vavle owned, half-life 2 source leaked

hail

http://www.planethalflife.com/

We were going to hold off on reporting on this until there was official word from Valve, but now Slashdot is reporting (by way of GamersWithJobs) that at least some of the Half-Life 2 source code has leaked.
There is the Half Life 2 source code floating around the net right now. It looks to be about a month old. There's no official word from Valve on the source code leak yet. Unfortunately those who want to use it to cheat already have it, we need to get the word to legitimate customers to educate them about the situation.
A lot of people are making crazy speculations based on the source code, I wouldn't pay much attention to these rumors. We'll have more on this as soon as we hear official word.
UPDATE: Just to clarify, this hasn't been confirmed as legitimate just yet, but we tend to think this isn't a hoax. On the bright side, since this leak is just source code, there is no actual game art or content. Nobody can compile this and suddenly have Half-Life 2 or anything like that.

UPDATE2: We can now say with pretty much absolute certainty that this is indeed real and not a hoax.


Valve's Gabe Newell has confirmed the Half-Life 2 source code link in this forum post. Here's what he had to say:
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code.

Here is what we know:

1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.

Well, this sucks.

What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.

We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.

So please, if you can, help Valve out!


A lot of people are confused about what exactly the leaking of the Half-Life 2 source code means, but this forum post on HL2.net does a pretty good job of trying to sum things up. Here's a snip:
All its clever routines and algorithms for making a revolutionary game like half life 2 tick, are available to be understood by anyone who knows C++, including game development rivals, hackers making cheats and exploits and the general public.
More worryingly the source code seems to contain a lot of source code from partner software developers that Valve had licensed to use in Half- life 2, such as the Havoc physics engine, and that Valve is contract bound to keep protected and confidential. These leaks enable people to potentially rip off these software partners too, and hence opens Valve to be sued.

Finally the internal workings of Half-life 2 have been so seriously compromised that I will be amazed if we see it released before 1st Quarter 2004. The potential for hacking exploits is enormous; it is like printing the blueprint to your high security safe in the local newspaper before having it installed in your home. SERIOUS work is needed now to rework the source code to protect it from future attacks on release. Let us not even mention that it seems Steam has been seriously compromised as well in the leaked source, as that had enough problems of its own to be getting on with without this.

A leak of the source code of a revolutionary highly anticipated game like Half-life 2, close to release is, as far as I know, unprecedented. My deepest sympathy as a games developer goes to the Valve crew and I wish them every success in catching the perpetrators of this crime.

While I personally disagree with a few of the writer's conclusions, the basic explanations are pretty good and it's worth a read.
Again, this is not the first time source code has leaked. Quake's source was leaked in a similar fashion in early 1997, after the game had been released. Considering Quake source code was later used in numerous games (including Half-Life), you would think this would have been a big deal. But it really wasn't and most people don't even remember the situation now. On the other hand, the Quake source code wasn't distributed nearly as widely as the HL2 source currently is.

Is the Half-Life 2 source leak a big deal? Yes. Are people blowing the potential for Half-Life 2 cheats and hacks out of proportion? I think so.

Regardless, the source is out there and it can't be recalled. It's very unfortunate, but again, things could be worse.


Some of the bigger news outlets are picking up stories on the HL2 source code leak, here's an article on MSNBC entitled "Hacker spoils game for software firm." Here's a peek:
Though the theft stirred considerable buzz in the gaming community, and raised fears that the release of “Half Life 2” — originally slated for September — could be delayed beyond Christmas, observers said it was not expected to have a significant impact on the company.
Pachter, the gaming analyst, said that while other game developers could try to piggy-back on the “Half Life 2” code to create bootleg versions of the game, they probably would not be able to distribute their product.

“It’s a close community and it’s going to be difficult for someone to come out with a game and try to pretend they developed it themselves,” he said. “It would be like taking a copy of ‘Moby Dick’ and changing the names and saying you wrote it.”

UPDATE: The BBC has a similar article.


