IDG News Service - The entire source code for a much-anticipated computer game, Half-Life 2, has been leaked to the Internet, according to a security expert.
Copies of the source code began trading wildly on IRC (Internet Relay Chat) channels and apparently followed a sophisticated attack on the network of Valve Corp. of Bellevue, Wash., which makes Half-Life, according to Thor Larholm a senior security researcher at PivX Solutions LLC.
A message posted last week on a Half-Life enthusiast bulletin board and purporting to be from Gabe Newell, founder of Valve Corp., said the source code was stolen Sept.19 by hackers who systematically compromised the company's computer systems.
"Ever have one of those weeks? This has just not been the best couple of days for me or for Valve," the message begins.
The message goes on to describe a sophisticated attack in which hackers infiltrated the Valve computer network by exploiting a vulnerability in Microsoft's Outlook e-mail client on Newell's computer, installed key stroke capture software to capture passwords and other security credentials, then stole a copy of the Half-Life 2 source code.
Neither Newell nor other Valve representatives responded to repeated requests for comment. However, the message claiming to be from Newell called on the large community of avid Half-Life fans to track down those responsible for stealing the code.
The FBI in Seattle declined to comment on whether Valve had informed the agency of the theft.
Half-Life is a popular computer game in which players take on the role of Gordon Freeman, a scientist at the fictional Black Mesa Federal Research Facility. After an experiment goes awry, a doorway into another dimension is accidentally opened and Freeman is called on to rescue the facility from a horde of unearthly beasts.
Originally released in November 1998, Half-Life won awards from computer game aficionados and the gaming press and spawned a popular online version, Counter-Strike, that allows multiple players to compete against each other on the Internet.
The sequel to the original game, Half-Life 2 was scheduled for release Sept. 30, but was then delayed under mysterious circumstances.
IRC channels devoted to Half-Life 2 were crowded last week with people discussing the leak. Some users offered links to what they claimed was the stolen code. Links to images of the source code being compiled were also available on IRC. "It's out there and being spread actively on IRC," Larholm confirmed.
The leaked code covers the entire game, including early versions of Counter-Strike, he said. "You can compile it and play Half-Life 2 straight up," he said. The leaked code also includes model and world editors, which are used to create new levels in Half-Life, Larholm said.
Proprietary software libraries from Valve were also leaked. Among other things, those libraries contain code for generating graphics, conducting network play and interacting with DirectX , a Microsoft technology that optimizes graphics and sound on Windows systems, he said.
Half-Life 2 was a much-anticipated sequel to the original Half-Life. The source code represents more than five years of development effort by Valve, Larholm said. While the theft of the code may not affect the release date, Valve will have to do an exhaustive code audit before release, he said.
With the source code now in the public domain, malicious hackers have a free peek at the exact workings of the game, which makes writing exploits for code vulnerabilities a simple matter. Typically, hackers would have to use a "black box" approach, trying different attacks against the compiled code and seeing what results they produced, Larholm said.
The release will also be a boon to Half-Life 2 players who develop so-called "cheats," software programs that give their character special powers and advantages in the game. Cheats are usually developed using a black box approach as well, Larholm said. With the game source code freely available, however, it is possible that powerful cheats will be created before Half-Life 2 even hits the shelf in stores, he said.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
