Half-Life 2 Delayed Following Code Leak

jhol writes "CNN is reporting that Half-Life 2 is delayed "by at least four months, that is to April 2004.", due to the code leak. VU Games has already suffered a 29% fall in revenue and an operating loss of $61.36 million this year. A Christmas release of Half-Life 2 would probably have been most welcomed." Update: 10/07 20:38 GMT by S : CNN Money are now reporting there's a newly public leak, allegedly involving a partially playable, Beta pre-release of the game.

Still haven't learned their lessons

[Alcimedes]

I have to wonder how long until people start to realize that for truly critical (read millions of dollars) work, you're best off having the production machines OFFLINE.

It would be a pain in the ass only being able to code on one machine, but even something as simple as a KVM switch would make it tolerable.

No internet, and none of this stuff is a problem. Not to mention you can keep working while various worms/viruses make their rounds.

The 'net is just too insecure these days, especially if you're running some version of Windows.

Re:Still haven't learned their lessons

[badasscat]

I have to wonder how long until people start to realize that for truly critical (read millions of dollars) work, you're best off having the production machines OFFLINE.

It would be a pain in the ass only being able to code on one machine, but even something as simple as a KVM switch would make it tolerable.

Pain in the ass?? Try impossible. How do you think game programming works, anyway? One guy sitting there plugging away on his work machine from 9-5? Bzzzzt. Sorry, try again. I say this as someone who works in the industry for a fairly large publisher who will remain nameless.

HL2 is a large, big-budget game with a lot of code, a lot of staff, and a tight production schedule. Some people seem to live in this fantasy-land where PC games are still coded by individual hackers locked away in their basement. Well, welcome to the real world, where dozens of people need to work on the same code in near real-time, and where work continues even while coders are out of the office or in fact out of the country.

I don't know that all of this code needed to be on one machine that was net accessible. There's probably something that could have been done to segment it among separate machines on separate VPN's, which then could have been combined to compile and run whenever a build was needed. So yes, Valve could have probably taken better precautions. But the answer is not to put all of the code on a single, closed machine - that simply doesn't work in real life. The code - at least some of it at a time - needs to be net accessible for a company in the business of making games to function these days.

It was revealed today that a third of the code was stolen, so maybe Valve actually was taking some sorts of precautions - maybe it was separated into three segments on three different machines. But that probably was not enough.

You can look at Valve's security as a whole, and maybe you will find holes that should have been plugged, but simply saying "the code should not have been net accessible!" is just not realistic.

Re:Still haven't learned their lessons

[sqlrob]

And VMWare doesn't emulate 3D hardware worth crap. How is a cutting edge 3D game supposed to be developed with that?

Re:Still haven't learned their lessons

[gorfie]

I agree that Valve should not be blamed for allowing the code to reside on a machine connected to the Net. Having the code reside on a local machine (or local network of machines) that does not have Internet access is an impractical idea.

However, I think Valve shares some of the responsibility on other aspects. The unpatched Outlook (perhaps even the use of Outlook) is definitely a problem area for such a high profile organization. If they neglected to patch Outlook, what other basic security issues were neglected by Valve? Perhaps it was something as simple as Gabe using his home computer which he left unpatched, but that's something that network admins should be aware of IMO.

I also think Valve's staff is vulnerable to social engineering. Take a quick peek at myg0t.com (skip the intro and turn off the music) and read about the various chats that were had with Valve personnel. Really simple stuff that worked.

My point: Valve should be aware that they are high profile and they should have at least taken measures to make themselves secure against basic hacking methods.

Re:Still haven't learned their lessons

[GooRoo]

Ummm... I don't think he was suggesting that you take the machines off a network, just the internet. You could quite easily have an internal network with machines/servers/other devices for development of the game by a multitude of people and a external network for machines that have internet access.

I setup all my test networks that way, Valve could certainly do the same. Sure it can be a pain, but it's the only way to go when you *really* want something secure.

