Infosecurity
Raiting:
3

Who stole the videogame Half-Life 2?


imageA few days ago, the earliest Half-Life 2 version was released in the network for the media. Obviously, this version has not been finished yet, as the main game’s character is not known to the whole world of players a theorist physicist, who wears glasses and a protective suit and holds in his hand a crowbar, but bearded dwarf Ivan, a space biker, who is opposing against the staff of the research center. 15 years ago, the disk contents was reserved exclusively for members of the regular publishers.

However, there is more interesting earlier story of a domo version that got into the hands of gamers. In order to understand how it all started, we go back to ten years ago.

Half-Life 2 was only a passing rumor that haunted the minds of gamers, but at E3 in May 2003, a demonstration of the product made a great impression to the public and received several awards. In Seattle, a game maker plan to release the game in September 2003, but on the other hand, the game maker knew the team wasn't going to make the September 30 release date, but he had yet to tell the community that.

At the same time, 22-year-old Axel Gembe lived with his father in the small German town of Schönau (just over two thousand people) on the other side of the world. This hacker was destined to play a major role in the story. He hacked the game accidently, namely once he was downloading and installing sdbot virus program, which was masking as key generator for Warcraft III, but instead to clean the system and forget about the Trojans virus, Gembe subjected the product to reverse engineering and learned how it works.

The program was controlled by the IRC-server, and Axel tracked its operator. Once again, rather than handed it over to the law enforcement agencies, Gembe started asking questions about malicious software. Today, he is the owner of a Steam account with games on two thousand euros, but at the time he was not so financially independent. So beginning attacker created his own malware, which was stealing CD-keys to get access to the games that Gembe wanted to play. Over time, his Agobot became one of the most dangerous Trojans that period, mainly due to Windows’ vulnerabilities.

Gembe criminal activity was stimulated not by a desire to make a profit or to cause some damage, but only by his passion to play the videogames. Among the favorites was Half-Life 2. In 2002, like the rest of its fans, Axel was suffering from a lack of any hints of a sequel, which gave him the idea to hack into Valve Corporation’s network.

As the hacker said, "I was scanning Valve's network to check for accessible web servers where I thought information about the game might have been held. Valve's network was reasonably secure from the outside, but the weakness was that their name server allowed anonymous AXFRs, which gave me quite a bit of information."

AXFR stands for Asynchronous Full Zone Transfer, a tool used to synchronize backup DNS servers with the same data as the primary server. But it's also a protocol used by hackers to sneak a peek at a website's data. By transferring this data, Gembe was able to discover the names of all the subdomains of ValveSoftware.com.

Gembe had found an unguarded tunnel into the network on his first attempt. "The Valve PDC had a username "build" with a blank password," he explains. "This allowed me to dump the hashed passwords for the system. At the time the Eidgenössische Technische Hochschule Zürich offered an online cracker for hashes, so I was able to crack the passwords in no time".

Studying the environment, Gembe came across the documents, project requirements, notes on the creation of the game, namely these were things that Axel was looking for. On the other hand, even after weeks no one suspected that Valve Corporation system was hacked, so the hacker grew bolder. He found the source codes of the game on one of the machines that he could not wait to play. Due to the network performance of the Perforce client everything went smoothly.

image

However, the game did not run on Axel’s computer. So he turned off the shaders, making it much more boring. The hacker remembered that the code had some forks, which Gembe started checking in a row.

Axel says that he was not the person who uploaded the source code to the internet. But there's no denying he handed it over to whoever did it, slightly considering the consequences. Once the game was on Bit Torrent, there was no containing it, and on October 2, 2003 the source code of unfinished game became available to everyone.

On the same day, Gabe Newell who is the co-founder and managing director of Valve posted on Half-Life 2 forum (now ValveTime.net) a topic with the title "I need some help from the community", where he acknowledged the authenticity of the stolen source codes and asked the readers to help tracking down the hacker. Gabe found out that three weeks before, someone got access to his e-mail, and on some machines were installed keyloggers that written for Valve. They were not detected by antivirus programs.

Community players responded ambiguously. At that time, Half-Life 2 release had already been delayed, and due to the leaked materials, it was becoming obvious that the game definitely would not have been released by the end of 2003. Actually, the leak included the maps and other important stuff, and this fact angered fans. One way or another, but the community could not help.

Inside of Valve occurred unpleasant process: the developers’ mood was ruined after the leak of the product, because a month of work was worth $1 million, and the release of the game was not real in the near future. One of the young designers once asked Newell "Is this going to destroy the company?"

