2003 Leak / FBI Logs

FBI - VALVE SOFTWARE - AXEL GEMBE.pdf

Hello Gabe, I'm very sorry about what happened with HL2. I want to explain a few things. I was in your network for ~6 months, watching your development process, which was very interesting. Yes, I am the hacker, no, I didn't distribute HL2. Beginning of September, I was on LCIRC exchanging some info with a friend that works on a project with me, but my connection was being watched by the myg0t guys. I only found out later that LCIRC is full of myg0t people and I have been sniffed. So, basically they got WebMail & VPN passwords by me being foolish about this stuff. I don't know exactly what they installed, but the modified RemoteAnywhere and the Keyloggers wer…

On Tue, 17 Feb 2004 Gabe Newell <[email protected]> wrote: >I get a couple of hundred spam messages a day, which sucks. Ooh, that's bad 🙂 I usually use addresses I dump later for most stuff, but I assume you can't do that as easily. >I downloaded the VSS client, but I haven't had a chance to look >at it >yet. I need to run home to deliver chicken yakisoba to the starving >children, but I'll take a look at it tonight. yaki="fried" soba="buckwheat noodles" with chicken? Mmmmm, I like asian food, except sushi 🙂 Thx for having a look at it, but don't if you're too busy, just throw it at someone else. I imagine you'd have to …

On Thu, 19 Feb 2004 Gabe Newell <[email protected]> wrote: >So how much do you know about the jerks who actually did the leak? I can only say 1 name that I know of, which is SourceX. Hes the owner of LCIRC (which I didn't know before the leak), and he owns all the boxes LCIRC is hosted on. This breakin was clearly done using sniffed data from me and SourceX is the only one with the capabilities, the knowledge and the motives to have sniffed me there (I now even know of other people that got sniffed there, but I was stupid and trusted SSL to keep me secure). Also I am sure I didn't exchange the passwords and other info elsewhere, and I personal…

On Fri, 27 Feb 2004 Gabe Newell <[email protected]> wrote: >Aagh. Crack week. We're going through planning for E3 and showing >off >the XBOX version for the first time. Microsoft is getting pretty >hungry >for anything to make the XBOX look competitive with the PS2. > No problem, I understand you are a busy man, especially when Bill wants his HL2 for his XBOX 🙂 Does the XBOX even support Misc by default, or will you have to play it with controller? >Were you kidding about working here? You certainly impressed us >with >your skills. We've hired a lot of people from the community, and >I >guess i…

On Sun, 29 Feb 2004 Gabe Newell <[email protected]> wrote: >Yep. I appreciated the heads up on that. No problem, I can also inform you about possible security holes, cause I have quite a bit of insight into the hacking/cracking underground. Well, what do you think about me working for you ? If you want the resume first, tell me. I would be happy if I didn't have to search for a job anymore.

Right now I'm assuming that our webserver and our FTP server are compromised. We're building new machines from scratch to replace them, and not getting too worried about what's on there until we swap them out. The link, ftp://132.230.1.7/incoming/to_valve.rar, you sent doesn't appear to work (no files in the directory). We pay for all interview related expenses (travel, hotel, food, etc...) as well as relocation expenses (pretty standard for the game business). Gabe -----Original Message----- From:[email protected] Sent:Saturday, March 06, 2004 To:Gabe Newell Subject:RE: So, do you believe me? >I'll try to be more prompt in my replies. …

Axel Gembe Objective: Network Administrator / Programmer Summary Experiences with administering and securing Linux, Windows, and BSD based networks Experience in Visual C++, GNU C++, Pascal, BASIC, with focus on network, system and secure programming Ability to develop custom security solutions, based on free IDS systems and self-written anomaly detection systems/firewalls Ability to audit networks/software for common problems like buffer overflows, etc... Teamwork with multiple security teams and/or version control using SVN, CVS, VSS and a little Perforce Experience with cross-platform development on Win32/Linux and k…

Attached:resume.rar (54 KB) Here is Axel's resume. -----Original Message----- From: [email protected] Sent:Tuesday, March 30, 2004 To: Alfred Reynolds Subject: RE: So On Mon, 25 Mar 2004 Alfred Reynolds <[email protected]> wrote: HTML is fine. A microsoft word doc wouldn't hurt either. Ok, here it is: ftp:///ftp.uni-freiburg.de/incoming/resume.rar password is "forvalve"

