Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
Books Crime First Person Shooters (Games) Graphics Security Games Entertainment

Hacker Who Stole Half-Life 2's Source Code Interviewed For New Book (arstechnica.com) 192

"Can you love a game so much you must take its sequel?" asks Ars Technica, posting an excerpt from the new book "Death By Video Game: Danger, Pleasure, and Obsession on the Virtual Frontline." At 6am on May 7, 2004, Axel Gembe awoke in the small German town of Schonau im Schwarzwald to find his bed surrounded by police officers bearing automatic weapons... "You are being charged with hacking into Valve Corporation's network, stealing the video game Half-Life 2, leaking it onto the Internet, and causing damages in excess of $250 million... Get dressed..." The corridors were lined by police, squeezed into his father's house...
Gembe had tried creating homegrown keystroke-recorders specifically targeted at Valve, according to the book, but then poking around their servers he'd discovered one which wasn't firewalled from the internal network. Gembe spent several weeks discovering notes and design documents, until eventually he stumbled onto the latest version of the unreleased game's source code. He'd never meant for the code to be leaked onto the internet -- but he did share it with another person who did. ("I didn't think it through. The person I shared the source with assured me he would keep it to himself. He didn't...")

Eventually Gembe contacted Valve, apologized, and asked them for a job -- which led to a fake 40-minute job interview designed to gather enough evidence to arrest him. But ultimately a judge sentenced him to two years probation -- and Half-Life 2 went on to sell 8.6 million copies.
This discussion has been archived. No new comments can be posted.

Hacker Who Stole Half-Life 2's Source Code Interviewed For New Book

Comments Filter:
  • At least they were kind enough to let him get dressed first.

    • Germany. Not USA.
      • Germany. Not USA.

        Still, doesn't "Axel Gembe awoke in the small German town of Schonau im Schwarzwald to find his bed surrounded by police officers bearing automatic weapons... The corridors were lined by police, squeezed into his father's house..." seem excessive to arrest a guy who hacked a game company?

        • Sounds like a SWAT team, which I'm guessing is standard procedure when breaking and entering. I don't know how the German police works.
        • by dbIII ( 701233 )
          Very much so - see also DVD Jon and also the earlier events covered in Bruce Sterling's "The Hacker Crackdown" (free online since before this slashdot started) for other examples of insane paramilitary responses to suspected online crimes and how it's not getting any better. It's as if the agencies involved think they are in a comic book going after supervillians and are incapable of learning from experience.
  • by Anonymous Coward

    The hacker's actions were a crime both in Germany and the United States. The crime is partly in the jurisdiction of the United States because it was against an American company. Normally it's pretty straightforward to extradite someone given the evidence. It was a courtesy for the FBI to notify German authorities of the plan and provide them with the evidence. I don't see any way the actions of the German authorities were justified to prevent the hacker from being charged and standing trial in the United St

    • by Shadow of Eternity ( 795165 ) on Monday June 20, 2016 @03:01AM (#52350567)

      Because he caused a corporation to hypothetically lose some money, the worst possible crime in the US, and the Germans didn't want to see someone get some wildly disproportionate 50 year sentence for that.

    • by Feral Nerd ( 3929873 ) on Monday June 20, 2016 @03:40AM (#52350669)

      I don't see any way the actions of the German authorities were justified to prevent the hacker from being charged and standing trial in the United States.

      US courts have a tendency to hand down draconian sentences for even trivial infractions thanks to the 'come down on him like a ton of bricks' attitude to justice among politically ambitious US judges and prosecutors. This has resulted in an extreme reluctance in other countries to extradite people to the US in cases where there is any chance that the prisoner might receive 25 years to life just to further some US offiial's political ambitions for something he'd get a 5 year sentence for in Europe .

      • by alexhs ( 877055 )

        US courts have a tendency to hand down draconian sentences for even trivial infractions thanks to the 'come down on him like a ton of bricks' attitude to justice among politically ambitious US judges and prosecutors.

        My understanding is that many judges in the USA are elected, so I wouldn't put the blame on the judges but on the electors. You just get what you (collectively) asked for, for better or worse.

        This has resulted in an extreme reluctance in other countries to extradite people to the US

        I'm not sure about that. However, some countries, and this includes Germany, forbid extradition of their own nationals [wikipedia.org].

        • by houghi ( 78078 ) on Monday June 20, 2016 @04:47AM (#52350759)

          Due to the fact that judges are elected, you get people that are in for revenge, not for justice.

          I see it as offical mob justice. "Hang em high" is what they voted for and that is what you get. That does not mean that it is in any way reasonable.

          • Due to the fact that judges are elected, you get people that are in for revenge, not for justice.

