Good to hear.
I hope this scares off future hackers.

i just hope those guys remember not to accidentally drop their soaps while having shower in jail;)

Congratulations to Valve and those who helped catch these bastards....OK, they may be innocent until proven guilty, but you can still be a bastard before being proven guilty.....

it makes me feel good to know that for every 1 personal out there that will steal and pilage there is 10 ppl that will help bring those ppl to justice

ya thats really cool and awsome for the law enforcement. they should get the group of gamers looking into other crimes lol

/fox

I hope Valve is decent enough to give something to the vigilant people that helped bring these people to justice. Otherways I'd have to call Valve the 'bastards'.

the best way to track them down is by using gamers coz most of them know all the hacks for stuff

not naming names: but the amount of illegal shit i have found out people do on the net omg

Originally posted by JVI i k e l
I hope Valve is decent enough to give something to the vigilant people that helped bring these people to justice.

Well, they're going to give them Halflife 2 - I should think that's more than enough.

:p

heh. very cool action. I think people underestimate the power of a community. (remember DW?).

now bring us HL2 :wip:

I hope all game developers now understand the importance of SECURITY.

Valve got hacked by a trojan/keylogger right? Kind of lame if you ask me. If it's true.

Good thing they got caught.




i just hope those guys remember not to accidentally drop their soaps while having shower in jail

I'd actually wish the opposite but I'm sure that would't bother them anyways ;)

Originally posted by Tommy5547
...Valve got hacked by a trojan/keylogger right? Kind of lame if you ask me. If it's true. You're right, it must be the victims fault, they're such lamers ! :rolleyes:

slaughters

Be fair, I think the point being made was that when working on something (esp this high a profile) then security should be tighter.

If (and a big IF as I know no details) but if it was that easy then the guy in charge of security was doing his team mates/employers a big disservice.

Does not detract the blame from the low lifes that stole the code but that you have no control over, your own networks you do!!

JA

What happens if the trojan was undetectable at the time?

Isn't that their purpose to be there and make it seems they aren't?

Originally posted by jamacsween
slaughters

Be fair, I think the point being made was that when working on something (esp this high a profile) then security should be tighter.Define tighter. How you you know that it's "tight" enough?

There is no way of knowing how much security is enough until after you are taken advantage of. This is true for physical security as well as for computer security.

No matter how much you prepare you can not be 100% safe. This is why we use jail as a deterient. It's to tell people,

"Yes, my front door is not a bank vault, you can break it down with a kick, BUT if you do, there's a good chance that you're going to jail buddy!"

IMO, a genuine hacker does not uses keyloggers/trojans. A "true" hacker hacks (no I do NOT mean the hollywood hackers who uses the command OVERRIDE_PASSWORD)

And - a "genuine" hacker never destroy/steal stuff. They only leave their "urine-mark" to say "Hey, I've hacked you. Bye-bye suckers..."

They change someones homepage or something.

from what i've heard, it was an employee's home machine that was comprimised...he was working on the project at home, then all of his l/p's for work where found and therefore no actual break in registered at valve, which is perhaps how they managed to download so much over so long without being detected.

whoops.

Originally posted by Tommy5547
IMO, a genuine hacker does not uses keyloggers/trojans. A "true" hacker hacks (no I do NOT mean the hollywood hackers who uses the command OVERRIDE_PASSWORD)

And - a "genuine" hacker never destroy/steal stuff. They only leave their "urine-mark" to say "Hey, I've hacked you. Bye-bye suckers..."

They change someones homepage or something.

No offense, but thats the most wacked thing I've ever heard. Either way you are still a dick for breaking in and stealing/defacing someone else stuff. And where did you get the idea that "hackers" only do "urine marks?" I'm sure a few people at the FBI and NSA might disagree with you.

"Hacking" is a waste of time and effort. Its for nerds and dicks that can't offer any good help to the computer world. Its like the same mind set of the punk kids that tag buildings or steal car radios... but its becoming much scarier now. One day some dumb kid's worm will end up getting someone killed, and then they will need the death penaly for hacking. Call it terrorrism, or treason... but either way it needs to be stopped.



And to get back on topic... what good did stealing the HL code do? Was it really worth it? All it did was delay the game... so what was the point?

slaughters,

I take your point but what I was trying to dsay was that if it was a keylogging trojan that was used to spy on the network, then one would think that this sort of, fairly intrusive, spying should have been picked up. Again I do not know about the details.

Your argument "Yes, my front door is not a bank vault, you can break it down with a kick, BUT if you do, there's a good chance that you're going to jail buddy!"

is fair to a degree, but that is why banks have vaults doors and my home has a crappy alarm. You scale the security to suit what you are protecting.

