[ISN] Game Biz Mystified by Code Theft

From: InfoSec News (isn@private)
Date: Sun Oct 05 2003 - 23:19:45 PDT

  • Next message: InfoSec News: "Re: [ISN] DHS cyber division taking shape, despite concerns about waning influence"

    Forwarded from: William Knowles <wk@private>
    
    http://www.wired.com/news/games/0,2101,60701,00.html
    
    By Suneel Ratan
    Oct. 04, 2003 
    
    In one of the highest-profile cases of cybercrime to hit the gaming 
    industry, the source code for Half-Life 2 -- one of the year's 
    most-anticipated games -- was stolen and released over the Internet, 
    developer Valve said Thursday. 
    
    Valve went into radio silence Friday and did not offer any insights 
    into the motive behind the theft. 
    
    Amid the void, gaming-industry insiders offered varying views on the 
    significance of the theft and the ensuing release of the code on 
    Valve's business. Though troubling, many saw the theft as less than 
    catastrophic, given that source code represents a game's underlying 
    engine -- determining such essentials as how the action within a game 
    is portrayed -- but is unplayable without art and sounds, which 
    apparently were not stolen. 
    
    Gifford Calenda, who has run development teams at game giant 
    Electronic Arts, said he wouldn't want to be in the shoes of Valve 
    Managing Director Gabe Newell. Still, Calenda said the issue of 
    proprietary code is overwrought. He stressed that it takes a lot more 
    than code to make a hot game. A great story line, art and sound are 
    all essential. 
    
    "Many executives believe that source code is valuable and has to be 
    protected," Calenda said. But in the gaming industry, it's difficult 
    for any company to stay ahead based on programming talent alone. 
    
    "In reality, people move from job to job and exchange ideas, and any 
    great coder can do what's needed to produce a particular effect," he 
    said. 
    
    One gaming industry executive, who asked not to be named, went even 
    further in minimizing the theft's importance. He noted that rival 
    developers likely would stay away from downloading the stolen code, 
    calling it "(expletive deleted) antimatter." 
    
    News of the source-code theft and release began ricocheting around the 
    Net Thursday morning. Early that afternoon, Valve's Newell confirmed 
    the theft in a message-board posting at Half-Life2.net that pleaded 
    for help from the vast online community built around the game and 
    Valve's other products. 
    
    "Well, this sucks," Newell wrote in one of the note's most memorable 
    lines. 
    
    The note left some industry denizens and message-board posters with 
    slack jaws over how a hacker was able to penetrate Valve's security. 
    They noted that piracy-paranoid game companies tightly protect their 
    networks and servers, often storing code and assets on machines 
    without an Internet connection. 
    
    In his note, Newell said the company suspects that around Sept. 11, 
    someone hacked his e-mail account. His PC then began "acting weird," 
    crashing when he would right-click on executables. 
    
    Newell, who started Valve after leaving Microsoft, believes keystroke 
    recorders for collecting passwords were installed remotely. He 
    believes this happened through a hole in Microsoft's Outlook 
    personal-information management application. 
    
    In the posting, Newell added that over the past year the company has 
    been subjected to denial-of-service attacks against its corporate 
    site, as well as the site for Steam, a new digital-rights-management 
    platform that the company released last month. He pleaded for anyone 
    with information about the thefts or the attacks to send an e-mail to 
    helpvalve@private 
    
    A call to the FBI's Seattle office about whether the agency is 
    investigating the episode was referred to an agent who did not return 
    phone calls Friday afternoon. 
    
    Valve until recently has been a darling of hard-core gamers. The 
    original Half-Life, released in 1998, is a first-person shooter 
    involving aliens invading a top-secret government complex, a story 
    line that continues in Half-Life 2. Valve also released a 
    software-development kit that was used to create modified versions of 
    Half-Life, including Counter-Strike, one of the most heavily played 
    team-combat games in cyberspace. 
    
    But lately Valve has found itself at odds with gamers over its plans 
    for Steam, a digital-rights-management platform. 
    
    The platform will allow Valve to sell Half-Life 2 directly to 
    consumers as a download on the day it is released as a packaged 
    product. Players will pay either a one-time fee or a monthly 
    subscription fee to get subsequent multiplayer versions. Steam also 
    includes anti-cheating and anti-piracy features that will be required 
    to play products such as Half-Life 2 online. 
    
    Some players are up in arms over suspicions that Valve will introduce 
    a subscription fee for all of its games, including online play of 
    Counter-Strike and its updated versions, which currently are free. 
    
    "I can't speak for Valve about how this (theft) is going to affect its 
    strategy and its business, but it's one of the highest-profile cases 
    of cybercrime in our industry, and it's affected how we all do 
    business," said Alex Garden, CEO of Relic Entertainment, which has 
    worked with Valve on Steam. 
    
    "It's interesting from an academic perspective, because it's going to 
    have implications for how we interface with our communities and what 
    level of communication we have about our products," he added. 
    
    In his note, Newell gave no indication of whether the theft will 
    affect the release date of Half-Life 2, which recently slipped from 
    this week to later this year. 
    
    
     
    *==============================================================*
    "Communications without intelligence is noise;  Intelligence
    without communications is irrelevant." Gen Alfred. M. Gray, USMC
    ----------------------------------------------------------------
    C4I.org - Computer Security, & Intelligence - http://www.c4i.org
    ================================================================
    Help C4I.org with a donation: http://www.c4i.org/contribute.html
    *==============================================================*
    
    
    
    -
    ISN is currently hosted by Attrition.org
    
    To unsubscribe email majordomo@private with 'unsubscribe isn'
    in the BODY of the mail.
    



    This archive was generated by hypermail 2b30 : Mon Oct 06 2003 - 02:15:02 PDT