Forgot your password?
typodupeerror
Security Games

The Trap Set By the FBI For Half Life 2 Hacker 637

Posted by timothy
from the well-deserved-shadenfreude dept.
eldavojohn writes "You might remember the tiny news that Half Life 2 source code was leaked in 2003 ... it is the 6th most visited Slashdot story with over one kilocomment. Well, did anything happen to the source of the leak, the German hacker Axel 'Ago' Gembe? Wired is reporting he was offered a job interview so that Valve could get him into the US and bag him for charges. It's not the first time the FBI tried this trick: 'The same Seattle FBI office had successfully used an identical gambit in 2001, when they created a fake startup company called Invita, and lured two known Russian hackers to the US for a job interview, where they were arrested.'"
This discussion has been archived. No new comments can be posted.

The Trap Set By the FBI For Half Life 2 Hacker

Comments Filter:
  • Old News (Score:5, Informative)

    by VoltCurve (1248644) on Thursday November 13, 2008 @07:39PM (#25754717)
    Really, quite old news. This was reported on right after it happened. If I remember right though, Gabe claimed that they had succeeded in tricking the hacker. They did speak with him on the phone
  • shouldn't be legal (Score:4, Insightful)

    by nurb432 (527695) on Thursday November 13, 2008 @07:39PM (#25754721) Homepage Journal

    I don't care what the guy has done, tricks like this should not be legal.

    • by eison (56778) <pkteison.hotmail@com> on Thursday November 13, 2008 @07:45PM (#25754799) Homepage

      Why not?

      • Re: (Score:3, Insightful)

        by Threni (635302)

        Wasting money protecting source code after the event. I'm a taxpayer - I don't give a shit about it. If someone releases a game based on it, follow the money. Some guy with some source code - big deal.

        • by mrchaotica (681592) * on Thursday November 13, 2008 @08:20PM (#25755201)

          It's not an issue of protecting the source code -- I think even the FBI is minimally competent enough to realize that cat's out of the bag -- it's an issue of punishing the guy for the computer tresspass etc..

          • by Tony Hoyle (11698) * <tmh@nodomain.org> on Thursday November 13, 2008 @08:32PM (#25755333) Homepage

            It depends on where he committed the crime. He's a german citizen commiting a crime in germany (and he was punished for it under german law) then that FBI can GTFO as far as I'm concerned. If they were that bothered they could have applied for extradition rather that using underhand tricks.

            No different from the Dimitri Skylarov case, except he was arrested for something that wasn't even a crime in his home country.

            • by Free the Cowards (1280296) on Thursday November 13, 2008 @11:19PM (#25756847)

              Funny how physical location doesn't matter on the internet right up until a "hacker" does something "heroic", and then suddenly it's all "nyah nyah, jurisdiction".

              He committed a crime against a US entity. He was then foolish enough to put himself within US law enforcement. He's now suffering the consequences of his crime and his stupidity.

              • Re: (Score:3, Insightful)

                Given that he's already been arrested and charged and faced a trial in Germany, if nothing else, I fail to see how this isn't double jeopardy.
                • Re: (Score:3, Interesting)

                  by muellerr1 (868578)
                  I was curious, so I looked this up [google.com]. It's murky, but apparently if he's been tried and convicted in Germany but won't serve his sentence then he can be tried again in the US. I guess they're arguing that his sentence was too light and should be treated as if he hadn't served his sentence.

                  I doubt Germany would have extradited him to the US for this crime since they'd tried him already, but if he goes to the US of his own free will there's no reason he couldn't be arrested and tried again under US law. I
        • by qbzzt (11136) on Thursday November 13, 2008 @08:31PM (#25755325)

          Wasting money protecting source code after the event.

          Any time the police arrests a criminal, it is by definition after the event. Sometimes the damage can be undone, as in theft. Sometimes it cannot, as in murder. We still want criminals punished to deter others.