Blame cannot be laid entirely at valves door, however if I was a bank security officer and I commisioned a crappy alarm system because "it does my house well enough" then I would expect a boot in the plums when someone walks off with the banks money (no matter how easy it was to catch them after).

Cheers

JA

Originally posted by Jackdeth
No offense, but thats the most wacked thing I've ever heard...

None taken.

There is a difference between script-kiddies and hackers.
Sure, I dispise them both but hackers don't steal. I WAS in the business a long time ago (yes regret regret remorse remorse) and the people that hacked and STOLE stuff was lowlife.


And to get back on topic... what good did stealing the HL code do? Was it really worth it? All it did was delay the game... so what was the point?


...Apparantly you did not read what I thought of people stealing stuff.

And try to control your bad language in the future.

Thats all I have to say about that.

Originally posted by Jackdeth
No offense, but thats the most wacked thing I've ever heard. Either way you are still a dick for breaking in and stealing/defacing someone else stuff. And where did you get the idea that "hackers" only do "urine marks?" I'm sure a few people at the FBI and NSA might disagree with you.

"Hacking" is a waste of time and effort. Its for nerds and dicks that can't offer any good help to the computer world. Its like the same mind set of the punk kids that tag buildings or steal car radios... but its becoming much scarier now. One day some dumb kid's worm will end up getting someone killed, and then they will need the death penaly for hacking. Call it terrorrism, or treason... but either way it needs to be stopped.



And to get back on topic... what good did stealing the HL code do? Was it really worth it? All it did was delay the game... so what was the point?

Originally posted by Tommy

IMO, a genuine hacker does not uses keyloggers/trojans. A "true" hacker hacks (no I do NOT mean the hollywood hackers who uses the command OVERRIDE_PASSWORD)

And - a "genuine" hacker never destroy/steal stuff. They only leave their "urine-mark" to say "Hey, I've hacked you. Bye-bye suckers..."

They change someones homepage or something.






Ok two bad word in both Jackdeth's and Tommy's sentences...

Luckily though when joined together,they exactly describe what an hacker is...hehe


You find it.

Tommy:Please think before you post such nonsense.

to have a secure network is to not have a network... just a computer without any modems, ethernet cards, serial ports, or any other means of passing information... I've read that some folks actually can read the lights blinking down their on your hard drive as the drive spins and use it almost like reading lips or sign language... computers compute... computations need to be read/understood... computers don't make much sense otherwise... that reading/understanding is a form of communication... any time that there's a form of communication there is ALWAYS the chance that someone else is listening/watching/waiting for a way to interpert that information... whether for good or evil use... once people start understanding that, they begin to understand a lot more about computer security. Computers and Security are not synonyms...

to have a secure network is to not have a network... just a computer without any modems, ethernet cards, serial ports, or any other means of passing information... even then, just having a monitor port could create a way to be broken in... I've read that some folks actually can read the lights blinking down their on your hard drive as the drive spins and use it almost like reading lips or sign language... computers compute... computations need to be read/understood... computers don't make much sense otherwise... that reading/understanding is a form of communication... any time that there's a form of communication there is ALWAYS the chance that someone else is listening/watching/waiting for a way to interpert that information... whether for good or evil use... once people start understanding that, they begin to understand a lot more about computer security. Computers and Security are not synonyms...

Originally posted by mastermesh
I've read that some folks actually can read the lights blinking down their on your hard drive as the drive spins and use it almost like reading lips or sign language...

:rolleyes:

You misread. Reading the LED from a HD would be pointless without knowing what it contained and where it was located.

Network card and Switches, OTOH, could include important data such as passwords, Credit Card numbers, etc... This data wouldn't be as hard to grab. A sensor designed to be sensitive to the same frequency as the LED's and memory capable of storing the results (compact flash card would be large enough) are all that is necessary.

-B

Then there is also tempis (sp?) systems that can view what your monitor shows by reading the radiation coming off of it through walls hundreds of feet away.

I've heard that CIA and NSA have a special font set that prevents tempis from reading the text.

Originally posted by StephanD
Tommy:Please think before you post such nonsense.

Dude, he said he was in the business before, so I don't think he's talking total nonsense.

What he was trying to say is that hackers are constructive and crackers are destructive.

The term "hacker" is being mixed up with with the term "cracker".

Hackers "test" the security of networks , systems, software, etc, and if they can find a weak spot, they will provide this information to the owner, so security can be tightened.

Always try to get your facts right first.

The guys who stole HL2 source code are crackers, not hackers.

