The Guy Who Stole Half-Life 2
Surely many of you remember the events surrounding the missed release date of Half-Life 2, originally scheduled for September 30, 2003. Initially, Valve silently skipped it but soon announced that the source codes of the game had been stolen and the release was postponed indefinitely.
It later became known that a German citizen, Axel Gembe, was sentenced for the hacking of Valve's network and causing financial damage to the company.
In 2004, the website hl-inside.ru published a translation of an article that also covered the theft (one and two). The article describes this crime from Valve's perspective. It details everything that happened with a focus on Axel's own memories.
The Guy Who Stole Half-Life 2.
On May 7, 2004, at 6 a.m., in a small German town called Schönau (Schwarzwald), Axel Gembe woke up to find his bed surrounded by police. Guns were pointed at his head, and he heard the words: "Get out of bed! Don't touch the keyboard!"
Gembe knew the reason they were there. However, still half-asleep, he asked why.
"You are charged with unauthorized intrusion into Valve's network, theft of the computer game Half-Life 2, publishing it on the internet, and causing damages of over 250 million dollars," was the response. "Get dressed."
Seven months earlier, on October 2, 2003, in the large American city of Seattle, Gabe Newell, head of Valve, woke up to find that the source codes of the game, which his company had been working on for nearly five years, had been posted online.
The game was supposed to be released a couple of weeks earlier, but the developers were delayed. Delays stretched to 12 months. The release of Half-Life 2 was postponed, and Newell had no idea how much longer it would be. This leak not only caused financial damage but also severely harmed the company's reputation.
After thinking about these problems, Newell was filled with questions. How could this happen? Was there a traitor at Valve? Who from the team, which had spent many years of their lives creating the game, could jeopardize the entire project at the end of development?
And if it wasn't my people, then how could this have even happened? Did someone gain access to Valve's internal servers?
But among all the questions, there was one that thundered louder than the rest in his mind: who exactly did this?
Intruder Number One
"I got into hacking after I became a victim of hacking myself," Gembe says today. "It was a program masquerading as a key generator for WarCraft III, and I was the fool who ran it. It was actually sdbot, a malicious program that was wreaking havoc at the time (in the jargon—malware)."
The young German soon realized what he had installed on his computer. But instead of cleaning the virus and forgetting about it, he began to hack the evil program—to see how it worked and what it did.
This path led him to the IRC server from which the virus was controlled. The guy managed to track down the person behind all this. But instead of filing charges, Gembe began to ask questions about the structure of the malware. He already had a plan.
"At the moment I had spent around 2,000 euros on games on Steam, but back then I couldn't buy them," he explains.
"So I wrote my own virus, my malware to steal CD keys for the games I wanted to play. Very quickly my creation became one of the most widespread viruses, mainly because I exploited unpatched vulnerabilities in Windows."
For Freeman!
Upon discovering the hack, Newell's first reaction was to call the police. The second was to reach out to the players.
On October 2, 2003, at 11:00 p.m., Newell left a message on one of the popular forums about Half-Life 2: "I need players' help."
"Yes, the published source codes are indeed the source code for Half-Life 2," he confessed in the message. He briefly laid out all the known facts about the hack at that time.
He explained that someone had gained access to his email about three weeks prior. Moreover, many developers' computers had keylogging programs installed, designed to track everything typed. Newell believed these programs were specifically created to attack Valve as they were undetectable by any antivirus software.
Whoever did this was smart, skilled, and targeted Valve specifically. But why?
Point of Compromise
While Gembe's virus undoubtedly caused significant damage, the author was motivated not by profit but by a passion for games.
His favorite game was Half-Life. In 2002, like many other fans of the game, Gembe craved details about the upcoming sequel. That's when the idea struck him. If Gembe could hack Valve's network, he could find something interesting about the game, something that nobody else knew.
A reclusive, harshly raised boy was eager to raise his status in the gaming community, whom he considered his family, by revealing secret information to them. It was worth a try.
"I didn't really expect to succeed," Gembe says. "However, my first attempt was successful. Moreover, it was a pure coincidence."
"I was scanning Valve's network, hoping to find an accessible web server that might store information about the game. The company's network was well-protected from external attacks, but the weak spot was the DNS server that responded to anonymous AXFR requests. This is what gave me some information."
AXFR stands for Asynchronous Full Zone Transfer, a utility for copying data on primary DNS servers to backup DNS servers. It is also a protocol used by hackers to extract information about a web server. By extracting this data, Gembe was able to find the names of all the subdomains of the ValveSoftware.com site.
