Hacker Releases 1.7TB Treasure Trove of Gaming Info

mvar writes "According to Kotaku, a hacker named SuperDaeE who breached multiple gaming companies (Valve, Sony, MS to name a few) has released a 1.7TB treasure trove file for download. The file which contains source code for older titles plus development kits for the PS4 and Xbox One consoles, is encrypted and SuperDaeE claims that it is his insurance in case he gets arrested."

Insurance Policy?

[Orestesx]

Right...cause if he gets in trouble, blackmail will surely get him out of it.

Re:Insurance Policy?

[Anonymous Coward]

"Listen up, world! I've got evidence that the senator's been holding a human trafficking and slavery ring in the #7 warehouse on the docks, as well as papers showing the exact schedules of these activities and how they've helped his campaigns! And here's all of that evidence for download! I'm using this as insurance against him arresting me for my breaking and entering into his office to get this information!"
"So... how is this insurance?"
"Because if he tries to arrest me, I'll release all the information to the world!"
"But you just did that."
"Of course I did! That way he knows I'm not bluffing! If he tries something stupid, I'll release it all again! So you see, Senator, I hold all the cards!"

Re:Insurance Policy?

[Anonymous Coward]

Just for reference, if you look at the summary you'll see that what he's released is that trove... encrypted. The idea is that if he gets arrested, he yells out the passphrase, but until then this might as well be 1.7TiB of /dev/random

Re:Insurance Policy?

[spiffmastercow]

Just for reference, if you look at the summary you'll see that what he's released is that trove... encrypted. The idea is that if he gets arrested, he yells out the passphrase, but until then this might as well be 1.7TiB of /dev/random

My guess is it's 1.7GB of /dev/random anyway.

Re:

[Anonymous Coward]

Repeated 1024 times to account for the 1.7TiB of data?

Re:Insurance Policy?

[MMC Monster]

Or his personal porn collection.

Why back it up if you can get the world to do it?

Re:

[tftp]

Unfortunately, "your wrong" © on all accounts. You may be not convicted if after several years of arrest and bond and trial you will prove that it's not your {CP,cocaine,whatever}. Even that is not obvious because your opposition is not empty-handed either.

There were many instances of innocent people, one even being mayor of the town where it happened, receiving an unexpected package - and when they touched it they were arrested by cops who were lying in wait. Sometimes drug dealers ship drugs not t

Re:

[Digital Vomit]

You never, ever go to the cops if you come across CP. Ever. Most police forces have proven themselves completely untrustworthy when it comes to CP. If you come across CP, you destroy it and keep your mouth shut.

Re:

[Anonymous Coward]

It's 1.7 GB of /dev/random. All he needs to do is release the correct one-time pad!

Re:Insurance Policy?

[Anonymous Coward]

He has a Beowulf cluster of geiger counters!

Re:

[firex726]

So neither we nor the companies may even know the extent of what he has.
Kinda shitty plan on his part it seems.

And even then, why release it to begin with?
Had he kept quiet he might never have been caught, by putting it out there he all but guaranteed his arrest.

Also what good is the Dev SW for a PS4 or XBone without the hardware? We already know what the HW will be like, does anyone give a shit what SW the consoles will use? The people who could make use of it, developers; already have their Dev kits in ha

Re:Insurance Policy?

[firex726]

Sure, but Dev kits are also much more open than a release console. They need to be to let the Dev run unsigned code of their own while it's being made; any exploits you may find in this code may not be usable in the final product; especially since the consoles are possibly still being made.

Re:

[firex726]

Except for those consoles, the Dev kits are both HARDWARE and software.
Any exploit the "scene" may find may not be usable at launch. Software dev kits are purposely made to be more open.

> Hey look, I can run whatever code I want without having it signed!

Yea, you can bet after this last gen Sony and MS will require all the code to be signed.

Re:

[firex726]

Which would be even worse for him, since right now it's only a threat with no confirmation, if he thought doing that gives MS and Sony access to each other's copyrighted material, he'll be fucked.

And even then, so what? He's got a lot of proprietary SW that requires proprietary HW with it to be usable. Unless he's going to handout the PS4 and XBone hardware dev kits too.

Re:

[DrXym]

And in doing so open himself up to charges of hacking, blackmail, extortion, wire fraud and anything else they can pin on him. It's a stupid plan.