          If you truly don't want source code leaks punished because it's a waste of your tax dollars, you're welcome to lobby to change the law. However, I'm sure other tax payers, such as corporations that own source code, would lobby to keep it.

          • by Anonymous Coward on Thursday November 13, 2008 @10:04PM (#25756265)

            However, I'm sure other tax payers, such as corporations that own source code, would lobby to keep it.

            Waitaminute. It's not being a taxpayer that gives someone a stake in the government - it's being a citizen, and having a vote. That means that a lifelong welfare recipient and a survivalist hermit, neither of whom pay a dollar of tax in their lives, have a representative in Washington who is supposed to look out for their interests and listen to their concerns. A corporation, regardless of how much tax it pays, is not supposed to have such representation.

            Sorry for jumping on you here, but I think that the way your post is expressed - implying that a corporate taxpayer deserves representation - is a dangerous subversion of democracy.

            • by qbzzt (11136) on Thursday November 13, 2008 @10:17PM (#25756375)

              Sorry for jumping on you here, but I think that the way your post is expressed - implying that a corporate taxpayer deserves representation - is a dangerous subversion of democracy.

              It's a dangerous subversion of democracy, but it's also the real situation in the US(1). The CEO of Chrysler has as much voting power of a single welfare recipient. To whom do you think elected officials listen?

              Besides, while corporations don't have votes, they do have employees. I'd be reluctant to vote for a candidate whose policies will hurt IBM. When your employer suffers, you usually suffer too.

              (1) Arguably, it's also the system working as designed. Many of thhe founding fathers were scared of democracy, and much preferred an aristocratic republic on the Roman model.

        • by SpottedKuh (855161) on Thursday November 13, 2008 @08:58PM (#25755627)

          Wasting money protecting source code after the event. I'm a taxpayer [...] If someone releases a game based on it, follow the money.

          Yeah, as a taxpayer, I'm really upset too when the police waste money trying to arrest a murderer after the event. I mean, the victim's already dead, so they're wasting money trying to protect him. If someone releases a book about the murder, then follow the money. Otherwise, big deal.

          In case the previous paragraph didn't drip enough sarcasm in your direction, let's try this another way. It's the job of the police to investigate crimes that have occurred and to arrest those that they have reasonable grounds to believe are guilty. In this case, police have reasonable grounds to arrest him on suspicion of having committed a crime (some variant of breaking into a computer). What does it matter how much or how little he profited from the crime? That's for the judge to take into account, not the police.

        • by unassimilatible (225662) on Thursday November 13, 2008 @10:01PM (#25756235) Journal
          Should the FBI not pursue the thief? Valve pays taxes, too.

          I love how so many Slashdotters are absolutists about following the law - until someone they disagree with is protected by it.

          Don't let your dogma run over your karma.
        • Re: (Score:3, Interesting)

          by magarity (164372)

          Wasting money protecting source code after the event

          In the US practically all law enforcement is after the event. Even if the police are standing right there, the criminals actually have to actually start doing whatever or seriously look like they're about to. There's almost no proactive arrests. Do you really want the FBI/cops to arrest people BEFORE they commit crimes? There was a silly Tom Cruise movie with this premise that you might find mildly amusing, but not for normal theft and whatnot

      • by LateArthurDent (1403947) on Thursday November 13, 2008 @08:33PM (#25755359)

        Why not?

        Because it bypasses protections established by extradition treaties (or lack thereof). How would you like to be tricked into visiting Iran, and then be prosecuted for posting some offensive comment on slashdot?

        • by timeOday (582209) on Thursday November 13, 2008 @10:31PM (#25756527)

          Because it bypasses protections established by extradition treaties (or lack thereof). How would you like to be tricked into visiting Iran, and then be prosecuted for posting some offensive comment on slashdot?

