From: InfoSec News (isnc4i.org)
Date: Mon Oct 06 2003 - 01:19:45 CDT

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Forwarded from: William Knowles <wkc4i.org>

http://www.wired.com/news/games/0,2101,60701,00.html

By Suneel Ratan
Oct. 04, 2003

In one of the highest-profile cases of cybercrime to hit the gaming
industry, the source code for Half-Life 2 -- one of the year's
most-anticipated games -- was stolen and released over the Internet,
developer Valve said Thursday.

Valve went into radio silence Friday and did not offer any insights
into the motive behind the theft.

Amid the void, gaming-industry insiders offered varying views on the
significance of the theft and the ensuing release of the code on
Valve's business. Though troubling, many saw the theft as less than
catastrophic, given that source code represents a game's underlying
engine -- determining such essentials as how the action within a game
is portrayed -- but is unplayable without art and sounds, which
apparently were not stolen.

Gifford Calenda, who has run development teams at game giant
Electronic Arts, said he wouldn't want to be in the shoes of Valve
Managing Director Gabe Newell. Still, Calenda said the issue of
proprietary code is overwrought. He stressed that it takes a lot more
than code to make a hot game. A great story line, art and sound are
all essential.

"Many executives believe that source code is valuable and has to be
protected," Calenda said. But in the gaming industry, it's difficult
for any company to stay ahead based on programming talent alone.

"In reality, people move from job to job and exchange ideas, and any
great coder can do what's needed to produce a particular effect," he
said.

One gaming industry executive, who asked not to be named, went even
further in minimizing the theft's importance. He noted that rival
developers likely would stay away from downloading the stolen code,
calling it "(expletive deleted) antimatter."

News of the source-code theft and release began ricocheting around the
Net Thursday morning. Early that afternoon, Valve's Newell confirmed
the theft in a message-board posting at Half-Life2.net that pleaded
for help from the vast online community built around the game and
Valve's other products.

"Well, this sucks," Newell wrote in one of the note's most memorable
lines.

The note left some industry denizens and message-board posters with
slack jaws over how a hacker was able to penetrate Valve's security.
They noted that piracy-paranoid game companies tightly protect their
networks and servers, often storing code and assets on machines
without an Internet connection.

In his note, Newell said the company suspects that around Sept. 11,
someone hacked his e-mail account. His PC then began "acting weird,"
crashing when he would right-click on executables.

Newell, who started Valve after leaving Microsoft, believes keystroke
recorders for collecting passwords were installed remotely. He
believes this happened through a hole in Microsoft's Outlook
personal-information management application.

In the posting, Newell added that over the past year the company has
been subjected to denial-of-service attacks against its corporate
site, as well as the site for Steam, a new digital-rights-management
platform that the company released last month. He pleaded for anyone
with information about the thefts or the attacks to send an e-mail to
helpvalvevalvesoftware.com.

A call to the FBI's Seattle office about whether the agency is
investigating the episode was referred to an agent who did not return
phone calls Friday afternoon.

Valve until recently has been a darling of hard-core gamers. The
original Half-Life, released in 1998, is a first-person shooter
involving aliens invading a top-secret government complex, a story
line that continues in Half-Life 2. Valve also released a
software-development kit that was used to create modified versions of
Half-Life, including Counter-Strike, one of the most heavily played
team-combat games in cyberspace.

But lately Valve has found itself at odds with gamers over its plans
for Steam, a digital-rights-management platform.

The platform will allow Valve to sell Half-Life 2 directly to
consumers as a download on the day it is released as a packaged
product. Players will pay either a one-time fee or a monthly
subscription fee to get subsequent multiplayer versions. Steam also
includes anti-cheating and anti-piracy features that will be required
to play products such as Half-Life 2 online.

Some players are up in arms over suspicions that Valve will introduce
a subscription fee for all of its games, including online play of
Counter-Strike and its updated versions, which currently are free.

"I can't speak for Valve about how this (theft) is going to affect its
strategy and its business, but it's one of the highest-profile cases
of cybercrime in our industry, and it's affected how we all do
business," said Alex Garden, CEO of Relic Entertainment, which has
worked with Valve on Steam.

"It's interesting from an academic perspective, because it's going to
have implications for how we interface with our communities and what
level of communication we have about our products," he added.

In his note, Newell gave no indication of whether the theft will
affect the release date of Half-Life 2, which recently slipped from
this week to later this year.

 
*==============================================================*
"Communications without intelligence is noise; Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*

-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomoattrition.org with 'unsubscribe isn'
in the BODY of the mail.

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]