Gabe Newell I need the assistance of the community
Posted by: Newsfactory on: 10/02/2003 09:23 PM [ Print | 33 comment(s) ] · 6905 views
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.
Well, this sucks.
What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.
Gabe
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.
Well, this sucks.
What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.
Gabe
« DVD Plus Identifier v2.4 · Gabe Newell I need the assistance of the community
· Amazing New ATI - Driverheaven Competition »
2 pages 1 2
Comment
|
cmsmith Unregistered |
#47858 Posted on: 10/02/2003 09:27 PM
When, oh WHEN, are people going to learn NOT to use Microsoft software in a situation where security is of any concern?! My god... |
Comment
|
The_truth Unregistered |
#47859 Posted on: 10/02/2003 09:29 PM
Wow that sucks.... it couldnt be could it ?? no surely not. |
Comment
|
The_truth Unregistered |
#47860 Posted on: 10/02/2003 09:31 PM
oh please... |
Comment
|
MagamiAKO Unregistered |
#47861 Posted on: 10/02/2003 09:34 PM
Because, dumb ass, they are designing games for Windows. Whoever did this crafted it. But considering the size of the operation, he probably slipped up somewhere. It can be traced back and I'm sure they'll catch the idiot that did it. |
Comment
|
digitalwonderer Unregistered |
#47862 Posted on: 10/02/2003 09:38 PM
To hear it was a cracker who stole it rather than someone who leaked it, at least they know where the security breach is at. But it does truly suck and my heart goes out to Valve over this and I hope they track and catch the people responsible, something like this is just bad for the community as a whole.  |
Comment
|
cmsmith Unregistered |
#47863 Posted on: 10/02/2003 09:39 PM
Then design the game on Windows. Run the business on something else. Dumbass. |
Comment
|
cmsmith Unregistered |
#47864 Posted on: 10/02/2003 09:41 PM
Oh please what?! Whoever did this accessed their directory structure through a glorified email program for Pete's sake! |
Comment
|
cmsmith Unregistered |
#47865 Posted on: 10/02/2003 09:42 PM
My mistake. Keystroke recorders were installed via the email program. The point still stands though. |
Comment
|
The_truth Unregistered |
#47866 Posted on: 10/02/2003 09:48 PM
The issue isnt how it happened but who did it ! MS isnt the route of all evil you know... |
Comment
|
MagamiAKO Unregistered |
#47867 Posted on: 10/02/2003 09:51 PM
Are you retarded or something? This has NOTHING to do with the operating system used. But come on, when you're at work all day, at the office, working on things like this, you're not ALWAYS going to be working on this game. Any game designer knows that while they get paid, they also need to have their time to fool around and keep themselves up to date. Game developers can't lock themselves in a room for 6 months and work behind closed doors with no outside access to anybody or anything just for the sake of preventing a leak. They damn near want to kill eachother sometimes in their current conditions. The fact is, it has NOTHING to do with the OS that was used. It was a mistake, *shit* happens. It's not like this is an everyday occurence. This is probably going to delay the game while they grab the source code, format all the systems, update all of them. Then they have to get the legal boffins to cracking on anybody who posts any reference to the source. This is legal and financial hell for Valve, Activision, and most importantly, us, the community. They've now had to stop dev work to do this and it could be at least a week or two before they get back to coding work, not to mention the slower coding times to make sure they keep up with everything. Though at this leg in the race, they're probably going to disconnect from the internet entirely on this machines and just finish the game ASAP. |
Comment
|
The_truth Unregistered |
#47868 Posted on: 10/02/2003 09:57 PM
Are you using a windoews PC now ? if so STFU if not good luck running your 5 apps. |
Comment
|
C1arity Unregistered |
#47869 Posted on: 10/02/2003 09:58 PM
I want HL2 really bad...but not that bad. Stealing the source is really lame. |
Comment
|
MagamiAKO Unregistered |
#47871 Posted on: 10/02/2003 10:06 PM
Bad for the community or good, depending on how Valve wants to handle it. Either they can close themselves off to the community, or they can use this to strengthen the ties with the community. I hope it strengthens things up....either way, this is really bad because that's their IP. It might happen that legally they'll have to trash that code and code those parts over  Let's hope THAT won't happen. |
Comment
|
pitr- Unregistered Posts: 0 Joined: 2004-05-25 |
#47872 Posted on: 10/02/2003 11:19 PM
perhaps, but their not the root of all good either
i am a bit perplexed about why they choose to use outlook or why they simply just disable the preview window since it is such an easy thing to do..... but i guess you don't care about such simple things when you're bussy coding a very complex game. |