Re:

[Zencyde]

I'm under the impression that he has something automatically set up to yell the passphrase for him if he isn't there to stop it once every arbitrary schedule of time. I imagine that this is some sort of timer system, possibly set on a weekly basis. Easier to guarantee it working as this situation, in which he is behind bars, would be expected. If he's as smart as he comes off, he even has this trigger set across multiple locations through sources that he's accessed only anonymously. He could even have a bot

Re:

[Heretic2]

Just for reference, if you look at the summary you'll see that what he's released is that trove... encrypted. The idea is that if he gets arrested, he yells out the passphrase, but until then this might as well be 1.7TiB of /dev/random

If you read the article, you'll see that it gets auto-decrypted if he fails to check in. So if he gets arrested and can't access the failsafe to reset it the timer, it gets released.

Re:

[someone1234]

So he is safe. Released, the info gets spread on the interweb. No way to destroy it.

Re:Insurance Policy?

[tattood]

Sure, the game companies may not want this released, but does the FBI care? If they investigate, and find and arrest the hacker, it's up to the D.A. whether or not to prosecute, not the game companies. This seems like a worthless insurance policy/blackmail, because the people going after him are unaffected by the action of him releasing the encryption key.

Re:

[FatdogHaiku]

Almost.
Does the FBI work through U. S. Attorneys?
Yes. Although the FBI is responsible for investigating possible violations of federal law, the FBI does not give an opinion or decide if an individual will be prosecuted. The federal prosecutors employed by the Department of Justice or the U.S. Attorneys offices are responsible for making this decision and for conducting the prosecution of the case.
http://www.fbi.gov/about-us/faqs [fbi.gov]

Local stuff is handled by a D.A. (District Attorney) or City. County, or Sta

Upgrade my cell to solitary, please....

[TiggertheMad]

More to the point, unless the 1.7TB contains something of interest in the first place (ex: stolen source code that isn't encrypted), who is going to bother to download it? See, you have to give people an incentive to download that much shit before they are going to act as your own personal distributed storage service.

Bet when he gets arrested (not if), that there aren't any copies of his 'get out of jail card' in the wild.

Also, just for the record, have there ever been instances of anyone successfully blackmailing the cops into letting them go? Ever?

Re:Upgrade my cell to solitary, please....

[kkwst2]

Actually I disagree. All you have to do is convince people there is a good chance it contains something of interest. That it is encrypted might entice people to download it in the hopes of discovering the key or decrypting it. I'll take your bet. I'll bet you a 2 TB hard drive.

I'm also willing to bet someone has blackmailed authorities into letting them go. I'm also willing to bet that said authorities did not announce that they were letting the accused go because he had some really juicy dirt on them.

Re:Insurance Policy?

[DrXym]

Safe how? It sounds like he is being charged for possession of kiddy porn among other things. He'll be tried and convicted regardless of his "threat" (which in itself is a offence) and if he's fucking stupid enough to release the key he can expect to receive fresh charges on top since he has just incriminated himself. So he'll probably go from 3-5 years up to 10+ years. Doubtless all sentencing to be served consecutively. Great plan that.

Re:

[SuricouRaven]

Depends if his spitefulness outweighs his long-term planning - if he gets a long enough sentence to effectively ruin his life, revenge is going to look very appealing indeed. He also said that his 'inability to access a computer' would release the passphrase, suggesting he is paranoid enough to have a dead-man's-handle - either tucked away on a server no-one knows about, or a few friends with orders to release it if he goes out of contact.

The charges are so diverse they look suspiciously like the result of

Re:

[DrXym]

Well if it was just his girlfriend he'd be even dumber since they court would probably go easy on him. They don't go so easy on people who attempt to subvert justice. If he went through with his grand plan he'd be stewing in jail long after anyone else gave a damn.

A perverse incentive

[KingSkippus]

So are we, the public, supposed to now cheer him and and support him not getting arrested? Oh, hell no, I want all of those goodies released. I hope they arrest his ass, and the sooner, the better.

Re: Insurance Policy?

[madprof]

The 5th what? US constitutional amendment? Do they even have such an equivalent law in Australia?

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:Insurance Policy?

[nedlohs]

Because yelling a passphrase is easier than yelling out 1.7TB of data on the spot?

Re:Insurance Policy?

[Minwee]

Because yelling a passphrase is easier than yelling out 1.7TB of data on the spot?

They're trashing our rights, man! They're trashing the flow of data! Hack the planet!

Re:

[interval1066]

whatever. I think the dude is funny as hell. I hope they don't murder him.

Re:

[jellomizer]

Besides that, that is a big So What in data.

Ok Source code for OLD GAMES, So games that have already been pirated and hacked, but lets the the source so we could compile it before we play it.
SDK, that would be handy, if only you wanted to be licensed with the gaming company, to you know distribute your code. Even OSS projects would avoid it as to not get sued for using a pirated SDK.