Re:Still haven't learned their lessons

[racermd]

Good point. The developers can, to a certain extent, make demands regarding their development environment. However, network security is totally in the hands of their IS/IT department, if they even have one. It's the responsibility of the IS/IT staff to maintain the computing environment everyone works in. That applies to developers, the CEO, marketing, even the secretary. The head of IS/IT must set balanced policies regarding access and security. Access should be granted on an as-needed basis, not on an as-wanted-by-CEO basis (like some companies I've worked for). [RANT]I've never understood the reasoning behind the CEO or other major department heads getting unrestricted access to everything. The people that are most visible in the company, and thus the biggest targets, are these department heads. Often, these are the same people that don't even understand the technology they've been given access to, which makes them just that more dangerous to the security and integrity of the network. I try to point out that they should have just as much access as they need to do their job, and that usually means less than their own secretary.[/RANT]

If it were me, I would have mandated a separate firewalled subnet for the developers systems and done away with Exchange/Outlook company-wide in favor of a more stable mail server. It wouldn't be completely out of the question to maintain a second mail server just for the developers inside their subnet. An enterprise-grade network-enabled virus scanning package would have been installed at the primary switch on both networks. Accessibility from the outside, including from the other subnet used by the general office staff, would be restricted to what would be absolutly required. These connections, once enabled, would be monitored and restricted to certain times of day. I'd even go so far as to implement a one-time password system with rotating keys.

With just these simple policies in place, connectivity to the outside from within is maintained, virii and trojans are dealt with (mitigated to reasonable extent, anyway), and the biggest external threats are those with the "absolutly required" access to the developer subnet from outside. It wouldn't have been totally secured against outside traffic, obviously, but the traffic that would come through should be easier to manage and detect. If it were an inside job, as some have speculated on due to lack of faith in the accounting of events Gabe provided, this would have been easier to detect, as well. Covering one's tracks is much more difficult to do if everything is separated and monitored more closely than the general traffic. Sneakernet is the only method that I have not addressed, and I can't see any reason to do anything about it. The developers would be the only staff that have regular physical access to the project's systems, so "outsiders" accessibility would be almost out of the question, assuming that the building has adequate access controls (i.e. card keys active for only certain times of day). And securing it any further would be tipping the balance of security/accessibility too far.

Also note that I'm not saying that what happened at Valve could have been prevented. A determined individual could still bypass the security measures outlined above with enough time and resources, but it would be much harder to do so. As an IS/IT manager, the focus is more on balancing security with accessibility. If the code were completely secured to outside access, development time and costs increase to the point where, possibly, it would make no business sense to even develop the game.

Re:Likely a change to stop "pirating".

[Blenderkitty]

Are you serious? How much money do you think Valve makes off of the sale of a game? How many MILLIONS?

Do you HONESTLY think that they would even make 1/10 of that solicting for donations from the good of one's heart?

How much money do you think cdex + xiph + bittorrent + scorched3d + blender + tons o' other donation-based projects get per year? Answer) A mere fraction of a fraction of a fraction as much as Valve does.

Re:Likely a change to stop "pirating".

Yeah, or they could consider free copying of the games as promotion for their concerts, where they make the real money.

When will Slashdot users grow up?

Games, movies, and even songs from the Backstreet Boys cost huge amounts of money to produce. You will be charged for copies, one way or another.

If people can't figure out how to slow down this ridiculous level of IP theft pretty damn soon, I guarantee you that we will have DRM shoved down our throats. In this case already, the delay of several months is probably to put in place with is effectively DRM, in order to cut down on multiplayer cheats.

This is why there could be a delay

[Pvt_Waldo]

It's not because the game leaked, but because the underlying systems that ensure that players can't easily cheat, warez the game, or access the personal information of other players.

Part of what was compromised was probably the code that handles CD key authentication, user online authentication, etc. So clearly warez and such for this game could be hugely rampant.

Part of what was compromized was probably the code that handles Valve's anti cheat system. So clearly the cheats that override that system could be hugely rampant.

Part of what was compromized was probably the code that is the game's engine. So clearly there could be cheat authors easily creating wall hacks, aim bots, and any number of other cheats.

Part of what was compromized was probably the code that handles purchasing the game over Steam. So clearly there could be some risk of credit card and online commerce fraud, personal information leaks, etc.