            Mod him up! ...that's the problem in a nutshell. Judges and prosecutors should not deal out revenge in response to popular opinion and rage

          • Sadly being elected they usually have to take the 'tough on crime' stance... Which for their position means 'hammer anyone they can'. What the public actually tends to want is certain crimes punished harshly (which ones can vary a bit) and the rest they care little about. However the elected judges and others in that chain can't skimp on even one or their opponents will try to claim they aren't 'tough on crime'. So nothing goes over lightly if they can avoid it. So it's not entirely what the voters want, it

        • US courts have a tendency to hand down draconian sentences for even trivial infractions thanks to the 'come down on him like a ton of bricks' attitude to justice among politically ambitious US judges and prosecutors.

          My understanding is that many judges in the USA are elected, so I wouldn't put the blame on the judges but on the electors. You just get what you (collectively) asked for, for better or worse.

          I have never understood how you can have an independent courts in a system where the judges and prosecutors are elected. Not that the old world practice of appointing judges and prosecutors is flawless with it's political appointee problem but at least those judges and prosecutors don't have to whore for campaign funding and votes every few years and they don't get tempted to send people to jail for ridiculously long periods of time to pander to public opinion and make themselves popular in an election year.

        • by Anonymous Coward

          US courts have a tendency to hand down draconian sentences for even trivial infractions thanks to the 'come down on him like a ton of bricks' attitude to justice among politically ambitious US judges and prosecutors.

          My understanding is that many judges in the USA are elected, so I wouldn't put the blame on the judges but on the electors. You just get what you (collectively) asked for, for better or worse.

          This has resulted in an extreme reluctance in other countries to extradite people to the US

          I'm not sure about that. However, some countries, and this includes Germany, forbid extradition of their own nationals [wikipedia.org].

          Is there a more extreme manifestation of reluctance to extradite than passing a law forbidding the extradition of your own nationals? Having said that, the USA is not the prime motivator for that law, it's more likely to be countries like Russia, Saudi Arabia, Turkey and the likes where the judiciary is either religiously extreme, completely corrupt or both and jails qualify as a form of hell on earth. Finally, refusal to extradite does not mean the accused gets off scot-free. Any German national the German

        • by Lumpy ( 12016 )

          we don't get honest people up for election, but instead a selection of party members that "it's their time" so they are put up in front. Anyone thinking the United States has free elections is completely delusional.

          • Which is exactly why Donald Trump, someone who has held no political office and leans left more than he leans right, is the presumptive Republican nominee, yes.
            • by dbIII ( 701233 )
              A casino owner leans left?
              I suppose some people will say such weird shit in a place where Charlie Chaplin, one of the richest capitalists of his time, was called a communist.
    • by bkmoore ( 1910118 ) on Monday June 20, 2016 @04:13AM (#52350711)

      .... I don't see any way the actions of the German authorities were justified to prevent the hacker from being charged and standing trial in the United States. This is a pretty straightforward application of how international cooperation between law enforcement agencies is supposed to work, yet Germany didn't let that happen.

      Germany generally won't extradite their own citizens to stand trial in a foreign country. This has some cultural significance because the DDR (East Germany) used to extradite citizens to the USSR for alleged political crimes.

    • Normally it's pretty straightforward to extradite someone given the evidence.

      Germany does not extradite its citizens (with very limited exceptions). It's in the constitution. Germany extraditing a German citizen to the US is about as straightforward as introducing a blanket ban on guns in the US - not gonna happen.

    • by Anonymous Coward

      1. He did everything in Germany, so everything falls under German jurisdiction.
      2. He seems to be a German citizen, so the German authorities cannot extradite him to a non-EU country. The Constitution prohibits it.

    • I don't see any way the actions of the German authorities were justified to prevent the hacker from being charged and standing trial in the United States.

      Really? Because it says right there in the article that they arrested Gembe because he'd written malware that used the same exploit as another hacker that they arrested on the same day and thought the two might be connected. Seems like a pretty obvious justification. Maybe you just didn't want to see it.

    • by Rei ( 128717 )

      From the article:

      The police interrogated Gembe for three hours. "Most of the questions they asked me were about the Sasser-Worm," he says, referring to a particularly vicious malware that affects computers running vulnerable versions of Windows XP and Windows 2000, created by an eighteen-year-old German computer science student Sven Jaschan from Rotenburg, Lower Saxony.

      "For some reason they thought there was a connection between me and Sasser, which I denied. Sasser was big news back then and its author, Sv

  • by Shadow of Eternity ( 795165 ) on Monday June 20, 2016 @02:54AM (#52350555)

    Can we talk about that? Someone guessed Gabe Newell's password, downloaded some files, leaked them to the internet, and the response to this was to send a small army of heavily armed stormtroopers with automatic weapons to take him into custody with an absurd display of force.

    That should be the real story here. We've gone past "corporate personhood" and into "corporate godhood", we're treating people whose only crime was potentially costing a fantastically wealthy corporation some pitiful percently of their quarterly profits the same way we treat active shooters and terrorists in the middle of an attack.

    • by Anonymous Coward

      What makes you think that Corporation could not possibly be divine?

      It is nameless and immortal.
      It is not constrained by morals. Instead it is the source of morality.
      It is everywhere and all-powerful.
      It works in mysterious ways.