So when he gets arrested for hacking, they will just add Pirating to the list too. Good thinking!

Re:

[lbmouse]

It might help determine how rapey his cellmate will be.

Re:

[poofmeisterp]

Must post the obligatory reply:

"I didn't do it." [youtube.com]

Unintended Consequences

[Anonymous Coward]

Now hackers everywhere have a reason to get SuperDaeE arrested.

Re:

[Archangel Michael]

Or at least find a Hammer

FTP?

[Anonymous Coward]

> using centralized resource to distribute "insurance"
>> 2013

OMG

[lesincompetent]

Valve too?
Please SuperDaeE tell me: can they count to three?

Too large to be useful...

[Darkness404]

This sounds like too large of an "insurance" to be useful. Most people don't have the bandwidth or the space to hold 1.7 TB of encrypted info. Smaller files might make sense but not huge ones like this.

Re:

[asmkm22]

Just uploading that must have been a real bitch.

Re:

[loufoque]

It takes about two days at 100Mb/s

Re:

[HybridST]

If I were to start the download on my home connection which tops out at about 100kb/s(fastest in my area) it won't be finished before I receive the 4 year degree I start in the fall. Then there's the keyfile to think about. I think I'll skip this one.

Re:

[loufoque]

You probably mean 100kB/s, not 100kb/s.
It will still take you about 200 days.

Re:

[Grave]

Or he actually did mean 100kb/s, which puts it at 4.3 years, fitting the timeline he stated.

Re:

[loufoque]

Any old copper telephone line supports at least 512kbit/s.

Re:Too large to be useful...

[VorpalRodent]

And even if they did...what's the value? Please explain to me if I'm missing something, but if I can't decrypt it, then my having a copy is just to protect his "insurance policy", in which case I'm aiding and abetting. I assume additional risk with zero potential benefit, except perhaps helping "stick it to the corporate blah blah blah"?

Re:

[Sir_Sri]

Game developers in countries not so encumbered by copyright law will happily look at it the moment they can free from repercussions too.

If you're in china, and make games for the chinese market why do you care what some 'murican game developer has to say? Like every other knock off and counterfeiter in china, they don't care in the slightest.

Re:

[dittbub]

Perhaps he will take a wikileaks like approach. Release individual games slowly over time but have the larger file available should he be interupted

Useless at any size

[AliasMarlowe]

This sounds like too large of an "insurance" to be useful. Most people don't have the bandwidth or the space to hold 1.7 TB of encrypted info.

Some of us do have the space[1] and bandwidth[2], but are utterly lacking in motivation to do so. Motivation would still be absent even if the file were unencrypted and the download had the blessing of the games companies. Big clue: we're not gamers, so we're not in thrall to games or gaming companies.

[1] We have 6 TB of available space in a single volume on a server at home
[2] We have 100Mbps symmetric fiber (with no caps) at home

Re:Too large to be useful...

[rodrigoandrade]

I bet he's too young to have ever used alt.binaries to know how it's done.

Re:

[SuricouRaven]

Only one person needs to keep a copy, though.

I am a 1337 hax0r

[Spy Handler]

I have 2.0 GB of source code for Windows 8, Windows 9 alpha, Call of Duty Ghosts, World of Warcraft Annihilation and Donkey Kong Junior. I have encrypted the file and am withholding the key in case I get arrested. But trust me, it's all there.

Re:

[liamevo]

When you start releasing info on yet to be confirmed or released hardware, services and sdk's, which are then verified, then you can take the piss.

Lovely logic there...

[denzacar]

Following such way of thinking, you'd have to conquer most of Europe and murder 6 million Jews before you could "take the piss" out of Hitler.

Don't forget commissioning a small economic car and being a vegetarian painter while doing all that.

Re:

[liamevo]

I was merely pointing out that there is some credibility that what he says is in the archive, actually is in the archive, and that acting as if it's just some script kiddie making stuff up has to ignore the fact that this kid has proven credible with the info already leaked.

Re:

[X0563511]

Did you bother even searching for it? [wikipedia.org]

Re:

[interkin3tic]

It does say he "leaked loads of accurate new info to Kotaku about the then unnamed Xbox One and PS4 earlier this year," which is possibly why the generally-not-born-yesterday kotaku may be taking it somewhat seriously.

Re:

[Anubis IV]

which is possibly why the generally-not-born-yesterday kotaku may be taking it somewhat seriously.

