Half-Life 2 Delayed Following Code Leak

jhol writes "CNN is reporting that Half-Life 2 is delayed "by at least four months, that is to April 2004.", due to the code leak. VU Games has already suffered a 29% fall in revenue and an operating loss of $61.36 million this year. A Christmas release of Half-Life 2 would probably have been most welcomed." Update: 10/07 20:38 GMT by S : CNN Money are now reporting there's a newly public leak, allegedly involving a partially playable, Beta pre-release of the game.

Still haven't learned their lessons

[Alcimedes]

I have to wonder how long until people start to realize that for truly critical (read millions of dollars) work, you're best off having the production machines OFFLINE.

It would be a pain in the ass only being able to code on one machine, but even something as simple as a KVM switch would make it tolerable.

No internet, and none of this stuff is a problem. Not to mention you can keep working while various worms/viruses make their rounds.

The 'net is just too insecure these days, especially if you're running some version of Windows.

Re:Still haven't learned their lessons

[javatips]

This should not be a big problem as the VM is isolated from the host (it would take far more serious hacking, that what was done to get HL2 code, to get inside VMWare internals). One could always snif the physical ethernet card for packed, but having the VM connect through VPN to the "DEV" network would solve the problem. The host could be a barebone linux Install without any open ports. That would limit the risk of having the Host being hacked. Now you have a closed down host with two VM. One on a "private" network, and the other on "public" network.

Having a seperate machine on a seperate physical network would be more secure, but would cost much more than the VMWare approach.

Re:Still haven't learned their lessons

[badasscat]

I have to wonder how long until people start to realize that for truly critical (read millions of dollars) work, you're best off having the production machines OFFLINE.

It would be a pain in the ass only being able to code on one machine, but even something as simple as a KVM switch would make it tolerable.

Pain in the ass?? Try impossible. How do you think game programming works, anyway? One guy sitting there plugging away on his work machine from 9-5? Bzzzzt. Sorry, try again. I say this as someone who works in the industry for a fairly large publisher who will remain nameless.

HL2 is a large, big-budget game with a lot of code, a lot of staff, and a tight production schedule. Some people seem to live in this fantasy-land where PC games are still coded by individual hackers locked away in their basement. Well, welcome to the real world, where dozens of people need to work on the same code in near real-time, and where work continues even while coders are out of the office or in fact out of the country.

I don't know that all of this code needed to be on one machine that was net accessible. There's probably something that could have been done to segment it among separate machines on separate VPN's, which then could have been combined to compile and run whenever a build was needed. So yes, Valve could have probably taken better precautions. But the answer is not to put all of the code on a single, closed machine - that simply doesn't work in real life. The code - at least some of it at a time - needs to be net accessible for a company in the business of making games to function these days.

It was revealed today that a third of the code was stolen, so maybe Valve actually was taking some sorts of precautions - maybe it was separated into three segments on three different machines. But that probably was not enough.

You can look at Valve's security as a whole, and maybe you will find holes that should have been plugged, but simply saying "the code should not have been net accessible!" is just not realistic.

Re:Still haven't learned their lessons

[sqlrob]

And VMWare doesn't emulate 3D hardware worth crap. How is a cutting edge 3D game supposed to be developed with that?

Re:Still haven't learned their lessons

[gorfie]

I agree that Valve should not be blamed for allowing the code to reside on a machine connected to the Net. Having the code reside on a local machine (or local network of machines) that does not have Internet access is an impractical idea.

However, I think Valve shares some of the responsibility on other aspects. The unpatched Outlook (perhaps even the use of Outlook) is definitely a problem area for such a high profile organization. If they neglected to patch Outlook, what other basic security issues were neglected by Valve? Perhaps it was something as simple as Gabe using his home computer which he left unpatched, but that's something that network admins should be aware of IMO.

I also think Valve's staff is vulnerable to social engineering. Take a quick peek at myg0t.com (skip the intro and turn off the music) and read about the various chats that were had with Valve personnel. Really simple stuff that worked.