Originally posted by ghopper
...What he was trying to say is that hackers are constructive and crackers are destructive.The 5 Step Hacker cycle:

1) Hackers break in to a new system
2) Tell their net friends all about it (where/why/how)
3) Their net friends use this info to destroy stuff.
4) Hackers comment on how much they deplore destructive behaivor.
5) Goto Step 1

P.S. ghopper - You're kidding yourself. Less than half of a half of 1% of the hackers do what you describe. They're kids who get a thrill out of trying to prove how smart they are by breaking into peoples (corporate) homes.

Originally posted by slaughters
P.S. ghopper - You're kidding yourself. Less than half of a half of 1% of the hackers do what you describe. They're kids who get a thrill out of trying to prove how smart they are by breaking into peoples (corporate) homes.

You didn't get my point. There is a specific term for those people you describe, it's crackers, not hackers.

it's crackers, not hackers.


Please stop saying that,although that is kinda funny.

“Everyone here at Valve is once again reminded of how much we owe to the gaming community,” added Mr. Newell.

So does that mean a price drop?
Joke.

Originally posted by StephanD
Please stop saying that,although that is kinda funny.

I don't really understand what you're trying to say, but maybe you should read this Hacker Ethics (http://www.textfiles.com/hacking/ethics.txt) and Hackers: Heroes of the Computer Revolution (http://www.amazon.com/exec/obidos/tg/detail/-/0141000511/ref=ase_stevenlevyhomepa/103-2227948-7663060?v=glance&s=books)

I don't really understand what you're trying to say, but maybe you should read this Hacker Ethics and Hackers: Heroes of the Computer Revolution
hehe, yeah, and next up we have "honor amongst thieves", right?

either way, how the heck valve could be so stupid to have sensitive data (like sourcecode) on a computer network connected to the internet is beyond me, whoever was handling the security there should be quietly dismissed.

Originally posted by BinarySoup
hehe, yeah, and next up we have "honor amongst thieves", right?


Have you actually read the article or the book ?

Anyway, guess it's pointless to try to explain the difference between hackers and crackers.

ghopper,

I hear what you are saying. I was going to point this out but the media has bastardised the term hacker for so long its true meaning has become lost.

I regularly "hack" code together for small projects in the true meaning of the word but I firmly believe virus writering etc is truely the lowest form of intellectual masterbation there is.

Binarysoup

hehe, yeah, and next up we have "honor amongst thieves", right?

Listen to what the man is saying and research your posts...

JA

I have worked in the games industry and IT for over 18 years now, and what is so scary is that this could so easily have been avoided by some very simple steps.

1) Do not allow network access from external sources! This is the most simple of protection systems that should have been in place. If you have no external access, you stop the situation straight away. If people needed to work on stuff from home, get a DVD writer and dump it to disk. It might take half an hour a day, but it could save months of development time.

2) If you do need access then make it by dial-up only. Firstly, this makes it very obvious where the access is being made from and secondly, the transfer rate is so slow, they'd end up taking about 10MB a day if they were lucky.

3) Make sure that absolutely nothing company related is stored on home PC's.

4) If an employee is working at home, ensure that the machine is scanned daily for trojans, virusses (or whatever the plural is.. virii??) and any other dodgy software, make them set up a separate profile within their windows system with high safeguards and restrictive access.

What I suspect will be the outcome of all this is that the minute the game is released and goes online, bots and cheats will be out there waiting for it. So immediately, the online game will be ruined before it even gets chance to kick off.

I wonder if they ever suspected it being an inside job? This industry is full of people who would do almost anything for a bit of notoriety within a peer group... it's how Beta's get leaked.

What I suspect will be the outcome of all this is that the minute the game is released and goes online, bots and cheats will be out there waiting for it. So immediately, the online game will be ruined before it even gets chance to kick off.

I wonder if they ever suspected it being an inside job? This industry is full of people who would do almost anything for a bit of notoriety within a peer group... it's how Beta's get leaked.
Well they have said they are rewriting portions of the code to negate any cheats that could be written from the stolen source code.

As far as it being an inside job... inside jobs are almost always from people who serve to gain from cheating the company, or people who serve not to gain either way. Valve's employees can only be hurt by the source code leak so I would not imagine it would be likely for one of them to have helped the leak. The DOOM3 leak was from ATI, which could debatedly either be from some software engineer who doesn't care about ATI or DOOM3 in any way, or it could have been ATI trying to drive up interest in DOOM3 and by proxy, its own cards. I'm more likely to believe some disenfranchised engineer as opposed to a company conspiracy, even though I don't like ATI. But the point stands, it's not likely that a Valve employee would have leaked the source code, they all stand to lose too much. Only if some employee had been fired or let go on poor terms or something would that be a liklihood. But in those cases, the employees are not given a chance to hardly go sit back at their desks, let alone install keylogging software and backdoors to come in and steal the software.

This thread has been automatically closed as it remained inactive for 12 months. If you wish to continue the discussion, please create a new thread in the appropriate forum.