My faith in Kotaku has diminished quite a bit following the attack piece they published against Silicon Knights and Dennis Dyack. Dyack (who is certainly no saint, but is also not the embezzler he's made out to be) later did a point-by-point rebuttal to it, providing convincing information and evidence to contradict each of its claims, and even managed to get a hold of a copy of an e-mail from a Wired editor to the freelance author of the Kotaku attack piece, in which the editor turned down the article due

Re:

[interkin3tic]

I'm not saying they're great journalists. I'm not even saying they're great for a video game news website, just that they are a little more skeptical than supermarket tabloids usually.

Re:

[Anubis IV]

I can agree with that. On the whole, they're "not bad", but they are certainly not as careful as they should be.

Re:I am a 1337 hax0r

[jellomizer]

You needed Donkey Kong Junior just to make you hit 2.0 Gigabytes exactly. Right?

Re:

[steelfood]

It's collectively worth $200 million. If you wire me $20,000 right now, I can get it out of the country and you can take 20% of the profits from the sale.

Re:I am a 1337 hax0r

[oztiks]

I have 2.0 GB of source code for Windows 8, Windows 9 alpha

Please, if you're going to steal something you should check to make sure it's of real value to someone first. Donkey Kong Junior is perhaps the biggest ticket item you've mentioned!

1.7tb of stuff..

[gl4ss]

..that nobody knows what it is?
that's a lot of hd to keep as insurance for some random dude.

and ftp? wtf? ever heard of bittorrent. or tor.

Re: 1.7tb of stuff..

[pellik]

Yeah, but when he gets arrested and the key is released it will be pretty awesome to have the file already.

Re:

[nitehawk214]

Why would a torrent swarm of people download a giant file that they cannot decrypt?

You know what, don't answer that. I am sure enough file hoarders will grab the file to keep the torrent alive alive.

Re:

[Runaway1956]

No, but we could hang it by it's neck until dead, dead, dead!

Oh, wait - does data have a neck?

Insurance?

[Darth Snowshoe]

Insurance from whom, against whom? Like, Valve is going to call in its favor and get the FBI to get off his case, for fear of their DRM being compromised? I can totes see that happening.

Re:

[gl4ss]

Insurance from whom, against whom? Like, Valve is going to call in its favor and get the FBI to get off his case, for fear of their DRM being compromised? I can totes see that happening.

pretty much all games on steam have had their checks cracked. not much to defeat there.

Re:

[interkin3tic]

I assume you are referencing the HL2 leak. [wired.com] Where valve got the guy to come to the states for a job interview at which point the FBI arrested him. And the same trick was used by valve years before.

So this guy should be skeptical of any job offers he gets from valve, rather than hold an insurance file.

Re:

[interkin3tic]

Oops! I didn't. Sorry.

Re:

[dittbub]

I assume the guy is planning to release the source code chunk by chunk but hes at risk of being interrupted and arrested. His insurance policy makes sense because hes saying "you can arrest me but if you do then hundreds more will have access to the source and then you'll have to find them all too"

Re:

[SuricouRaven]

It doesn't seem realistic. But he is seventeen - he may well expect it to work, being still naive about the level of assholery humans are capable of.

Encrypted blob

[SirGarlon]

I totally believe it's possible to exfiltrate data from multiple game companies (or indeed any companies). But how do we know he didn't just upload a 1.7 TB encrypted blob of random garbage? The word of a 17-year-old script kiddie is not exactly a lot to go on.

Re:Encrypted blob

[CastrTroy]

And it seems odd that there would be so much data. Source code doesn't take that much space, and neither do development kits. Perhaps he's including game assets like textures and cut scenes from the games, but I don't really see much point in including that, since it would mostly be easy to extract from the actual game files themselves.

Re:Encrypted blob

[loufoque]

The xbox 360 base SDK is 2GB. If you count all extra stuff for Kinect etc. it's even bigger.
And they probably have tons of other middleware software, some of which could come with their own editing and authoring tools. That alone could account for a hundred gigs if not more.
Then there is source code. It's not unusal for a piece of software to have sources that account for 500MB, and several gigabytes if you include binaries.

All in all they probably also have binary assets of some sort, but software does take quite some space on a disk.

Re:

[cyberfunkr]

Remember, this is encrypted, not compressed.

I run a small-sized website. Not including graphics, I have almost 40MB of data.
Heavily commented source
Archives of old, or out-dated source
Upgrade scripts
Notes
API information
DOC files
UI examples
etc...

It doesn't take that long to build up data now a days.

Re:

[sl4shd0rk]

And it seems odd that there would be so much data. Source code doesn't take that much space

Um, it's really not that uncommon for source code to occupy much more space than it's compiled form. Perhaps you need to stop writing so much stuff in debug..

lol wat

[Anonymous Coward]

Insurance in what sense?