My point: Valve should be aware that they are high profile and they should have at least taken measures to make themselves secure against basic hacking methods.

Re:Still haven't learned their lessons

[GooRoo]

Ummm... I don't think he was suggesting that you take the machines off a network, just the internet. You could quite easily have an internal network with machines/servers/other devices for development of the game by a multitude of people and a external network for machines that have internet access.

I setup all my test networks that way, Valve could certainly do the same. Sure it can be a pain, but it's the only way to go when you *really* want something secure.

Re:Still haven't learned their lessons

[racermd]

Good point. The developers can, to a certain extent, make demands regarding their development environment. However, network security is totally in the hands of their IS/IT department, if they even have one. It's the responsibility of the IS/IT staff to maintain the computing environment everyone works in. That applies to developers, the CEO, marketing, even the secretary. The head of IS/IT must set balanced policies regarding access and security. Access should be granted on an as-needed basis, not on an as-wanted-by-CEO basis (like some companies I've worked for). [RANT]I've never understood the reasoning behind the CEO or other major department heads getting unrestricted access to everything. The people that are most visible in the company, and thus the biggest targets, are these department heads. Often, these are the same people that don't even understand the technology they've been given access to, which makes them just that more dangerous to the security and integrity of the network. I try to point out that they should have just as much access as they need to do their job, and that usually means less than their own secretary.[/RANT]

If it were me, I would have mandated a separate firewalled subnet for the developers systems and done away with Exchange/Outlook company-wide in favor of a more stable mail server. It wouldn't be completely out of the question to maintain a second mail server just for the developers inside their subnet. An enterprise-grade network-enabled virus scanning package would have been installed at the primary switch on both networks. Accessibility from the outside, including from the other subnet used by the general office staff, would be restricted to what would be absolutly required. These connections, once enabled, would be monitored and restricted to certain times of day. I'd even go so far as to implement a one-time password system with rotating keys.

With just these simple policies in place, connectivity to the outside from within is maintained, virii and trojans are dealt with (mitigated to reasonable extent, anyway), and the biggest external threats are those with the "absolutly required" access to the developer subnet from outside. It wouldn't have been totally secured against outside traffic, obviously, but the traffic that would come through should be easier to manage and detect. If it were an inside job, as some have speculated on due to lack of faith in the accounting of events Gabe provided, this would have been easier to detect, as well. Covering one's tracks is much more difficult to do if everything is separated and monitored more closely than the general traffic. Sneakernet is the only method that I have not addressed, and I can't see any reason to do anything about it. The developers would be the only staff that have regular physical access to the project's systems, so "outsiders" accessibility would be almost out of the question, assuming that the building has adequate access controls (i.e. card keys active for only certain times of day). And securing it any further would be tipping the balance of security/accessibility too far.

Also note that I'm not saying that what happened at Valve could have been prevented. A determined individual could still bypass the security measures outlined above with enough time and resources, but it would be much harder to do so. As an IS/IT manager, the focus is more on balancing security with accessibility. If the code were completely secured to outside access, development time and costs increase to the point where, possibly, it would make no business sense to even develop the game.

Delayed anyways?

[kneecarrot]

I just have to wonder if a serious delay was in the works anyway and the code theft gave Valve a publicly acceptable reason.

Re:Delayed anyways?

[shird]

Yes I think this is the case. I have taken a look at the code, and I can say there is a hell of a lot of 'TODO:/BUG:' stuff in there. I'm no expert, but I would say it seemed a long way off being complete. Not to mention all the artwork, levels, scripts etc that may or may not exist in very complete form.

As for ease for creating keygens, take a look at the code - it makes an external reference to a 'cdkeycheck()' function (cdkey.obj) in which there is even comments to the effect that they (valve) don't have the source code. In other words, they have outsourced the key verification algorithm, so it doesn't exist in the source tree. (either is the cdkey.obj file).

Re:Delayed anyways?

[PainKilleR-CE]

moreover, IT'S A SINGLE PLAYER GAME mainly. and fuck, some id's games can be played pretty decently still on public servers when the source has been out for years

No one would still be playing Half-Life if it was selling for single player only (that being said, it's sold about 140x as many copies as there have been people playing it online).

