Posted March 3Mar 3 Dear Herr Kreitlow, The following information is in reference to a computer intrusion. The victim company is Valve Software. One of the main subjects involved is believed to be located in Germany, using the nick of AGO. On October 2, 2003, Valve Software, reported to the FBI the theft of their source code for the new engine technology in Half-Life 2 (HL2). HL2 is a popular game within the Internet community. The release date for HL2 was set for the end of September 2003. However, it was pushed back to an undisclosed time. To date, at least 13 Valve internal machines were compromised. Valve found machines that had both key loggers and backdoor trojans installed on them. The Valve email system was also compromised as an email sent from one internal employee to another was intercepted and published on the www.myg0t.com website. www.myg0t.com is a site dedicated to gaming cheats and producing mods for online games. Through forensic analysis of the victim systems, numerous leads and potential subjects have been identified around the world with one of the main subjects being located in Germany and using the moniker "AGO". Two of the Valve victim machines contained detailed technical information that led back to AGO and a number of Germany Internet Service Providers (ISPs). Through further investigation, it has also been determined that AGO's real name is "AXEL GEMBE" who is quite possibly residing in Schoenau, Germany. On 16 February 2004, Valve software provided the FBI with an e-mail sent to the CEO of Valve, claiming to be from the hacker regarding information about the computer intrusion into the Valve Software network and the theft of the HL2 source code. The e-mail address used by the sender was [email protected]. The sender claimed to have had access to the Valve network for approximately six months. However, he/she denied distributing the HL2 source code over the Internet. The sender then provided Valve with technical information "proving" he/she was legitimate. The sender then referenced the myg0t group and claimed the access he/she had obtained into the Valve network was discovered my myg0t members. The sender stated his/her motivation for hacking into the Valve network was only to "observe the HL2 development process." To date, the sender continues to send e-mails to Valve from the [email protected] address. A lookup resulting in the e-mail address coming back to a Vancouver-based company, Hush Communications, 455 Granville Street, Suite 203, Vancouver, BC V6C 1T1, Canada. This company does not retain any log-on or identifying information. Based on details in the e-mails, it is believed that the anonymous sender of these messages could be AXEL GEMBE a.k.a AGO. As you are aware United States Secret Service (Case Agent Kevin Sandlin) also has an open and active case against GEMBE for various Denial of Service (DOS) attacks and the authoring of malicious code, namely the AGOBOT which is an IRC-controlled backdoor with network spreading capabilities. There are variants of this initial worm as well that he may be responsible for writing and distributing. The FBI is hopeful that German officials will be interested in opening an investigation on AGO. The FBI would like to be provided with any subscriber information for accounts/sites/e-mails associated with AGO and, ultimately, would hope that a German investigation could result in a search warrant for his computer systems. AGO is also linked with the large botnet investigation into Creative Internet Technologies, a.k.a. FOONET As a side note, there is a belief that GEMBE may be the son of a German Magistrate Judge. This has not been confirmed.
