Announcement

**Tjalfe** · 2 October 2003, 12:47

http://forums.murc.ws/showthread.php?s=&threadid=44617

sorry Zao beat you to it

**GT98** · 2 October 2003, 14:32

doh! Valve got hacked!

Ever have one of those weeks? This has just not been the best couple of days for me or for Valve.
Yes, the source code that has been posted is the HL-2 source code.
Here is what we know:
1) Starting around 9/11 of this year, someone other than me was accessing my email account. This has been determined by looking at traffic on our email server versus my travel schedule.
2) Shortly afterwards my machine started acting weird (right-clicking on executables would crash explorer). I was unable to find a virus or trojan on my machine, I reformatted my hard drive, and reinstalled.
3) For the next week, there appears to have been suspicious activity on my webmail account.
4) Around 9/19 someone made a copy of the HL-2 source tree.
5) At some point, keystroke recorders got installed on several machines at Valve. Our speculation is that these were done via a buffer overflow in Outlook's preview pane. This recorder is apparently a customized version of RemoteAnywhere created to infect Valve (at least it hasn't been seen anywhere else, and isn't detected by normal virus scanning tools).
6) Periodically for the last year we've been the subject of a variety of denial of service attacks targetted at our webservers and at Steam. We don't know if these are related or independent.

Well, this sucks.
What I'd appreciate is the assistance of the community in tracking this down. I have a special email address for people to send information to, helpvalve@valvesoftware.com. If you have information about the denial of service attacks or the infiltration of our network, please send the details. There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great.
We at Valve have always thought of ourselves as being part of a community, and I can't imagine a better group of people to help us take care of these problems than this community.

Gabe

Yeah this bites

**GNEP** · 2 October 2003, 15:06

You have to feel for them... this has been some pretty targetted "cyber-warfare".

Also highlights how much of a priority IT security has to be in ANY company these days...

**Liquid Snake** · 2 October 2003, 15:14

Dammit.

**thop** · 2 October 2003, 15:17

Why do people still use that POS OE? I cannot understand it. Oh and how about we keep this in one thread?

**GT98** · 2 October 2003, 15:21

Originally posted by thop
Why do people still use that POS OE? I cannot understand it. Oh and how about we keep this in one thread?

Looks like he was using outlook and not OE

**thop** · 2 October 2003, 15:30

ok it appears outlook is not much better then.

**Indiana** · 2 October 2003, 15:39

I'd bet it was nVidia who hacked Valve and leaked the source code....

**Jon P. Inghram** · 2 October 2003, 15:43

Well, considering how crappy Steam is... I don't feel all that sorry for them. And they must have been feeling very brave to keep the source code on a computer that's got an internet connection in the first place.

**dZeus** · 2 October 2003, 15:47

Originally posted by Indiana
I'd bet it was nVidia who hacked Valve and leaked the source code....

I'd bet you're reading too many conspiracy theory books

**bsdgeek** · 2 October 2003, 15:48

Originally posted by Indiana
I'd bet it was nVidia who hacked Valve and leaked the source code....

Pffft, it was Major League Baseball in collusion with the IllumiNazis.

**Indiana** · 3 October 2003, 00:49

Originally posted by dZeus
I'd bet you're reading too many conspiracy theory books

I think you overlooked the smilie that I forgot to add...

Announcement

HL2 source code leaked?

HL2 source code leaked?

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment