Home / World Business
Fri, Jul 16, 2004 - Page 12 News List

Fans track hackers who stole game source code

DETECTIVE WORK The people who stole the biggest PC gaming sequel in history did not count on being tracked down by those they thought were their supporters


Software piracy has always been a big problem for the games industry, last year accounting for an estimated US$3 billion in lost revenue.

However, it is the theft of pre-release game code, which allows gamers to illegally download work-in-progress versions of games, that is causing most concern for developers, an unease heightened by last year's massive source code leak of Valve Soft-ware's hugely anticipated PC shooter, Half-Life 2.

In January, it came to light that the FBI, Scotland Yard and the German authorities, along with the Half-Life 2 fan community, had been searching for the culprits since the leak was announced last October. Last month, the thieves were arrested in Germany and other undisclosed countries.

Having accessed Valve's server through a security -- bypassing loophole in Windows, the hackers were able to download an early and hugely incomplete version of Half-Life 2 and post it on the Internet for downloading via Usenet.

A boxed version of the code was even on sale on the Ukrainian and Russian black markets.

"Once into our network, hacking tools were installed, and a custom source control client created to extract the Half-Life 2 code," explains Gabe Newell, Valve's managing director.

"This continued until October, when one of the hackers distributed one of my e-mails on a Web site. We knew something was horribly wrong with our network, and took steps to prevent further incursions. This was followed shortly after by the hackers releasing the source code," Newell said.

The leak set the project back several months as Valve reassessed its network's security and that of the game's networking code.

"It's analogous to JK Rowling waking up to find the outline to the next Harry Potter book online," Newell said.

The hunt for the hackers centered around two major investigations. The first was led by the FBI's Cybercrime Task Force, who examined machines for clues as to the source of the hack, then find that machine and so on.

"The second investigation was run by the gaming community. Fairly quickly after the source code was leaked, we sent out mail to the gaming community appealing for assistance in tracking down the perpetrators," he said.

"We set up an e-mail alias for people to submit information, and amassed thousands of pieces of evidence in a few days. That information was also redistributed within the community itself, as a smaller group took it upon itself to unmask the people," Newell said.

"This non-traditional approach had the advantage of scale and of involving a large number of very sophisticated and motivated people," he said.

It wasn't long before both parties made inroads into identifying the thieves, with the gaming community and the FBI independently tracking the primary hacker to Germany.

The risk of being apprehended prompted the primary instigator to contact Newell. He admitted hacking into Valve's server, but denied any role in the theft, instead naming those responsible for distributing the stolen code.

"We now had three independent ways of confirming this primary instigator and, through conversations with this individual, had convinced him to fly out to us in Seattle for a job interview. The plan was changed so German authorities would do the arrests on German soil," Newell said.

Investigations are continuing, with those involved found to have links with similar crimes.

This story has been viewed 3565 times.

Comments will be moderated. Remarks containing abusive and obscene language, personal attacks of any kind or promotion will be removed and the user banned.

TOP top