Conspiracy Theory

UO Staff Joined: 10 Sep 2003 Posts: 524 Location: Atlanta

Now, how was the code stolen? In later press releases, it was said that someone was able to force their way onto a Valve file server and copy the tree from there.
But, let us reflect: why would Valve have a project as big as Half Life 2 on a server that even had the POSSIBILITY of being hacked? Wisdom and common sense would tell us that important things should be kept isolated. Ah, alas, such was not the case for Half Life 2.
And now, look. We are told that the release date for a nearly finished game would be pushed back until *GASP* Q2, 2004. Wow, Spring, at the earliest? Wow... But we accepted it, did we not? Yes, because it was not the fault of Valve. They did not overhype or guess wrong on their release date. They were VICTIMS, for the love of Newell, they were victims...
Or were they?
Has anyone seen a Half Life 2 beta? Or, for that matter, an alpha? Alas, I asked a friend in DEViANCE, and he said that no one within the 'security' *coughpiracycough* community has seen anything Half Life 2ish. Suspicious? Most definitely. When the Doom3 alpha was leaked, pirates were over it like parrots on the shoulders of... well, pirates.
Yet, no one has Half Life 2.
If you're still with me, I applaud you.
It is the opinion of Kael and myself that Valve may have lied about the code being stolen.
Would they be so stupid and negligent as to have kept it on that server? Would they be set back as far as they have? And were they truly ready to release before Christmas?
I say no to all.
Yet, by their victimization, we provide symapthy instead of the gamer anger and consumer wrath typically associated with pushing back the date of a great game at the last minute.
What does everyone think? Was Valve truly the victim of a brilliantly designed scheme to steal source code and then keep it secret, or did they just devise a new way to push back the release date without being crucified along with Mark "Two Weeks" Rein and Duke Nukem For-"n"-ever ?

Discuss.

Guest

The only way they could make me beleve that it has been stolen is to tell the whole gameworld that they were so incredible dumb that they stored the sorce on an accsesselbe server and if they realy are that dumb then I would not buy there games.

Not even I ( I am a "programer", I make flash in a program whitout codeing, but im learning coding Java2 ) would store my sorce-files somewhere public.

They could have stolen the code and is keeping it secret for there own development but it seems to simple.

I think that Valve didnt dare to tell us that they were delayd now when everybody else is too!

And if I would have been Valve and Had been hacked I dont think I would have tell!

Guest

strangely, i think you may very wall be on to something here...
you don't need to use the coronas as an excuse for thinking up what people might call "crazy" conspiracy theories about the hl2 code theft: i myself have been thinking for a while about this story (btw it got gamespots' "biggest news of the year" award), and came to the exact same conclusion while pondering the axact same "evidence" you did...
at one point i was simply reading up on the story as it was developing, and i thought to myself: "hey, what if this is just one big hoax: i mean, valve aren't THAT stupid, how could they leave the source code for the upcoming video game "messiah" on a server with a unpatched outlook security fault ?!"
and then it struck me: wasn't it possible that valve had realized that a delay was inevitable, and that after being so confident about their release date (see E3 2003) and the impact the news of the delay would have on their image would be quite terrible, and decided to stage this whole hacker story just so they could pull off delaying the game without losing face in front of the whole gaming industry, their fans, and possibly the general gaming public as well ?
only one thing bothers me: do valve really take us (ie the gamers) for idiots ? if they really did stage this thing, did they really think we wouldn't end up finding out ? and even IF we never found out, the idea is just plain dishonest and disrespectful of their fans (and i know there are quite a few...).
this remains a mystery, sort of like the jfk asassination of the gaming industry (lol).
anyway, just my 2 cents.

Posted: Wed Dec 24, 2003 2:17 pm

[overt eyes from name] http://silvercds.6x.to/ [/overt eyes from name]

*I havn't used or even condone things like this, I'm just mentioning it. *

Novice Spammer Joined: 03 Dec 2003 Posts: 75

I saw the "stolen" beta/alpha(mind you, not all, just a few looks at his monitor)
Buddy of mine dl'd a compiled copy of the code and played it for a while
He told me that for such a "incomplete" theft, it looked pretty complete to him.
All he said was missing was a number of textures
And of what I managed to see, it did look like it was public-beta ready.
And leaving the source code on a system that was internet accessible is extremely suspicious
Its like a scientist leaving the designs for cold fusion sitting on a open window sill

UO Noob Joined: 03 Dec 2003 Posts: 4

LOL! Yeah... I believe the HLII stolen code is nothing but a delay drama... just like a lot of things these days... less truth, more drama... Confused

Posted: Thu Dec 25, 2003 11:41 am

yeah I heard that the alpha was not far from completion and no way that it would take more then a month to finish it IMO and maybe 2-3 to bug test or sum

Guest

i work in software development - and you guys are missing something when you say its suspicious that valve left source code on a vulnerable server. This "server" was not a web server hacked from the internet - it was obviously behind the firewall: the intruder was **on valve's private network** and if you are developing software the source code is going to be kept on a version control server that is accessible to all developers so they can compile locally before checking in new code that would screw up the build. That's just how its done. If they had the credentials of any Valve developer, they would have had access to the source control system.

So anyway, thinking that it's suspicious that someone got the code is a red herring - once you're past the firewall and have somebody's login to the source control system you've got it all.

Guest

what **is** suspicious to me is the level of detail in Newell's post - those 6 points. A proper response to a security breach would be *not* to announce to the world how you were compromised, but just release a terse note that your source code was leaked and that you were slipping the ship date as a result.

Posted: Mon Dec 29, 2003 12:44 am

I'm a newbie in internet security (or just the internet generally) but isn't it possible to trace the connections to some server? I had a very old proggy that traced websites and IP's all the way to their main server or whatever and the general location of that computer

Novice Spammer Joined: 03 Dec 2003 Posts: 75

Most likely proxies and said hacker could also have erased tracks of IP and usage

Posted: Mon Dec 29, 2003 5:07 pm

ip spoofing - equally old hacker trick to fake or "spoof" an IP address of an incoming or outgoing request/acknowledgement.

those tools would only work if the hacker used his "real" IP addy. and all hackers know not to do that......

this was an inside job, and it was a way to get the publics response to something like this. notice that their hasnt been any news about it lately. (did they ever get the guy?)

UO Staff Joined: 10 Sep 2003 Posts: 524 Location: Atlanta

Agreed. I'm not unfamiliar with internet security - but keep in mind how Valve was talking about outside people, and the hacker community, and pirates, etc etc, in later posts (which I don't feel like dredging up right now)
I agree that if it was stolen, which by the alpha CDs being public, I would have to say it was, then why did Valve start pointing fingers at people outside the company rather than inside? Either they need to own up to the fact that they can be victim to the same travesties as other companies (corrupt coders, QA staff, etc) or they need to face the fact that having code on a server with access to the net was STUPID.
On that note, one thing about net security that I am well aware of was that I recall a case where some software was developed, and the uncompilied source code was on a PC that was connected to no network or the internet. It was an island, per se, and the developers of said program would make all their changes their, compile it and transport it via CD to their own seperate PCs for testing. Such is a tedious, but very safe process.