          By the way, this does happen. 2/3rds of the time you hear about some American "kidnapped" by Iran, it turns out there's some legal basis for it - in Iran, of course. (e.g. "Not without my daughter" [wikipedia.org] and Haleh Esfandiari [msn.com]. Does that mean Iran is right? Nah, it means be careful where you go.

        • Re: (Score:3, Informative)

          by tnk1 (899206)

          So if an Iranian company invited you to come work for them, you'd just go and expect the Iranian government to be able to do nothing?

          Extradition treaties protect people who choose not to go to other countries, they don't really protect you if you decide that you are going to do the work for them and fly yourself there or let them fly you there. There are treaties and conventions that ensure that you have consular aid from your country, but if you went on your own, there's not much your country can do legal

      • by AK Marc (707885) on Thursday November 13, 2008 @08:40PM (#25755447)
        Because fraud is illegal. Con games in order to deprive someone of something are illegal. The government should never partake of otherwise illegal means in order to "catch" anyone. If you can't get them playing within the rules, let them go. If the government is willing to set up someone, what makes you think they won't set you up? They have proven they are willing to lie and cheat to get what they want. Are you ok with that if it is what you want, but not ok if it isn't what you want? I find that a inconsistent and hypocritical stance, and I take the one where they shouldn't lie ever. If I were emperor of the universe, I'd pass a law that any police officer that lies, any judge, prosecuter, or such that misleads a suspect, anyone that "tricks" anyone through deception to reveal something should be immediately sacked. If there is a proven history of it, they should be prosecuted for deceiving the public. Those in the positions of authority should not be allowed to abuse it. Cops have fought in court for the right to lie. As such, they are self-confirmed liars who will abuse the law in order to uphold the parts they think important (without ever making it official what is and isn't important, and that may change at any time). That's not a very good job of "protecting and serving."
        • by Anonymous Coward on Thursday November 13, 2008 @09:08PM (#25755727)

          Except it's not fraud, and it's not illegal. What the government did, arresting a foreign criminal who committed a crime in the USA, is perfectly legal. How they got him to enter into the USA, by setting up a fake job interview, is also perfectly legal. I can set up fake job interviews with as many people as I want. So can the feds. It's not against the law.

          But what most people seem to be missing is the sheer stupidity of the criminal. If a company I had hacked into, stolen source code from, and embarrassed publicly suddenly invited me to their corporate HQ in a foreign country, I would be a weee bit suspcious.

          • by totally bogus dude (1040246) on Thursday November 13, 2008 @09:22PM (#25755835)

            I can set up fake job interviews with as many people as I want. So can the feds. It's not against the law.

            Are you sure? I can't find anything to confirm this but I always thought advertising or offering employment when you actually have no intention to employ anyone was at least a civil offence, if not actually criminal.

            On the other hand, I think I've seen pranks and the like that involved fake job interviews, so it may well be perfectly legal. I don't think it should be though. At the very least advertising a non-existent job should be punishable under "false advertising" laws.

            • by prisoner-of-enigma (535770) on Thursday November 13, 2008 @09:59PM (#25756205) Homepage

              At the very least advertising a non-existent job should be punishable under "false advertising" laws.

              False advertising laws are in place to protect consumers from abuse. Advertising a job interview is not the same as advertising a product. It's perfectly legal for me to invite as many people as I want to my office for an interview -- and no job need exist for me to do that. I can interview them all, get all their resumes, and never follow up with a single one of them. It's not illegal, nor should it be. After all, if it were illegal, why would it be illegal? Have I deprived anyone of life, liberty, or property? I have not. If people came and wasted their time, they did so voluntarily.

              You need to get out of this mindset that something "ought to be illegal" just because you don't like it.

        • by Neoprofin (871029) <neoprofin@hot m a i l . c om> on Thursday November 13, 2008 @09:25PM (#25755867)
          You mean like when they send letters to bail jumpers about having won a free boat if they just come pick it up?

