FarS31

we have your hacking ass!! this is you you little magget!! Ever have one of those weeks? This has just not been the best couple of days for me or for Valve. Yes, the source code that has been posted is the HL-2 source code. Here is what we know: 1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule. 2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled. 3) For the next week, there appears to have been suspicious activity on my webmail account. 4) Around 9/19 someone made a copy of the HL-2 source tree. 5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools). 6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent. Well, this sucks. What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, [email protected]. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great. We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community. Gabe

Hi this is Zombie "RUN myg0t LMAO i told you that you usless people would get yours.." SO RUN AND HIDE SCRIPT KIDDIES THE FBI IS COMING I LOVE IT ! 1. They have an 'intercepted' email detailing the socialing of a Valve employee on their website. 2. One of their members (t0y) is credited if not with actually breaking this source code released story, with at least being the prime propagator of it. Of course, this could all be a big joke, and a good one at that. If not, however... If the email is authentic, and the files that t0y claims are the source are authentic, then you end up with the following scenario: Being the first to post the 'intercepted' email was not a brilliant move, as it can be used as evidence in an investigation into the leak of the source code. More on that in a minute. At the least we can speculate that myg0t members know how the email was intercepted. Since it's an internal email, it's evidence of intrusion. I bet not all 66 members of myg0t live in the same state as Valve (though looking at their whois data I'd bet at least the 'leader' is american), so that will spur a federal investigation. Realistically, the FBI is not going to chase down some kids for stealing an internal email - that kind of thing happens every day. The source code, however, is a completely different story. Kevin Mitnick stole source code from Sun Microsystems several years ago -- code he never gave to anyone, much less flung to the far reaches of the internet -- and he got 2 years in lockup *before* his trial, with a few more after his conviction. Of course, Mitnick was convicted before the FBI started getting really upset about computer crime. So anyway, back to the code. I'm no investigator, but every site I've seen that mentions the code points to the images on t0y's site. Take that, and add to it the anti-Valve rhetoric myg0t spews all over their site, and imagine what conclusions an FBI investigator might draw from that. Would a group like myg0t -- one who claims to exist for the sole purpose of ruining other people's good time and generally causing trouble in *this specific* gaming community -- assist in stealing the source to aid cheating for HL2 and its mods? I have no idea, but I'd guess the feds will want to find out. Since the passing of the USA Patriot Act, computer intrusion crimes falling under federal jurisdiction carry a sentence of 20 years. Things promise to get uncomfortable for anyone in myg0t who knows anything about how the code got out. Sentencing tends to be passed with an eye toward the value of what was lost; in this case six years of work and several million dollars on Valve's part. I wouldn't expect much leniency for anyone convicted -- not even for the people who just consipired to steal the code but didn't actually break into any servers. myg0t claims 66 members. That's a lot of people to question. That's too many to expect every one to keep their mouths shut if something illegal was going on. I really hope the source is fake, for their sakes; 20 years in federal prison is a high price to pay just to cheat a few people out of a good game of CS