Game Biz Mystified by Code Theft

[InfoSec News <isn () c4i org>]

Forwarded from: William Knowles <wk () c4i org>

http://www.wired.com/news/games/0,2101,60701,00.html

By Suneel Ratan
Oct. 04, 2003 

In one of the highest-profile cases of cybercrime to hit the gaming 
industry, the source code for Half-Life 2 -- one of the year's 
most-anticipated games -- was stolen and released over the Internet, 
developer Valve said Thursday. 

Valve went into radio silence Friday and did not offer any insights 
into the motive behind the theft. 

Amid the void, gaming-industry insiders offered varying views on the 
significance of the theft and the ensuing release of the code on 
Valve's business. Though troubling, many saw the theft as less than 
catastrophic, given that source code represents a game's underlying 
engine -- determining such essentials as how the action within a game 
is portrayed -- but is unplayable without art and sounds, which 
apparently were not stolen. 

Gifford Calenda, who has run development teams at game giant 
Electronic Arts, said he wouldn't want to be in the shoes of Valve 
Managing Director Gabe Newell. Still, Calenda said the issue of 
proprietary code is overwrought. He stressed that it takes a lot more 
than code to make a hot game. A great story line, art and sound are 
all essential. 

"Many executives believe that source code is valuable and has to be 
protected," Calenda said. But in the gaming industry, it's difficult 
for any company to stay ahead based on programming talent alone. 

"In reality, people move from job to job and exchange ideas, and any 
great coder can do what's needed to produce a particular effect," he 
said. 

One gaming industry executive, who asked not to be named, went even 
further in minimizing the theft's importance. He noted that rival 
developers likely would stay away from downloading the stolen code, 
calling it "(expletive deleted) antimatter." 

News of the source-code theft and release began ricocheting around the 
Net Thursday morning. Early that afternoon, Valve's Newell confirmed 
the theft in a message-board posting at Half-Life2.net that pleaded 
for help from the vast online community built around the game and 
Valve's other products. 

"Well, this sucks," Newell wrote in one of the note's most memorable 
lines. 

The note left some industry denizens and message-board posters with 
slack jaws over how a hacker was able to penetrate Valve's security. 
They noted that piracy-paranoid game companies tightly protect their 
networks and servers, often storing code and assets on machines 
without an Internet connection. 

In his note, Newell said the company suspects that around Sept. 11, 
someone hacked his e-mail account. His PC then began "acting weird," 
crashing when he would right-click on executables. 

Newell, who started Valve after leaving Microsoft, believes keystroke 
recorders for collecting passwords were installed remotely. He 
believes this happened through a hole in Microsoft's Outlook 
personal-information management application. 

In the posting, Newell added that over the past year the company has 
been subjected to denial-of-service attacks against its corporate 
site, as well as the site for Steam, a new digital-rights-management 
platform that the company released last month. He pleaded for anyone 
with information about the thefts or the attacks to send an e-mail to 
helpvalve () valvesoftware com. 

A call to the FBI's Seattle office about whether the agency is 
investigating the episode was referred to an agent who did not return 
phone calls Friday afternoon. 

Valve until recently has been a darling of hard-core gamers. The 
original Half-Life, released in 1998, is a first-person shooter 
involving aliens invading a top-secret government complex, a story 
line that continues in Half-Life 2. Valve also released a 
software-development kit that was used to create modified versions of 
Half-Life, including Counter-Strike, one of the most heavily played 
team-combat games in cyberspace. 

But lately Valve has found itself at odds with gamers over its plans 
for Steam, a digital-rights-management platform. 

The platform will allow Valve to sell Half-Life 2 directly to 
consumers as a download on the day it is released as a packaged 
product. Players will pay either a one-time fee or a monthly 
subscription fee to get subsequent multiplayer versions. Steam also 
includes anti-cheating and anti-piracy features that will be required 
to play products such as Half-Life 2 online. 

Some players are up in arms over suspicions that Valve will introduce 
a subscription fee for all of its games, including online play of 
Counter-Strike and its updated versions, which currently are free. 

"I can't speak for Valve about how this (theft) is going to affect its 
strategy and its business, but it's one of the highest-profile cases 
of cybercrime in our industry, and it's affected how we all do 
business," said Alex Garden, CEO of Relic Entertainment, which has 
worked with Valve on Steam. 

"It's interesting from an academic perspective, because it's going to 
have implications for how we interface with our communities and what 
level of communication we have about our products," he added. 

In his note, Newell gave no indication of whether the theft will 
affect the release date of Half-Life 2, which recently slipped from 
this week to later this year. 


 
*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
----------------------------------------------------------------
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
================================================================
Help C4I.org with a donation: http://www.c4i.org/contribute.html
*==============================================================*



-
ISN is currently hosted by Attrition.org

To unsubscribe email majordomo () attrition org with 'unsubscribe isn'
in the BODY of the mail.