Comment
|
hinkle Unregistered |
#47873 Posted on: 10/02/2003 11:35 PM
Nobody believed me when I first said a month ago that HL2 won't come out this year... Now it's obvious we won't play HL2 this christmas. |
Comment
|
owa Unregistered |
#47874 Posted on: 10/03/2003 12:03 AM
It's a little weird that they even had the source code available on the net. When we do proprietary testing or classified type work that is the first thing that gets disconnected (outside access). You would think they'd treat the source code in the same manner. But, like someone mentioned, it was probably just an oversight or mistake on someone's part. |
Comment
|
mofo_joe Unregistered |
#47875 Posted on: 10/03/2003 12:10 AM
Just because someone is designing games for Windows does not mean that they have to use flawed Microsoft software. They may be forced into using the OS, but they are certainly not forced into using Outlook or any of MS's other numerous bug-laden products - which would seem to be the cause of this particular security breach. My advice to Gabe is to avoid any MS software you can in the future... ESPECIALLY Outlook. It's probably the most insecure application of ALL time. Try the Mozilla Thunderbird/Firebird mix - works well for me, and many others. Look into other OS's for non-development server machines, like OpenBSD for example - free, stable, and fairly secure. As for tracking/catching whoever was responsible, good luck. It's not impossible, but it all depends on how stupid/smart the person responsible is.. and how good your logs are. It may be a good idea to set up some sort of a honeypot with some 'fake' source.. They aren't likely to come back now that the story is all over the news, but you shouldn't ever underestimate the power of greed and stupidity. |
Comment
|
The_truth Unregistered |
#47876 Posted on: 10/03/2003 12:14 AM
trust me mozilla can be hacked.. |
Comment
|
The_truth Unregistered |
#47877 Posted on: 10/03/2003 12:15 AM
well done.. hindsight really is 20:20. |
Comment
|
Trik Unregistered Posts: 0 Joined: 2003-02-13 |
#47878 Posted on: 10/03/2003 12:26 AM
At some point, keystroke recorders got installed on several machines at Valve. Kinda ironic considering the spyware in steam. |
Comment
|
El_Coyote Unregistered Posts: 503 Joined: 2002-12-18 |
#47879 Posted on: 10/03/2003 01:40 AM
if not use outlook, what then? give me 1 good email program that supports exchange and has no vulnerabilities... |
Comment
|
Mmm_Beefy Unregistered Posts: 43 Joined: 2002-12-17 |
#47882 Posted on: 10/03/2003 06:03 AM
oops as for the Exchange, psh, if MS cant make a secure email program..... |
Comment
|
Sardaukary Unregistered |
#47884 Posted on: 10/03/2003 09:05 AM
I’ve been using thunderbird ever since outlook leaked my address by having it in plain text in the registry. |
Comment
|
Noodlez Unregistered Posts: 0 Joined: 2003-06-13 |
#47885 Posted on: 10/03/2003 10:21 AM
bah, this comes off as hull hype and a stunt to me. anyone with a clue go do that could have pulled that off would have snaged the full game also. I see it as a way for them to get ther name/game in the news even more. |
Comment
|
SimonG Unregistered |
#47886 Posted on: 10/03/2003 11:04 AM
Hi Guys I find Gabe's comments about unauthorised access to his mail account interesting - This means that someone hacked into Exchange server as well as outlook and would explain the recent hoax emails that were supposedly from Valve about HL2's status that went out to some of the game sites. The strange thing is that if I'd had access to Valve's mail system I would have known exactly what state HL2 was actually in - Bit odd that I'd then send hoax emails saying that the game would still be released on the 30th. If the hackers had seen emails confirming the delays (any maybe the reasons) then I would have expected them to have published this information weeks ago in order to stir things up - Strange that they didn't !? Ref the comments about not using MS products, if your developing a game to run on a MS platform then you don't really have a choice. Yes, Valvce could have been more proactive on their own security - but when you're under pressure from fans & publishers to complete a project on time it's easy to overlook the obvious. I suspect many people here have not installed ALL the recommended security updates from MS, and are probably using "budget" antivirus and firewall software themselves. At the end of the day if someone wants to get something they'll find a way no matter how good the security measures, and unless you want to spend many thousands of pounds installing the best Cisco or Nokia firewall/VPN solutions you're always be open to attacks. Ref using Outlook & Exchange - there are other solutions available such as Lotus Domino/Notes that is pretty much immune from all virus's & hacks. The reason that people don't always install alternative solutions is the cost & inconvenience caused by the change. This whole HL2 story gets more interesting by the day and is far from over yet. |
2 pages 1 2
