It seems that the noise around Half-Life 2 will not stop. This time however, it is extremely unlikely that the story is some publicity stunt since the possible reprecussions to Valve and to Half-Life 2 itself are enormous.
It has now been confirmed by Valve that Half-Life 2 source code has been stolen and released via Bittorrent and possibly EDonkey. According to sources, the code released stands at over 100 MB, unpacked and is reported to contain source code for Team Fortress 2.
The first confirmation of the story came from Gabe Newell himself, posting on the HalfLife2.net forums. According to Mr. Newell, Valve had experienced Denial of Service attacks in the past but his time specially made trojans were used.
According to Mr. Newell a ...customized version of RemoteAnywhere created to infect Valve, was used.
Valve, through Gabe Newell, have launched an appeal to get gamers to help them trace the source of the leak and how it is being distributed. All those who can help should contact
helpvalve@valvesoftware.com
It is too soon to contemplate the effect of the leak on H-L 2's release date, or even to speculate on whether this leak was the reason for the delay. It is however, certain, by the size of the source code leaked, that all it will create is trouble for gamers through the development of cheats.
There are also rumours that a working build of the game has also been stolen from Valve and that it is possible that it may become available, through P2P soon.
Valve have not yet decided what they will do about the leak and if they will attempt to trace people who download it. It is likely that much will depend on the response they get to their request for help.
Here is Gabe Newell's full email, as posted on the HalfLife2.net forums:
Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.
Well, this sucks.
What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.
Gabe