As for id's games, Quake was completely pointless to play after the source was released. It may be significantly better now, after people have spent years working on anti-cheat software for the game, but for the year after release you couldn't join a game without at least one person using a blatantly hacked client, and who knows how many others using more subtle cheats. I didn't even bother trying Quake 2 after the source release, as I was already playing TFC (and by that time dealing with cheaters there, too).

That being said, I can only see the source release being a fairly minor delay, depending on how heavily Steam and the CD key verification need to be rewritten. For the rest of their code, they just need to be extra careful in reviewing their code for exploits, as now they have plenty of other eyes looking for anything that might be missed in the final code, and probably at least a dozen little utilities being developed to scan the HL2 binaries for anything found in that code.

Well..

[sonoluminescence]

...maybe the Valve version has been delayed.

Re:Likely a change to stop "pirating".

[Blenderkitty]

Are you serious? How much money do you think Valve makes off of the sale of a game? How many MILLIONS?

Do you HONESTLY think that they would even make 1/10 of that solicting for donations from the good of one's heart?

How much money do you think cdex + xiph + bittorrent + scorched3d + blender + tons o' other donation-based projects get per year? Answer) A mere fraction of a fraction of a fraction as much as Valve does.

If you want anyone to blame

[Sir+Haxalot]

It was Myg0t that got it, and Hitman, an ex-member of Myg0t, that released it.

Re:If you want anyone to blame

[Sir+Haxalot]

Mod parent down. There is no evidence that supports that any member of myg0t was the hacker. They are just a bunch of assholes that will claim anything to get attention.
Until the FBI knocks on someone's door, nobody truly knows who the hacker was.
Hitman was in #halflife2 EFNet giving links to the source HOURS before anyone else had it. Enough evidence?

Noooooooooo!

[Control-Z]

Ok, it's not that bad but I'm modarately disappointed. But some of these fanboys I've been reading posts from on USENET might just kill themselves. Maybe someone should set up a crisis counciling center?

Other news: beta leaked, apparently...

[Tyreth]

There's a buzz at the moment on irc.quakenet.org #hl2-source and other places about the beta being leaked.

I would submit it as a story, but someone else probably has, and I've never had a story accepted yet :)

The NFO was on nforce.nl for a short time, but has since been removed. The leak has been confirmed here, and a few claim to have it (but they could be lying).

I've also seen a screenshot of the folders with all the map files in it, and the names look very much like what one would expect the long gameplay demo to be made from.

Not good news for valve :( I am disappointed that the game had to be delayed - and for all of you who have taken the source or download the beta, I hope you remember your duty to purchase the game when it does come out.

Re:Likely a change to stop "pirating".

Yeah, or they could consider free copying of the games as promotion for their concerts, where they make the real money.

When will Slashdot users grow up?

Games, movies, and even songs from the Backstreet Boys cost huge amounts of money to produce. You will be charged for copies, one way or another.

If people can't figure out how to slow down this ridiculous level of IP theft pretty damn soon, I guarantee you that we will have DRM shoved down our throats. In this case already, the delay of several months is probably to put in place with is effectively DRM, in order to cut down on multiplayer cheats.

Re:Can't blame anyone but themselves...

[Karhgath]

He wasn't that stupid. The email used a old buffer overflow bug in the preview pane of Outlook to install the program, Gabe just had to click(not even open) the email for it to install the trojan.

However, it's mind-bending that their Outlook weren't patched(it's a very old exploit) and that he uses the preview pane in Outlook, on his work related computer. I know that they are backed by Microsoft, and thus probably gets all the MS toys, but they still forgot to patch them.

A shame. Still, a custom written trojan made against Valve to target their system and get the code/data of the game isn't something you see everyday. Either this kind of thing doesn't happen often, or it happens often but it's never detected(or acknowledged). Think industrial espionnage. Either way, it's not an easy to spot/cure, not antivirus/firewall can detect it effectivly if it's custom written against you. They probably probed Valve to check what exploits would or wouldn't work, so it's not as easy as to say: they should have patched, because the hacker would probably have tried another way and with a little determination, would have still compromised their systems enough to get some data.