"In the logs of my port scans, I found an interesting server on Valve's network, but belonging to some Tangis company, which specialized in various computer devices," he says.
"This server had an open writable root of the site, where I could upload ASP scripts and run them over the internet. And Valve didn’t protect against this server inside the network, thinking it was its own."
With his first attempt, Gembe found an unprotected tunnel into Valve's network.
"The username for the primary domain controller in Valve was 'build,' and there was no password set at all," he explains. "This allowed me to retrieve the encrypted passwords used in the system. At the same time, an online hash cracker was hosted on the website of the Swiss Federal Institute of Technology Zurich, which allowed me to quickly crack them all."
"As soon as I did that... I had the keys to their kingdom."
Barrier
Until then, Gembe hadn't cared about his own security; he hadn't covered his tracks. He had nothing to hide yet. However, he wanted to make sure he would remain unnoticed in the future.
"I was only worried about one thing—how not to get caught and thrown out of the network," he says. "But I had access to almost an infinite number of proxy servers, and that gave me confidence. Initially, I wanted to find a server where I could set up something like a hideout."
Gembe began searching around, hoping to stumble upon traces of the game. He found various design documentation and notes about the game's development. That was exactly what he was looking for. That’s why he was there.
A week passed, and Gembe realized that no one at Valve noticed traces of his presence in the company's network. Then he began to behave bolder.
Before long, he stumbled upon a real treasure: the source code of the game he had wanted to play for so many years.
The temptation was too great. On September 19, 2003, Gembe downloaded it and thus stole the jewels from Valve's crown.
"Downloading the source code was very easy, thanks to the high-speed operation of the Perforce program used at Valve (a commercial version control system). But the speed of downloading the game data was very low due to the terrible SourceSafe program (a file-based version control system)," he explains.
"Because of this, I wrote my own client that used its own mechanism for data transmission over TCP, which could track changed files by their hash and send me only the changes made."
"The game didn't want to run on my computer. So I made some changes to the code to get it to work for me without any fancy extras like shaders, etc. But it was boring. Plus, I downloaded only the main branch of the game's development. They had such a multitude of development branches that I would never have enough time to check them all."
To this day, Gembe claims that it was not him who posted the source codes online. However, there is no doubt he handed them to someone who ultimately did so.
"I never planned anything like this," he says. "Of course, I couldn't wait to show off to someone. But the person I shared the source code with swore to me that he would keep it to himself. He lied."
Once the game hit the torrent networks, there was no stopping that process anymore.
"The Pandora's box was opened," Gembe says. "The internet cannot be stopped."
The Great Day
The reaction to Newell's plea was mixed. There were fans expressing regret; there were players who felt betrayed by Valve, which had not released the game on the previously set dates in September 2003.
Despite some clues, no one could provide any information that would help trace the criminal. The investigation was taken up by the FBI, but also to no avail.
Meanwhile, the Valve team, which was already working frantically, began to feel the consequences of the theft. The development of the game cost a million dollars monthly, and there was no end in sight. The theft not only caused financial damage but also demotivated an already exhausted team. One of the young designers came with a question straight to Newell's office. "Gabe," he said, "is this going to destroy the company?"
On February 15, 2004, at 6:18 a.m., the managing director of Valve received an email with an empty subject. The sender was someone named "Da Guy."
"Hi, Gabe," began the author of the letter before admitting to the recent hack of Valve's network.
At first, Newell was unsure of the truthfulness of this story. However, two attached documents convinced him otherwise—they could have only been obtained by someone who had access to the company's internal server.
Five months after the game was posted online, after all leads had gone cold, the person Newell was looking for knocked on his door.
Sand Traps
Why did Gembe send this letter? "Because I regretted what I had done," he says. "I wanted them to know who did this and that I didn't intend for things to turn out this way." However, Gembe wanted more than that. The guy saw an opportunity to turn his crime into something positive—for both Valve and himself. In another letter, he asked Newell about the chance of being hired by Valve.
"Back then, I was very naive," he says. "I dreamed, and still do dream, about working for a gaming company, so I just asked them about it. I hoped they could forgive me since it was unintentional."
To Gembe's surprise, a few days later came a positive response from Newell, Valve was interested in him. Newell asked if Gembe was willing to do a phone interview.
In reality, they didn’t intend to hire him. They wanted to get a recorded confession from Gembe that it was indeed him responsible for the leak of the game's source codes. This was an old FBI trick, playing on a person's pride, drawing out the necessary admission of guilt.
