point I wanted to make - the responsibility for the theft does not rest on Valve's shoulders. If I leave my front door open, it's not my *fault* if someone comes in and steals things. THEY made the decision to commit the crime. Yes, Valve should've handled security better. But it's some overzealous geek (unfortunately like us) that decided to fuck up the release for everyone else.


Edit: grammar/spelling changes
-----------
. :-bleargh-: .
This comment was edited on Oct 5, 13:45.
-----------
. :-bleargh-: .
290.
 
Re: what is this world coming to ?????
Oct 5, 2003, 06:55
Re: what is this world coming to ????? Oct 5, 2003, 06:55
Oct 5, 2003, 06:55
 
In otherwords a firewall/router.

... Which means exactly what I said, no servers are visible to the outside world, port 80 is open for http calls etc.

If they didn't done that (which I doubt) they had it coming...

329 Replies. 17 pages. Viewing page 2.
Newer [  1  2  3  4  5  6  7  8  9  10  11  12  13  14  15  16  17  ] Older