Wolverine
07-16-2004, 02:39 AM
Interesting read about the Halflife 2 code theft as reported by Guardian Unlimited (http://www.guardian.co.uk/online/story/0,3605,1260989,00.html)
The net's sleuths
Hackers stole the biggest PC gaming sequel in history, but they didn't count on being tracked down by the people they believed were supporters - the gaming fans. Martin Korda investigates
Software piracy has always been a big problem for the games industry, last year accounting for an estimated $3bn in lost revenue. However, it is the theft of pre-release game code, which allows gamers to illegally download work-in-progress versions of games, that is causing most concern for developers, an unease heightened by last year's massive source code leak of Valve Software's hugely anticipated PC shooter, Half-Life 2.
In January, it came to light that the FBI, Scotland Yard and the German authorities, along with the Half-Life 2 fan community, had been searching for the culprits since the leak was announced last October. Last month, the thieves were arrested in Germany and other undisclosed countries.
Having accessed Valve's server through a security-bypassing loophole in Windows, the hackers were able to download an early and hugely incomplete version of Half-Life 2 and post it on the internet for downloading via Usenet. A boxed version of the code was even on sale on the Ukrainian and Russian black markets.
"Once into our network, hacking tools were installed, and a custom source control client created to extract the Half-Life 2 code," explains Gabe Newell, Valve's managing director.
"This continued until October, when one of the hackers distributed one of my emails on a website. We knew something was horribly wrong with our network, and took steps to prevent further incursions. This was followed shortly after by the hackers releasing the source code."
The leak set the project back several months as Valve reassessed its network's security and that of the game's networking code. "It's analogous to JK Rowling waking up to find the outline to the next Harry Potter book online," says Newell.
The hunt for the hackers centred around two major investigations. The first was led by the FBI's Cybercrime Task Force, who examined machines for clues as to the source of the hack, then find that machine and so on.
"The second investigation was run by the gaming community. Fairly quickly after the source code was leaked, we sent out mail to the gaming community appealing for assistance in tracking down the perpetrators. We set up an email alias for people to submit information, and amassed thousands of pieces of evidence in a few days. That information was also redistributed within the community itself, as a smaller group took it upon itself to unmask the people. This non-traditional approach had the advantage of scale and of involving a large number of very sophisticated and motivated people."
It wasn't long before both parties made inroads into identifying the thieves, with the gaming' community and the FBI independently tracking the primary hacker to Germany.
The risk of being caught prompted the primary instigator to contact Newell. He admitted hacking into Valve's server, but denied any role in the theft, instead naming those responsible for distributing the stolen code. "We now had three independent ways of confirming this primary instigator and, through conversations with this individual, had convinced him to fly out to us in Seattle for a job interview. The plan was changed so German authorities would do the arrests on German soil," says Newell.
Investigations are continuing, with those involved found to have links with similar crimes. Valve is preparing to sue the hackers for damages, while working towards an end-of-summer release date for Half-Life 2 - widely considered the most anticipated shooter in PC gaming history.
The repercussions have been felt throughout the gaming industry, with numerous developers reassessing security measures. "When we heard what had happened with Half-Life 2 we were appalled," says Jonty Barnes, head of Black & White Studios, a satellite company of UK-based Lionhead Studios. "We even considered disconnecting the company from outside connections until we were satisfied."
With new security protocols in place in the majority of the leading development houses, the chances of a similar leak have been reduced, while the capture of those responsible will have been a warning to hackers, especially now that the very audience they claim to cater for - hardcore gaming fans - have played such a role in unmasking them.
The net's sleuths
Hackers stole the biggest PC gaming sequel in history, but they didn't count on being tracked down by the people they believed were supporters - the gaming fans. Martin Korda investigates
Software piracy has always been a big problem for the games industry, last year accounting for an estimated $3bn in lost revenue. However, it is the theft of pre-release game code, which allows gamers to illegally download work-in-progress versions of games, that is causing most concern for developers, an unease heightened by last year's massive source code leak of Valve Software's hugely anticipated PC shooter, Half-Life 2.
In January, it came to light that the FBI, Scotland Yard and the German authorities, along with the Half-Life 2 fan community, had been searching for the culprits since the leak was announced last October. Last month, the thieves were arrested in Germany and other undisclosed countries.
Having accessed Valve's server through a security-bypassing loophole in Windows, the hackers were able to download an early and hugely incomplete version of Half-Life 2 and post it on the internet for downloading via Usenet. A boxed version of the code was even on sale on the Ukrainian and Russian black markets.
"Once into our network, hacking tools were installed, and a custom source control client created to extract the Half-Life 2 code," explains Gabe Newell, Valve's managing director.
"This continued until October, when one of the hackers distributed one of my emails on a website. We knew something was horribly wrong with our network, and took steps to prevent further incursions. This was followed shortly after by the hackers releasing the source code."
The leak set the project back several months as Valve reassessed its network's security and that of the game's networking code. "It's analogous to JK Rowling waking up to find the outline to the next Harry Potter book online," says Newell.
The hunt for the hackers centred around two major investigations. The first was led by the FBI's Cybercrime Task Force, who examined machines for clues as to the source of the hack, then find that machine and so on.
"The second investigation was run by the gaming community. Fairly quickly after the source code was leaked, we sent out mail to the gaming community appealing for assistance in tracking down the perpetrators. We set up an email alias for people to submit information, and amassed thousands of pieces of evidence in a few days. That information was also redistributed within the community itself, as a smaller group took it upon itself to unmask the people. This non-traditional approach had the advantage of scale and of involving a large number of very sophisticated and motivated people."
It wasn't long before both parties made inroads into identifying the thieves, with the gaming' community and the FBI independently tracking the primary hacker to Germany.
The risk of being caught prompted the primary instigator to contact Newell. He admitted hacking into Valve's server, but denied any role in the theft, instead naming those responsible for distributing the stolen code. "We now had three independent ways of confirming this primary instigator and, through conversations with this individual, had convinced him to fly out to us in Seattle for a job interview. The plan was changed so German authorities would do the arrests on German soil," says Newell.
Investigations are continuing, with those involved found to have links with similar crimes. Valve is preparing to sue the hackers for damages, while working towards an end-of-summer release date for Half-Life 2 - widely considered the most anticipated shooter in PC gaming history.
The repercussions have been felt throughout the gaming industry, with numerous developers reassessing security measures. "When we heard what had happened with Half-Life 2 we were appalled," says Jonty Barnes, head of Black & White Studios, a satellite company of UK-based Lionhead Studios. "We even considered disconnecting the company from outside connections until we were satisfied."
With new security protocols in place in the majority of the leading development houses, the chances of a similar leak have been reduced, while the capture of those responsible will have been a warning to hackers, especially now that the very audience they claim to cater for - hardcore gaming fans - have played such a role in unmasking them.