          Wont's someone please think of the criminals?
    • by Culture20 (968837) on Thursday November 13, 2008 @07:52PM (#25754875)
      You really thought you were getting that free boat, didn't you?
    • by sampson7 (536545) on Thursday November 13, 2008 @07:53PM (#25754897)
      One of my favorite law stories ever:

      The judges in the small county I used to work in (Charles County, MD) were notoriously tough on cocaine dealers. The neighboring jurisdiction was so overwhemled with drugs that drug dealers in that county were typically given much lighter sentences. The disparity was so great that smart dealers refused to deal in Charles County. Instead, they would arrange deals next to the border without actually ever crossing into Charles Co.

      So when the Charles County Sheriff's Office wanted to mount a major drug sting, they moved the "Welcome to Charles County" sign back a hundred feet or so, and would arrange deals just across the border. We put away a lot of bad people for a long time. Brilliant.

      Um... Yeah. I have no problem with this.
    • by jcr (53032) <jcr.mac@com> on Thursday November 13, 2008 @08:11PM (#25755097) Journal

      If the perp is stupid enough to travel to a country where he's wanted, that's evolution in action.

      -jcr

  • by Pinckney (1098477) on Thursday November 13, 2008 @07:43PM (#25754767)

    The article mentions that this trap failed. Apparently he suspected something.

    Anyway, Gembe was sentenced to probation in Germany for the breach and leak. Interesting that the FBI apparently took this so much more seriously than the German courts.

    • by girlintraining (1395911) on Thursday November 13, 2008 @07:55PM (#25754917)

      Well, just before 09/11, the FBI retasked most of their anti-terror team to work on copyright. Says something about their priorities. Or rather, the priorities of those in charge of their budget.

    • Re: (Score:3, Interesting)

      by Pearson (953531)
      "The article mentions that this trap failed. Apparently he suspected something."

      If I recall correctly, the German authorities got wind of what the feds were going to do and took the hacker into custody instead.
  • myg0t (Score:5, Informative)

    by Digitus1337 (671442) <{moc.liamtoh} {ta} {sutigid_kl}> on Thursday November 13, 2008 @07:43PM (#25754769) Homepage
    The group named in the article is "myg0t" not "mygot." They developed some of the first hacks for Counter-Strike (the original). They became so well known in game as cheaters that a lot of servers are set to automatically kick any playing wearing their tag.
    • Re: (Score:3, Insightful)

      by strikethree (811449)

      They are not cheaters per se. Cheating is their modus operandi. They are griefers. Their goal is to get you as mad as possible. If they can empty out a server, they are happy. If they can make you angry, they have succeeded in their goals.

      strike

  • by yo303 (558777) on Thursday November 13, 2008 @07:45PM (#25754785)

    Do not go somewhere where I'm wanted. Stay in the countries where there are NO warrants for my arrests.

  • by KalvinB (205500) on Thursday November 13, 2008 @07:49PM (#25754843) Homepage

    that's just cruel.

    • Re: (Score:3, Interesting)

      The dumbass got greedy. Instead of informing valve of the methods of his breach and then securing a high-paying job with them, dumbass done stole the source and then bragged about it and now he's probably being watched 24/7.
  • by Psychotria (953670) on Thursday November 13, 2008 @08:41PM (#25755451)

    Apart from the HL2 source code being realease into the wild (which I agree was a big thing), the stuff this guy did to get the source code is probably a bigger deal. He compromised Valve's machines. He broke into their network. He installed keyloggers. He hijacked email accounts. He (maybe) initiated DoS attacks on their servers. Even if he did not steal and release the HL2 source code (trade secrets) what he did was pretty damn wrong... and illegal in most places of the world. The FBI, in my opinion, has every right to chase this guy (no, I do not live in the US). Chase the guy, catch him and let him rot in jail. Summary: the HL2 source code release, at this point in time, is not the big deal; it's all the other laws he broke.

  • by imsabbel (611519) on Thursday November 13, 2008 @08:51PM (#25755557)

    I mean, seriously.
    Anybody remember that incident? Gave valve a golden excuse for delaying HL2.