Here's an update on the Half-Life 2 source leak from Gabe Newell (thanks to Shacknews for confirming this):
1) We've taken our network connection down to pretty much a minimum. We're still finding machines internally that have been compromised.
2) The suite of tools that the attacker was using included the modified version of RemotelyAnywhere (basically a Remote Desktop-style remote admin tool), Haxker Defender (a process, registry key and file hiding tool), the key logger, and various networking utilities that allowed them to transfer files (compressors, NetCat, and FTP). We also are pretty sure they were sniffing our network to gather passwords and other information. Haxker Defender includes a file system driver that allows an attacker to have stuff on your machine that is invisible, unless you do something like mount the drive under another OS that has NTFS support.

We have determined one way of detecting some infected machines, which is using a connection viewer to detect connections to anomalous hosts external to our network.

We still don't know their entry method.

3) In general, the community has been remarkably swift at tracking down the sources of the leak. What would be most helpful now are IP addresses of the people who were responsible for the intrusion or for the denial of service attacks.

4) Also, please continue to send in URLs of websites hosting the source code. We've been contacting people and asking them to take it down.

5) There's anecdotal evidence that other game developers have been targeted by whoever attacked us. This hasn't been confirmed. We've been providing other game developers with more detailed information about the exploits and evidence of infiltration.

6) We're running a little bit blind with our network shut down, but it seems like some of the press has picked up the story. I've been fielding calls from the mainstream non-games, non-technical press.all day. Hopefully they will get to report shortly what a mistake it is to piss off a whole bunch of gamers and get them hunting you around the Internet.

For any information related to this, please send it to helpvalve@valvesoftware.com, or you can always send to gaben@valvesoftware.com as well.

Now, more bad news: it's possible that more than just the source code leaked, although this is just unsubstantiated rumor at this point. Do not support the distribution of any such files, do not download any of these files yourself (unless you want to expose yourself to horrible viruses and possible legal prosecution), and contact Valve immediately if you come across people or organizations circulating anything suspicious.
UPDATE: While there are numerous examples, two files in particular are circulating that claim to be builds of Half-Life 2, both are over a gig: one contains no HL2 content and is really just a front for a key-logging program, and the other contains gay porn. Don't be stupid, and don't download anything HL2 related that isn't official or from a reputable site. It's either illegal, fake, or filled with viruses, so no matter what, you lose.

farewell

 

definate ownage there

 

How many threads do we have on this now?

 

And they still run Windows.
I agree this is a terrible thing, but if you run an OS that cannot be made secure you have to accept the outcome.
I saw HL2 running at last weekend's LAN party. Very beta, but running. They guy said it was downloaded from IRC.

 

"On the bright side, since this leak is just source code, there is no actual game art or content" - Thing

Erm actually it's the other way around. It would have been better to let the full game out then the source code. This way Valve can be sued by many companies and also other companies can nick ideas and pieces of code. Valve will have to redesign huge chunks of code as hackers and cheat makers now have the blueprint to HL2. It's actually awful And there was no point in the hackers releasing the source code. It didn't help anybody but wrecked a lot of hard work for many companies.

 

wahats the bet a large games developer got these hackers on the job?

 

http://www.nvplanet.com/modules.php?name=News&new_topic=49


according to this site who got it from another site, the hacker got more then just half-life 2 code....

i got one question. Why have code to a game that will make $$$$$$ on a computer connected to the internet? i mean thats plain stupid, it could be connected to a network but why would That network need internet connection? So you guys can check your email? damn two computers/one monitor with a switch is too high tech i guess. use one for network with code, one for internet based work. that way the damn hacker has no way of getting to the code.

LMAO hahahaha in other words "WE've got black ice!"

 

How else are you going to join the work from all over the place? Game programmers (all large programming jobs as a matter of fact) are done in pieces all over the place. It takes real talent and education to bring these pieces together to make a product. The internet makes this possible - art from New York, menus from Florida, help files from India, base code from Santa Clara all assembled in Boulder.
You can mail Cd's, but you will never meet your deadline that way.

 

well at the very least only connect when you have to, and then it could be incripted. hey, some one Fu(ked up or the code would not have been stolen. I think its a shame too, now who knows when the game will be released. Could it also be that someone at Valve was helping the hacker?? or is the hacker actually working for Valve and they don't know it.