On 15th February 2004, the hacker contacted Valve Corporation and explained the unintended nature of his actions. Gembe said that he never wanted to cause such damage and regretted how things have happened. In the second letter, a naive young man who dreamed to work for a game development company asked to employ him in the company.

Newell said yes and suggested him to have a telephone interview. However, the real motivation behind the suggestion was not to discover whether Gembe would be a strong candidate for a position within the company. It was to obtain an on-the-record admission from Gembe that he had been responsible for the leak. It's an old FBI trick, designed to gain a confession by appealing to a person's sense of pride. The phone interview was being conducted by Alfred Reynolds, developer on Counter-Strike and Steam, and Portal writer Erik Wolpaw, but says he could be wrong. (In fact, Wolpaw says he had yet to join the company at this point.)

imageThe phone interview lasted for 40 minutes. Any sense of guilt dissipated for Gembe in the presence of his heroes. But that was nothing compared to the adrenaline rush he felt when he received an invitation to a second interview. This one would be face-to-face at Valve's headquarters in Seattle, on American soil. However, due to issues of access to the servers at Valve, FBI decided to arrest Gembe in Germany.

On 7th May 2004, Axel Gembe awoke to find his bed surrounded by police officers. He was being charged with hacking into Valve Corporation's network, stealing the videogame Half-Life 2, leaking it onto the internet and causing damages in excess of $250 million. Since that day, the young attacker had a lot of different court proceedings. First, he was suspected of involvement in the the Sasser-Worm, because this malware also affected the computers running vulnerable versions of Windows.

Then the police moved on to asking him about the hacking into the Valve Corporation. Axel cooperated with the police and honestly told them everything he knew, he even did ask for a lawyer. They appreciated that. The hacker spent two weeks in a jail, and after making sure that Axel wasn't to flee, the police decided to let him go until his trial.

The hacker was unlucky, as he could be treated much worse in the United States. While waiting for his day in court, Gembe worked hard to change his life. He finished an apprenticeship and got a job in the security sector, writing Windows applications to manage security systems and performing database and server administration work.

Axel Gembe's trial lasted for seven hours. No one from Valve was present, though someone from the Wall Street Journal turned up. Security breach aside, there was no evidence to suggest Gembe had been responsible for pushing the Half-Life 2 source code on the internet. However, Gembe admitted to hacking into Valve's network. The judge sentenced him to two years' probation, citing his rough childhood and the way he had worked to turn his life around as considerations when it came to deciding on the relatively lenient punishment.

By the time of the trial 8.6 million copies of Half-Life 2 had been sold, its success seemingly unaffected by the leak of 4th October 2003. The game that was released on 16th November 2004 is the third best-selling non-console PC videogame in history. It is hard to say if this code leak worsen or improved sales. Today, Valve Corporation prefers not to talk about that situation, and the game modifications that have been using the stolen source code are given the illegal status. So far Valve has not been issued any official statement on the leak.

Here are used the materials from Half-Life Wiki, Pixel Smashers and the articles written by Simon Parkin at Eurogamer.net. You may find the stolen beta version at Free-Torrents.org.
0
Papay 28 january 2013, 13:14
Vote for this post
Bring it to the Main Page
 

Comments

0 Janny February 19, 2013, 1:26
Axel Gembe's trial lasted for seven hours. No one from Valve was present, though someone from the Wall Street Journal turned up. Security breach aside, there was no evidence to suggest Gembe had been responsible for pushing the Half-Life 2 source code on the internet. However, Gembe admitted to hacking into Valve's network. The judge sentenced him to two years' probation, citing his rough childhood and the way he had worked to turn his life around as considerations when it came to deciding on the relatively lenient punishment.

Leave a Reply

B
I
U
S
Help
Avaible tags
  • <b>...</b>highlighting important text on the page in bold
  • <i>..</i>highlighting important text on the page in italic
  • <u>...</u>allocated with tag <u> text shownas underlined
  • <s>...</s>allocated with tag <s> text shown as strikethrough
  • <sup>...</sup>, <sub>...</sub>text in the tag <sup> appears as a superscript, <sub> - subscript
  • <blockquote>...</blockquote>For  highlight citation, use the tag <blockquote>
  • <code lang="lang">...</code>highlighting the program code (supported by bash, cpp, cs, css, xml, html, java, javascript, lisp, lua, php, perl, python, ruby, sql, scala, tex)
  • <a href="http://...">...</a>link, specify the desired Internet address in the href attribute
  • <img src="http://..." alt="text" />specify the full path of image in the src attribute