      In fact, whole papers [bepress.com] have been written for this topic, and I'd say they're pretty convincing. Much more convincing than the New Fairytale.

      • In other words, it's a religion.

        Maybe it's time for another separation of church and state?

        • by MrKaos ( 858439 )

          In other words, it's a psychopath.

          • In other words, it's a psychopath.

            Good, but sociopath is a bit more encompassing of the characteristics of a for-profit Corporation.

            They're the new gods, replacing Hollywood stars – the original replacements.
            They're more powerful than most governments.
            They write the first drafts of many, many of the bills that become law.
            Taxpaying citizens pay to maintain the infrastructure upon which they rely, but do not pay for.
            Obey.

            All of this is thanks to that stupid US Supreme Court Decision, so long ago, regarding railroad companies, but that

    • by mentil ( 1748130 )

      Every time a foreign country refuses to enforce draconian IP laws shoved down their throats via omnibus treaties, the MAFIAA gets another digit of the nuclear launch codes. You don't want to let their bean-counters decide that a smoking ruin where $0 of piracy takes place, is more profitable than allowing the victim the grace of their price-fixed goods.

      • the MAFIAA gets another digit of the nuclear launch codes

        You mean 0?

        http://www.dailymail.co.uk/new... [dailymail.co.uk]

        • Not to take away from that article, but calling 15 years "nearly 20 years" was unnecessarily confusing.

        • the MAFIAA gets another digit of the nuclear launch codes

          You mean 0?

          http://www.dailymail.co.uk/new... [dailymail.co.uk]

          True about 00000000, although I would recommend against ever citing The Daily Mail (Daily FAIL) as a source – which in its article cites a blog. Far better is Eric Schlosser's somewhat recent book "Command and Control." It's a scary read, detailing how close we were to accidental nuclear Armageddon, and many more times than you think. All in the book is thoroughly backed up by citations and de-classified documents.

    • by dbIII ( 701233 )
      You forgot to add "at taxpayers expense" to the absurd and ridiculously costly paramilitary exercise. They are not using their own resources for their corporate godhood which makes it even worse.
      Given police budgets something had to be given up on elsewhere to fund this farce.
  • He should have just paid the $250M in damages instead of going to a court.

    • Here's two of the scripts I used, worth each 125M.

      What? Hey, you started making up numbers, so why shouldn't I?

  • "The person I shared the source with assured me he would keep it to himself. He didn't..."

    Well duh.

    Hacker stills: 7/10
    Social skills: 0/10

    • by Anonymous Coward

      Spelling skills: 0/10

    • This is the real news, right? "Hacker makes monumental achievement, has it stolen by shitty friend!"
  • by Anonymous Coward

    "You are being charged with hacking into Valve Corporation's network, stealing the video game Half-Life 2, leaking it onto the Internet, and causing damages in excess of $250 million..."

    Can't stand how companies attach such arbitrary bullshit numbers to this kind of thing. Two-hundred and fifty million dollars is literally just a number some person with great self-interest in picking a huge exaggerated number pulled out their ass with no way to quantify in any realistic manner.

    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I guess, that's how much Valve had to pay the makers of the Havoc physics engine, when it was discovered, that they had copied their code verbatim into the HL2 source

  • by Anonymous Coward

    TFA says:

    "But there were concerns about the ongoing access that Gembe had to Valve's servers and the potential damage he could still cause. So the FBI contacted the German police in order to alert them to the plan."

    Not much of an expert here, but they talked to him for 40 minutes, asking him about the details of the breach, which he apparently was willing to explain in detail and they couldn't shut him out?

    • you're a fucking idiot.

      "oh, so that's how you got in. okay. do you know any other backdoors?"

      "nope."

      "promise?"

      "yup!"

      "well, that's good enough for us!"

  • Especially not in a way that they can trace you.

    The urban legend is as old as the one about the hooker asking the John whether he's a policeman and if he is he has to answer truthfully. He doesn't. Likewise, nobody is going to give you a job for hacking them.

    Think about it: One of the key requirements when working for someone in such an environment is trust. He has to trust you that you will not sabotage his project, that you will not steal his project, that you will not allow others to gain access to it. A

  • Dont be stupid...

    Giving it to someone random on the internet and trusting them. Contact the company.... All of the above is incredibly stupid of you are a hacker.

    Dear kiddies, rule #1 - keep your mouth shut.

    Rule #2 - if you want to talk about something, see rule #1.

    • Exactly.

      #1 Rule about hacking: STFU aka "do NOT brag about it."

      I guess he wanted "recognition" for how 3l33t he was.

  • by bytesex ( 112972 )

    "Eventually GEMBLE contacted Valve, apologized, and asked them for a job"

    My mouth is still hanging open. Some people really, really have no idea how this world works.

  • I see cop math is not limited to the USA.

"It's a dog-eat-dog world out there, and I'm wearing Milkbone underware." -- Norm, from _Cheers_

Working...