A security breach is being blamed for the leak of the HL2 source code which started with an unnamed individual reportedly gaining access to Gabe's own personal email account and workstation.... -Keldyn
As quoted by Gabe Newell:
"Yes, the source code that has been posted is the HL-2 source code...
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code....
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly after-wards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or Trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of Remote-Anywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targeted at our web servers and at Steam. We don't know if these are related or independent.
News source: 3dnewz
As quoted by Gabe Newell:
"Yes, the source code that has been posted is the HL-2 source code...
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code....
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly after-wards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or Trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of Remote-Anywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targeted at our web servers and at Steam. We don't know if these are related or independent.
News source: 3dnewzWhat I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community."
Gabe
Update: An email transcript dated the 27th of September (that I won't link to) highlights security flaws in Valve's operations, and mentions that some members of Valve were pushing for a peer-to-peer distribution method for Half-Life 2 shortly before release, in the hope of not crippling the direct download servers, and leaving Steam customers without their game.
In the email, the owner of a Half-Life 2 fan site tricked another Valve employee into thinking he was someone else, and then got confidential information from him. Significantly, the Valve employee stated that they - at the time - had no email verification software, and so emails could be faked by a skillful hacker. Presumably security has now been tightened.
Neowin has sunk veeeeery low >.<
But i forgive you guys, you know I love you.
At first I tought I had some adware installed, but then realized it was the website. And they don't show in Mozilla, nor galeon. And surely not in Safari.
Our speculation is that these were done via a buffer overflow in Outlook's preview pane
You know anything else than OUTLOOK runs on?
Office yes, Outlook no.
But not Outlook -- the PIM+Email program on the Mac is called Entourage.
DOCa Cola
Last edited by 34433 on 03 Oct 2003 - 11:48
it all stinks a bit to me. Suddenly the code is out there, what will value do now? accept the possibilty of a zillion hacks to the closely guarded hl2 multiplayer? no, they'll have to recode. Oh, thats convenient. Whats the bets that the release date now slips into 2004? The community will accept that recoding to prevent hacks is acceptable, however they wouldnt just have accepted another delay. I watch this with interest, as lets face it, nobody outside of valve would know the hl2 code was genuine anyway at this stage.
As for textures, this is where you're right -- you can't run the game without the data files, textures, maps, models, paths, sounds -- which were not leaked.
this latest development, gabes seemingly lack of outrage and the prospect of waiting "another year. it will be done when it's done" only seems too convenient.
btw, what's the reward money for helping to turn this person or persons in? if the source code to a project i worked on for years that would make millions was leaked wouldn't you offer a sizeable reward? imagine if the longhorn source code was released. MS won't even release the source code to NT even though they are end of lifing it.
why wouldn't this hacker release the latest internal beta?!?!
I have had a look at it and it looks good for the cheaters
Steam would destroy all those who try to use a modified version of HL, HL2, CS, etc. I mean, that's why Steam is for right?
Also, what are people gonna do with the source code when they don't have the supplementary objects that go with it? Such as the models, sounds, textures, etc...
Oh yea
BBC News Online
(Personally after all the work done with that (HL2) , I would go ballistic and , and rewrite the whole thing even if that means delaying the game launch 3 years more or a simultaneously release with Duke Nukem Forever)
I hope those responsible are bought to justice as soon as possible.. I think its fair to say they will be taking a real pasting.
Heh.. could be id trying to sabotage the HL2 code so that they can get Doom ]|[ out first :p
Commenting has either been disabled on this article or you are not logged in. Click here to login or register, its free!
Note: Anonymous commenting is disabled in order to keep the quality of responses to a high standard.