TheBlueRaja
BR to Some
- Joined
- 19 Apr 2002
- Messages
- 766
Here's an update on the Half-Life 2 source leak from Gabe Newell (thanks to Shacknews for confirming this):
1) We've taken our network connection down to pretty much a minimum. We're still finding machines internally that have been compromised.
2) The suite of tools that the attacker was using included the modified version of RemotelyAnywhere (basically a Remote Desktop-style remote admin tool), Haxker Defender (a process, registry key and file hiding tool), the key logger, and various networking utilities that allowed them to transfer files (compressors, NetCat, and FTP). We also are pretty sure they were sniffing our network to gather passwords and other information. Haxker Defender includes a file system driver that allows an attacker to have stuff on your machine that is invisible, unless you do something like mount the drive under another OS that has NTFS support.
We have determined one way of detecting some infected machines, which is using a connection viewer to detect connections to anomalous hosts external to our network.
We still don't know their entry method.
3) In general, the community has been remarkably swift at tracking down the sources of the leak. What would be most helpful now are IP addresses of the people who were responsible for the intrusion or for the denial of service attacks.
4) Also, please continue to send in URLs of websites hosting the source code. We've been contacting people and asking them to take it down.
5) There's anecdotal evidence that other game developers have been targeted by whoever attacked us. This hasn't been confirmed. We've been providing other game developers with more detailed information about the exploits and evidence of infiltration.
6) We're running a little bit blind with our network shut down, but it seems like some of the press has picked up the story. I've been fielding calls from the mainstream non-games, non-technical press.all day. Hopefully they will get to report shortly what a mistake it is to piss off a whole bunch of gamers and get them hunting you around the Internet.
For any information related to this, please send it to helpvalve@valvesoftware.com, or you can always send to gaben@valvesoftware.com as well.
Now, more bad news: it's possible that more than just the source code leaked, although this is just unsubstantiated rumor at this point. Do not support the distribution of any such files, do not download any of these files yourself (unless you want to expose yourself to horrible viruses and possible legal prosecution), and contact Valve immediately if you come across people or organizations circulating anything suspicious.
UPDATE: While there are numerous examples, two files in particular are circulating that claim to be builds of Half-Life 2, both are over a gig: one contains no HL2 content and is really just a front for a key-logging program, and the other contains gay porn. Don't be stupid, and don't download anything HL2 related that isn't official or from a reputable site. It's either illegal, fake, or filled with viruses, so no matter what, you lose.
1) We've taken our network connection down to pretty much a minimum. We're still finding machines internally that have been compromised.
2) The suite of tools that the attacker was using included the modified version of RemotelyAnywhere (basically a Remote Desktop-style remote admin tool), Haxker Defender (a process, registry key and file hiding tool), the key logger, and various networking utilities that allowed them to transfer files (compressors, NetCat, and FTP). We also are pretty sure they were sniffing our network to gather passwords and other information. Haxker Defender includes a file system driver that allows an attacker to have stuff on your machine that is invisible, unless you do something like mount the drive under another OS that has NTFS support.
We have determined one way of detecting some infected machines, which is using a connection viewer to detect connections to anomalous hosts external to our network.
We still don't know their entry method.
3) In general, the community has been remarkably swift at tracking down the sources of the leak. What would be most helpful now are IP addresses of the people who were responsible for the intrusion or for the denial of service attacks.
4) Also, please continue to send in URLs of websites hosting the source code. We've been contacting people and asking them to take it down.
5) There's anecdotal evidence that other game developers have been targeted by whoever attacked us. This hasn't been confirmed. We've been providing other game developers with more detailed information about the exploits and evidence of infiltration.
6) We're running a little bit blind with our network shut down, but it seems like some of the press has picked up the story. I've been fielding calls from the mainstream non-games, non-technical press.all day. Hopefully they will get to report shortly what a mistake it is to piss off a whole bunch of gamers and get them hunting you around the Internet.
For any information related to this, please send it to helpvalve@valvesoftware.com, or you can always send to gaben@valvesoftware.com as well.
Now, more bad news: it's possible that more than just the source code leaked, although this is just unsubstantiated rumor at this point. Do not support the distribution of any such files, do not download any of these files yourself (unless you want to expose yourself to horrible viruses and possible legal prosecution), and contact Valve immediately if you come across people or organizations circulating anything suspicious.
UPDATE: While there are numerous examples, two files in particular are circulating that claim to be builds of Half-Life 2, both are over a gig: one contains no HL2 content and is really just a front for a key-logging program, and the other contains gay porn. Don't be stupid, and don't download anything HL2 related that isn't official or from a reputable site. It's either illegal, fake, or filled with viruses, so no matter what, you lose.