Gembe had some bad premonitions, but he pushed them aside. "I hoped for the best," he remembers. "Back then I wasn't too clever."
He remembers that the interview was conducted by Alfred Reynolds, a developer of Counter-Strike and Steam, and Portal's writer Erik Wolpaw, although this may not be accurate and he could be mistaken. At least because by that time Wolpaw was not even working at Valve.
"Initially, they wanted to know how I penetrated their system. I explained everything in detail. Then they asked me about my experience and skill level. I still remember their surprise at my English—fluent and nearly accent-free."
The trio spoke for about forty minutes. In the presence of his idols, Gembe lost any sense of guilt. But nothing could compare to the rush of adrenaline when he was offered a second interview. This time it would be a personal meeting at Valve's office in Seattle, on American soil.
Setting the trap, Valve and the FBI needed to secure a visa for Gembe (as well as for his father and brother, as he asked for them to accompany him to the US). However, they had concerns that Gembe still had access to Valve’s network and could potentially cause damage to the company. Therefore, the FBI contacted the German police, alerting them of their plans.
Highway 17
Soon after that, Gembe woke up under the barrels of guns. He got dressed and went downstairs, accompanied by armed police officers, struggling to squeeze through the narrow corridors of his father’s home.
"Can I have something to eat before we leave?" Gembe asked.
"Sure thing," said one officer.
Gembe reached for a knife to cut bread. "All the officers directed their weapons at me," he says.
He drank a cup of coffee and smoked a cigarette before being seated in a van and taken to the local police station. There he was to meet the police chief. He approached Gembe, looked him in the eye, and said: "Do you have any idea how lucky you are that we caught you before you boarded a plane?"
Gembe was interrogated for three hours. "Most questions were about the Sasser worm," he says, referring to the infamous virus that infected computers running Windows XP and Windows 2000.
"For some reason, they thought there was some connection between me and Sasser, but I denied it. Sasser was in all the news, and its author, Sven Jaschen, was arrested the same day as I was, during a joint operation, as they feared I might warn him."
"My bot used the same vulnerabilities in the LSASS service that his did; only mine didn't ruin the whole system. And I think they thought I was the one who gave him the exploit code. Of course, I denied it and insisted that I never wrote such horrible code."
After police began to realize that there was no connection between Gembe and the author of the Sasser worm, they shifted to questions about Valve.
"I could have refused to answer their questions and asked for a lawyer, but I decided to tell them everything I knew. Honestly and fully. And I think they appreciated that kind of behavior," he says. "I was liked by the guy leading the interrogation because he said I was not such a jerk as most other guys." This department primarily dealt with those caught in the production and distribution of child pornography.
"I think I was honest with them only because I didn't think at the time that I did anything too serious."
Gembe was held in custody for about two weeks. He was released as soon as the police realized he was not planning to flee. He was released with one condition—he had to check in at the station three times a week. Every week. For three years. Until the conclusion of the legal proceedings.
Our Benefactors
While awaiting court decisions, Gembe worked hard to change his life. He finished his education and got a job in information security, creating programs for Windows that managed security systems, as well as administering databases and servers.
The trial against Axel Gembe lasted seven hours. There were no representatives from Valve; however, someone from the Wall Street Journal was present. Aside from hacking into Valve’s security system, there were no facts proving that Gembe was the one who posted the Half-Life 2 source codes online.
Nevertheless, Gembe confessed to hacking into Valve’s network. The judge sentenced him to two years probation, taking into account his difficult childhood and attempts to change his life after his arrest.
By the time of the sentencing, 8.6 million copies of Half-Life 2 had been sold. It seemed that the leak, which occurred on October 4, 2003, had no impact on the game's success whatsoever.
Today, Gembe is 28 years old. Almost ten years have passed, and he still regrets what happened with Half-Life 2.
"I was naive and did things that I should never have done," he says. "I could have done so much more good doing something else. I regret having harmed Valve and that they incurred financial losses. I also regret the money lost by several universities when I used them as guinea pigs for my virus."
"I regret all the illegal things I did back then... and I wish I had done something useful before I was arrested."
And what about the person from whom he stole the game? What would Axel Gembe say to Gabe Newell?
"I would say the following: I am so sorry for everything I did. But I never wanted to harm you. And if I could turn back time, I wouldn't act that way. It's still painful for me to remember that. I would have liked to just stand aside and watch you create, but in the end, I ruined everything myself."
"You are my favorite developers, and I will always buy your games."