    It happened 6 weeks or so for the announced release data. And magically, after the leak they needed time to fix "security issues". For more than a fucking year. Because we all believe that the game really was finished at that point..

  • Points to consider (Score:3, Interesting)

    by jandersen (462034) on Friday November 14, 2008 @02:33AM (#25757871)

    On the surface this is a story about somebody that did something he shouldn't have and is punished for it, but I think there are several more important issues here that have nothing to do with the crime itself as such.

    When a person is physcially in one country and commits an offence on a system in another country, who has jurisdiction? I probably lean most to the view that is the country where the offended system is; but there is a trend towards more delocalised systems - as evidenced by the question of where eg. Amazon or Google should pay their taxes. If it isn't clear for your payment of taxes, I can't see that it is any clearer for criminal jurisdiction; after all the criteria for legal proofs are stricter in the criminal court.

    There is also the question of "symmetry" (the right word escapes me at the moment) - when the US feels somebody has committed a crime within their jurisdiction based on the above principle, shouldn't the principle apply the other way? The US wants the world to deliver the people they say are criminals to the US penal system, but it is very hard to get it to work the other way. Even UK, the "special ally", finds it hard to get a US citizen extradited - and even their own citizens, sometimes.

    And then there is the ethics of the situation - is it acceptable to commit a crime, even a very small one, to catch a criminal? The "small crime" in this case is the fraudulent advertising of a non-existent job, it seems. The law - and certainly criminal law - is supposed to be the practical expression of our fundamental, ethical principles; it is illegal to steal, kill, swindle etc because everybody agrees that it is morally wrong, in essence. And as they say, two wrongs don't make a right; if you commit crimes to fight crime, you have tainted yourself and the whole system of justice - and where does the dividing line go? Why is it OK to commit fraud to catch a fairly insignificant hacker, but it isn't OK to take bribes? To my view you are either a criminal or not; and if you commit crimes, you are a criminal.

    As far as I know this kind of thing is not accepted in any other Western country; the are not allowed to use even "mild deception", like a knowingly letting a suspect believe something that isn't true, if it is likely to influence their defence. Which is why you read them their rights when they are arrested, BTW.

    • by russotto (537200) on Friday November 14, 2008 @11:16AM (#25760431) Journal

      The US wants the world to deliver the people they say are criminals to the US penal system, but it is very hard to get it to work the other way. Even UK, the "special ally", finds it hard to get a US citizen extradited - and even their own citizens, sometimes.

      This is what extradition treaties are for, to work out details like this (and BTW, if you represent a nation and are working on an extradition treaty with the US, make sure you specifically forbid the US from engaging in "extraordinary rendition", and specify that any violations shall be remedied by, in the least, repatriating the "rendered" suspect. It should go without saying but it doesn't)

      However, there's no issue like that in this case. If someone in the US who has committed a crime in the UK travels there, the UK can arrest and try him and it's all perfectly legal regardless of whether the crime was extraditable or not.

      As far as I know this kind of thing is not accepted in any other Western country; the are not allowed to use even "mild deception", like a knowingly letting a suspect believe something that isn't true, if it is likely to influence their defence. Which is why you read them their rights when they are arrested, BTW.

      Eh? There's a country where the cops can't lie, at all, to suspects? Do you have any references to that?

      In the US they can and do lie about almost anything; there's a few exceptions, like they can't have a prosecutor pretend to be a public defender (which has shown up on TV police procedurals, but I don't know if they've tried it in real life), and they can't threaten extrajudicial punishment to obtain a confession (which alas happens all the time, and the cops just deny it).

  • Wait! Wait! (Score:3, Funny)

    by Provocateur (133110) on Friday November 14, 2008 @09:58AM (#25759703) Homepage

    Is the position still open?

To understand a program you must become both the machine and the program.

Working...