1. Get arrested;
2. Release password to unencrypt source code for old software;
3. Get charged with yet another crime;
4. ???

Hang on a sec

[DrXym]

Since this is encrypted this could be 1.7TB of shit for anyone knows. Or is there a sampler or something people are supposed to download to know it isn't?

He's obviously not Canadian

[Kinwolf]

At least we know this hacker isn't Canadian. With our current ISP plans, it would have taken 1.5 years to upload 1.7TB of data without busting the bank in extra fees for bandwith.

Re:

[tom17]

It would actually take a little over 2 months at 10MBps if you restricted it to the unmetered times (6 hours a day) (That's a TekSavvy example).

But this would not apply if you were with one of the Big Two. Maybe that's what you meant? They barely count as internet service if you ask me. Rip-off merchants!

Re:

[tom17]

I made a mistake. Uploads don't go towards your 300GB cap. So it would, in fact, only take ~16 days.

Re:

[tom17]

Faster, yes. Cheaper? No.

Given that the longest a direct flight could be is currently about 18.5 hours, (Lets call it 20 due to time taken on either end), your transfer of 1.7TB would result in a throughput of about 200Mbps.

Not much of the world has a throughput that high, so the 'faster' part of your comment pretty much applies to the entire world :)

Honest and for true?

[Hartree]

I've released a file which contains the complete plans for the Illudium Q-36 Explosive Space Modulator which can blow up the earth.

The file is encrypted, and if the local parking meter attendants put anymore tickets on my suburban, I'll release the passphrase.

I really, really will!

That is all.

Re:Honest and for true?

[sconeu]

I cracked your encryption, and built it. Then I tried it out.

To say I was disappointed would be an understatement. Where was the KABOOM? There was supposed to be an Earth-shattering KABOOM!!!

Password

[Eleint]

Has someone downloaded this and tried the password "up, up, down, down, left, right, left, right, A, B, select, start"?

Re:

[GodfatherofSoul]

I did, but I just keep launching fireballs out of my CDROM.

I have all the Top Secret Data in the Universe

[adisakp]

Which I will release to the public in a 1.7TB archive. If I'm arrested, I will release the one-time pad decryption key.

Great. Leisure Suit Larry 1.0 rides again...

[crovira]

I can not imagine any greater waste of bandwidth or disk space than wasting my life with this shit.

Re:

[interkin3tic]

THAT'S what you're upset about?

Okay, call him an "Information Liberator." He doesn't appear to have referred to himself as a hacker, at least not in the short article, so lets assume he never did. Do you still hope he dies imprisoned?

If not, why are you getting so bent out of shape about a trivial use of a trivial word?

Re:Fucking idiot

[ae1294]

I never user products from companies who feed customer data to the NSA. Are you listening, Google?

So how are you posting this again? Every Internet company is feeding data to the NSA sooooo?

Re:Do it like Snowden

[PRMan]

"China: Bastion of civil rights." Has kind of a funny ring to it...

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[loufoque]

You can't just decrypt stuff just because you want to. It's protected by the power of math.

Re:

[loufoque]

Maybe in a divergent future where they prove that P = NP and where rap music is actually relevant.

Re:

[SuricouRaven]

2. Doesn't matter. So what? All they'd do is confirm he is not bluffing.
3. Is the flaw in the plan. It's based on the idea that the games companies he hacked are headed by executives who would ask the FBI to let him go free to protect their own trade secrets, and that the FBI is obliged to obey if such a request is made. Neither of these is true. Chances are at least one of those companies would rather crucify him to set an example, and even if they all back down the FBI can go ahead and prosecute anyway -

Re:So not only a hacker...

[Anonymous Coward]

He's a minor himself. The "child pornography" could be pictures of his own dick for all we know, or a 17 year old girlfriend. The "drug" charges are "posession of cannabis and cannabis paraphernalia" so who gives a shit and the "weapons" charge was supposedly a stun gun. Not a taser, just one of those sparky things.

Re:

[SuricouRaven]

Which stinks of an FBI trawl - that's the type of charge list you'd expect when the FBI wants to take someone down but can't actually convict them, so goes hunting for anything else illegal they may have done instead.

Everyone is a criminal in some way. Just got to dig deep enough to find how.

Re:

[SuricouRaven]

I'm sure a few people are holding on to them. Just in case. Assange is a true fanatical idealist - if he at any point believes he is going down, he won't hestitate to release the key and take a few percieved enemies with him. The only reason the key hasn't been released yet is his ability by luck and skill to evade all attempts to get him somewhere the US or allies could charge him.

He's still in the Ecuadorian embassy - he's shown no signs of wanting to move, Ecuador has shown no inclination to kick him out