Re:Confused

[PunchSix]

Was the code that was stolen then deleted by the thief?

That would be awful! The stolen code would be distributed to millions and Valve would have no way of getting that widely distributed code back!!!

This is why there could be a delay

[Pvt_Waldo]

It's not because the game leaked, but because the underlying systems that ensure that players can't easily cheat, warez the game, or access the personal information of other players.

Part of what was compromised was probably the code that handles CD key authentication, user online authentication, etc. So clearly warez and such for this game could be hugely rampant.

Part of what was compromized was probably the code that handles Valve's anti cheat system. So clearly the cheats that override that system could be hugely rampant.

Part of what was compromized was probably the code that is the game's engine. So clearly there could be cheat authors easily creating wall hacks, aim bots, and any number of other cheats.

Part of what was compromized was probably the code that handles purchasing the game over Steam. So clearly there could be some risk of credit card and online commerce fraud, personal information leaks, etc.

Look at it this way. The blueprints and plans for the bank got stolen. Thieves are studying them now. The bank is going over the blueprints with a fine toothed comb to fix the obvious (and not so obvious) weaknesses which are more clear when you have the plans.

Re:Confused

[Auckerman]

"Why would this cause any sort of delay?"

One possible explaination is that the network code will need to be made incompatible to prevent cheaters. APIs may need to me moved around and renamed to prevent see though wall cheaters. Stuff in the code may need to be hidden to make it harder for cheaters to mod the dlls.

Just a guess....

hello, outlook

[Stinking+Pig]

See the story at The Register. They link to Valve's forum, where the general manager details how the code was leaked: in short, his own account information was stolen via Outlook, then several other employees were hit with a Outlook preview-pane virus that installed a keylogger.

Of course, this is no reason to think that Outlook isn't a perfectly good solution for email. Outlook is great. There's no reason to consider any alternatives. No matter how much money you lose to Outlook virii, simply look at the silly dancing monkey!

Re:hello, outlook

[DickBreath]

I bet Slashdot wouldn't be so smug if the attacker had gotten in via the also patched SSH exploits that were out recently.

Yes we would be.

It is one thing to have a bug (i.e. buffer overflow) which can be exploited. That can happen to anyone.

It is a whole different thing to have software that is not designed with security in mind. SSH is designed to be secure. Outlook is not. IIS is not.

You're comparing a bug (which anyone can have) to a security design problem (which Microsoft seems to have plenty of).

Running a web server under the System account? Executing strange code merely by receiving e-mail? Showing spammer's links to external graphics by default? A web server that allows dot-dot-slash URL's to serve (or execute) files outside the WWWRoot directory? The people who wrote this were NOT thinking the slightest about security.

Um, yes we would still be as smug. And rightfully so.

Please, shut up

[brkello]

How many whiny posts do there need to be on: "Why did they have to delay it? This is BS". Well, here is a reason. If your company just got hacked in to and important information was stolen and leaked, instead of working on the product, you have to find what the vulnerability was, how to do damage control, how to re-structure how you do business so it doesn't happen again (i.e. redesign the network and create new security policies), and then have to get back to work on finishing the product while trying to make sure that anything cheaters would have gained from the source is fixed. I would say that is pretty large amount to do in a few months. Don't you think they would love to get it out so they can make money? Just use some freaking common sense here. If you are surprised by these delays, then you didn't think very hard. If you are upset by the delays, join the crowd, hunt the hackers, whatever. Just relax, it's a game, go buy a different one. It's not the end of the world.

Delay not confirmed

[bios10h]

Vivendi Universal Says Delay Not Confirmed
Tuesday, October 7, 2003
According to a news article posted today on a UK press release, there is a Half-Life 2 delay. We already know that Valve does is not mentioning a delay.

We received an email from Mike Thompson who says he works for Vivendi Universal and writes:

quote: "delay is not confirmed..."