We had a phone interview commencing at 11:03am PST on 03/26/2004 with someone claiming to be the person that hacked valve (daguy). He contacted me on my phone extension in my office (extension 100). His initial contact was via na IDSN connection into his PC. He had trouble with the connection (bad voice quality) so we terminated that call and he rang us back via another line. He said this line was his phone line. The second call commenced at 11:13 am PST. I spoke with him briefly when I answered the second call and introduced Greg Coome. At this time Greg Coomer, Matt Bamberger, Yahn Bernier and myself were in the room. Greg introduced himself and said that it w…

Two chatlogs, containing all of "Ago's utterances on a private bot code creation server".

Summary of Investigation Valve Software, located in Bellevue, Washington, USA, creates, produces and sells popular Internet-based computer video games. One of these games is Half-Life, an immensely popular game with sales exceeding $250,000,000 (US$). Valve Software was in the process of developing Half-Life II (HL2), the widely-anticipated sequel to Half-Life, when their computer was "hacked" into or accessed without authorization. Based upon the sales of the original game, Valve Software had expected HL2 to generate sales revenue of at least $200,000,000. Valve Software learned of the unauthorized intrusion into its computer system on October 1, 2003, when the…

Dear Herr Kreitlow, The following information is in reference to a computer intrusion. The victim company is Valve Software. One of the main subjects involved is believed to be located in Germany, using the nick of AGO. On October 2, 2003, Valve Software, reported to the FBI the theft of their source code for the new engine technology in Half-Life 2 (HL2). HL2 is a popular game within the Internet community. The release date for HL2 was set for the end of September 2003. However, it was pushed back to an undisclosed time. To date, at least 13 Valve internal machines were compromised. Valve found machines that had both key loggers and backdoor trojans instal…

Dear Herr Eismann, As I stated in the previous fax, I am now providing you details, some of which you may already have, regarding the FBI investigation into the theft of intellectual property and computer intrusion and suspect AXEL GEMBE. Agobot Virus and Distributed Denial of Service Attacks of Websites and Internet Service Providers Investigation by multiple United States law enforcement agencies has established since October 2002, GEMBE has been participating in the development and deployment of a malicious computer code known as Agobot/gaobot Virus. The virus works by automatically gaining unauthorized access to Internet computers, in order to use those…

Ladies, Gentlemen, I hope that May finds everyone doing well. Since the last e-mail, 2 new individuals have been in the chat channel, with IP addresses resolving to Germany. The summary below details breifly the believed identity of each individual based on appearances in the chat room and a comparison of nicknames and IP Addresses, under the belief that wonk/stebo are brothers, living together, and using the same Internet connection. The IP Address for Gumble may have been included in a previous update. The subject NewRoot has only recently entered the channel in the last 2 or 3 days.

Transfer Protocal (FTP) link for the exploit's base code as well as a portion of the code. On May 02, 2004, GEMBE contacted Reynolds once again via email. In the e-mail, GEMBE stated that he is "currently auditing" Valve's network. Specifically, GEMBE stated "i think i sent you the lsass exploit early, so i comprehended not patching an invitation :)." Basically, GEMBE used the lsass exploit to once again hack into Valve's network without their permission. GEMBE further requested to be allowed to remain in the Valve systems and stated "ill let noone log the passwords this time :)," referring to his previous compromises of the Valve Software network. Valve informed Sea…

Hello everyone, Enclosed is an EC I prepared detailing the latest actions and communications between Gembe and Valve. Kristen/Stacy, please provide me with fax numbers, and I can fax the referenced e-mails to get them to you ASAP. Valve is not comfortable with the security of their network (especially after the subsequent intrusion by Gembe), so they usually just provide me with hard copies. Thanks!

Dear Frank and Joern, Attached is a short summary of the content of recent chat logs between GEMBE and a confidential informant, from Agent Mike Gordon (he did a short summary, because the logs are many pages). He can fax these to the Legat office, or email them to me on our internal email system. Let me know how urgently you need these. Seattle advised that they can send the emails between Valve and GEMBE, but it is about 40 pages. They are sending this to the Legat Frankfurt office via our internal email system. If you want this immediately, I can fax it to you. 04/12/2004 - Microsoft Release patch concerning the LSASS Vulnerability - CAN-2003-0533 0…