Look at it this way. The blueprints and plans for the bank got stolen. Thieves are studying them now. The bank is going over the blueprints with a fine toothed comb to fix the obvious (and not so obvious) weaknesses which are more clear when you have the plans.

Re:Confused

[Auckerman]

"Why would this cause any sort of delay?"

One possible explaination is that the network code will need to be made incompatible to prevent cheaters. APIs may need to me moved around and renamed to prevent see though wall cheaters. Stuff in the code may need to be hidden to make it harder for cheaters to mod the dlls.

Just a guess....

Please, shut up

[brkello]

How many whiny posts do there need to be on: "Why did they have to delay it? This is BS". Well, here is a reason. If your company just got hacked in to and important information was stolen and leaked, instead of working on the product, you have to find what the vulnerability was, how to do damage control, how to re-structure how you do business so it doesn't happen again (i.e. redesign the network and create new security policies), and then have to get back to work on finishing the product while trying to make sure that anything cheaters would have gained from the source is fixed. I would say that is pretty large amount to do in a few months. Don't you think they would love to get it out so they can make money? Just use some freaking common sense here. If you are surprised by these delays, then you didn't think very hard. If you are upset by the delays, join the crowd, hunt the hackers, whatever. Just relax, it's a game, go buy a different one. It's not the end of the world.

Re:Likely a change to stop "pirating".

[Synn]

When will Slashdot users grow up?

When people realize that when one slashdot user speaks, he doesn't speak for all slashdot users.

Re:Delayed anyways?

[PainKilleR-CE]

moreover, IT'S A SINGLE PLAYER GAME mainly. and fuck, some id's games can be played pretty decently still on public servers when the source has been out for years

No one would still be playing Half-Life if it was selling for single player only (that being said, it's sold about 140x as many copies as there have been people playing it online).

As for id's games, Quake was completely pointless to play after the source was released. It may be significantly better now, after people have spent years working on anti-cheat software for the game, but for the year after release you couldn't join a game without at least one person using a blatantly hacked client, and who knows how many others using more subtle cheats. I didn't even bother trying Quake 2 after the source release, as I was already playing TFC (and by that time dealing with cheaters there, too).

That being said, I can only see the source release being a fairly minor delay, depending on how heavily Steam and the CD key verification need to be rewritten. For the rest of their code, they just need to be extra careful in reviewing their code for exploits, as now they have plenty of other eyes looking for anything that might be missed in the final code, and probably at least a dozen little utilities being developed to scan the HL2 binaries for anything found in that code.

Re:hello, outlook

[DickBreath]

I bet Slashdot wouldn't be so smug if the attacker had gotten in via the also patched SSH exploits that were out recently.

Yes we would be.

It is one thing to have a bug (i.e. buffer overflow) which can be exploited. That can happen to anyone.

It is a whole different thing to have software that is not designed with security in mind. SSH is designed to be secure. Outlook is not. IIS is not.

You're comparing a bug (which anyone can have) to a security design problem (which Microsoft seems to have plenty of).

Running a web server under the System account? Executing strange code merely by receiving e-mail? Showing spammer's links to external graphics by default? A web server that allows dot-dot-slash URL's to serve (or execute) files outside the WWWRoot directory? The people who wrote this were NOT thinking the slightest about security.

Um, yes we would still be as smug. And rightfully so.

How about this donation model?

[Ohreally_factor]

It's already in place and seems to function.

It's called paying for the damn game.

bullshit.

[twitter]

It's not because the game leaked, but because the underlying systems that ensure that players can't easily cheat, warez the game, or access the personal information of other players.

Next you will tell me that XP is so full of holes because someone "stole" it's source code before M$ sold it to China and the former KGB. That's almost as good as them swearing that revealing the source code to Windoze would be a national security disaster. Give me a break, will you?

Warez only needs to hack a binary copy.

Cheats only need to watch their traffic.

None of this makes a difference if the system is well made to begin with. This is why OpenSSH is a secure system despite open publication of it's source code.

This is just more anti-open and anti-free FUD. Shame on VU for using Outlook and M$ for anything they wanted to keep to themselves. Shame on them for blaming software and the philosophy behind it for their own failures and shame on them for not being able to get their shit together. ID games rules, VU drools under Bill Gates thumb.