Here we go around and around... again...

From Half-Life Source Dot Com

Re:Likely a change to stop "pirating".

[Synn]

When will Slashdot users grow up?

When people realize that when one slashdot user speaks, he doesn't speak for all slashdot users.

Re:Wrong

[johnnyb]

"there are cases where security through obscurity is the best method"

PLEASE don't say this. I understand what you're trying to say, and that is correct, but your wording is completely horrid.

Obscurity is just that - obscurity. Using obscurity for protection is actually a decent plan in many cases - it's just not the same thing as security. The problem with "security through obscurity" is not that people aren't protected enough, it's that they are _confusing_ security and obscurity - thinking they have security when they only have obscurity. Both offer protection, but with different expectations.

There is NO SUCH THING as security through obscurity, and those who try show a complete misunderstanding of the issues. The can be _protection_ through obscurity, but security in relation to computers has a certain, specified meaning, and when people start throwing it around in connection with obscurity, it just makes the situation a lot more confusing than it needs to be.

Re:My HL2 Conspiracy Theory

[PainKilleR-CE]

Since VU is operating at a substantial lost, they are prime to be saved by Bill Gate's wallet. Since Half Life2 [neoseeker.com] and Xbox2 [arstechnica.com] are both optimized to run on ATI's hardware, I can see the Richmond's Borg needing their killer app for XBOX2. Gates says "Hmmmm, Half Life2 sounds good. Buy them out boys!"

One big problem:
VU doesn't own Valve. VU owns Sierra, and Sierra is the publisher for Half-Life (and currently for HL2), but Valve owns Half-Life 2 and is self-funded. Gabe Newell formed Valve with his own money (gotten from being a well-payed Microsoft employee) and funded Half-Life without Sierra's (or VU) help. This is why Valve was able to delay Half-Life for a year in the first place. This is why Valve can push back HL2 without VU forcing it out when VU is operating at a loss. VU has no say in when the game is released unless their own QA finds problems with the final code and sends it back to Valve for more work (in other words, Sierra can delay HL2, but they can't force it to be released early).

Microsoft could probably buy Valve if they wanted HL2 bad enough, but I think it would be more than it's worth, since Valve is privately owned, self-funded, and making money hand over fist off the best-selling FPS of all time.

TODO HACKHACKHACK

[Leffe]

There are a lot of TODOs and HACKHACKs in all Quake-derived code, even the Quake 'SDK' probably has a couple of them left. It's some kind of design style I think. At least it's not a bad one as it highlights the areas that are not really finished(not that anyone will ever fix it though, they are more like - I want this, someone do it for me?).

If you grep through the official Half-Life SDK you'll find at least 50 TODOs and HACKHACKs. (Much more than that probably, but I'm playing safe.)

Re:This is stupid

[coolgeek]

You know the Duke Nukem developers are kicking themselves, saying "Why didn't we think of that."

Re:This Just in

[Patrik_AKA_RedX]

Nah, Duke Nukem Forever to beat Half-Life 2 to market.

Now that's scary.

Re:This is stupid

Because they'd need actual source to leak? :-)

How about this donation model?

[Ohreally_factor]

It's already in place and seems to function.

It's called paying for the damn game.

bullshit.

[twitter]

It's not because the game leaked, but because the underlying systems that ensure that players can't easily cheat, warez the game, or access the personal information of other players.

Next you will tell me that XP is so full of holes because someone "stole" it's source code before M$ sold it to China and the former KGB. That's almost as good as them swearing that revealing the source code to Windoze would be a national security disaster. Give me a break, will you?

Warez only needs to hack a binary copy.

Cheats only need to watch their traffic.

None of this makes a difference if the system is well made to begin with. This is why OpenSSH is a secure system despite open publication of it's source code.

This is just more anti-open and anti-free FUD. Shame on VU for using Outlook and M$ for anything they wanted to keep to themselves. Shame on them for blaming software and the philosophy behind it for their own failures and shame on them for not being able to get their shit together. ID games rules, VU drools under Bill Gates thumb.