At 6 a.m. on May 7, 2004, Axel Gembe woke up in the small German town of Schönau im Schwarzwald to find his bed surrounded by police officers armed with automatic weapons.
A cop barked, “Get out of bed. Don’t touch the keyboard.” Gembe knew why they were there. But with blurry eyes, he asked anyway.
“You are accused of hacking into Valve Corporation’s network and stealing the video game half-life 2 it leaked it onto the internet and caused more than $250 million in damages,” was the reply. ‘Get dressed.’
Seven months earlier, on October 2, 2003, Gabe Newell, CEO of Valve Corporation, woke up in Seattle to discover that the source code of the game his company had been working on for nearly five years had leaked onto the Internet. The game was supposed to release a few weeks early, but the development team was nearly a year behind schedule. half-life 2 , one of the most anticipated games of the year, was coming too late, and Newell had yet to admit to the public what time it would be. Such a leak was not only financially threatening, but also embarrassing.
After thinking about these immediate concerns for a few moments, an avalanche of questions rolled through Newell’s mind. How had this happened? Did the leak come from inside Valve? Which member of his team, who spent years of his life building the game, would jeopardize the project in the final hour?
If it wasn’t an inside job, how did it happen? Did anyone have access to Valve’s internal server?
The loudest question will be familiar to anyone who has ever had anything stolen from them: Who did this?
“I started hacking by becoming infected myself,” says Gembe. “It was a program pretending to be one Warcraft3 key generator and I was stupid enough to run it. It was an sdbot, a popular common malware at the time.”
The young German soon realized what he had installed on his PC. But instead of scrubbing and forgetting the malware, he reverse-engineered the program to see how it worked and what it did.
By following the trail back, Gembe was able to locate his operator. Instead of confronting the man, Gembe started asking him questions about the malware.
“At that time I couldn’t afford to buy games,” he explains. “So I coded my own malware to steal CD keys to unlock the titles I wanted to play. It quickly grew into one of the most prominent malware at the time, especially as I started writing exploits for some not -patched vulnerabilities in Windows.”
In Seattle, Newell’s first thought was to go to the police. His second was to go to the players. At 11 p.m. on October 2, 2003, Newell posted a thread about the official half-life 2 forum titled: “I need the community’s help.”
“Yes, the source code posted is HL-2 source code,” he wrote in the post. Newell went on to outline the facts that Valve had been able to piece together so far. He explained that someone had gained access to his email account about three weeks earlier. Not only that, there were also keystroke recorders installed on several machines at the company. According to Newell, these were made specifically to target Valve because they were not recognized by anti-virus programs.
Gembe’s malware crimes, while undeniably exploitative and harmful, were crimes driven by a passion for games rather than profit. His favorite game of all was Half-life. In 2002, Gembe, like so many fans of the series, was eager for new details about the forthcoming sequel. That’s when he got the idea: if he could hack into Valve’s network, maybe he could learn something about the game that no one else knew yet. He would have his moment of glory, but more than that, he would have the assurance that the creators of the game had everything under control.
“I didn’t really expect to get anywhere,” says Gembe. “But the first entry was easy. It actually happened by accident.”
Gembe scanned Valve’s network looking for accessible web servers where he believed information about the game might be kept. “Valve’s network was pretty secure from the outside, but their name server allowed anonymous AXFRs, which gave me quite a bit of information.”
AXFR stands for Asynchronous Full Zone Transfer, a tool used to synchronize servers. It is also a protocol used by hackers to view a website’s data. By transferring this data, Gembe was able to discover the names of all the subdomains of the company’s web directory.
“In the port scan logs, I found an interesting server that was in Valve’s network range owned by another company called Tangis that specialized in portable computing,” he says. “Valve has not shielded this server from its internal network.”
Gembe had found an unattended tunnel in the network on his first attempt. “The Valve PDC had a username ‘build’ with a blank password,” he explains. “I was able to crack the passwords in no time. Once I did…well, actually I had the keys to the kingdom.”
“You Can’t Stop the Internet”
There’s something about the secrets and codes that video game developers leave in their games that give players a sort of behind-the-scenes look. For a moment the fiction of the game is broken and a player can see the gears and workings behind the virtual world.
The earliest example of an “Easter egg” in a game was probably the 1979 Atari 2600 game Adventure. The game was programmed by one of Atari’s young employees, Warren Robinett. Like many of his colleagues, Robinett was disappointed with his employer’s policy of not naming the game’s designers and creators. He added a secret room to the game which, if discovered, revealed the text: “Created by Warren Robinett.” It was a way of putting his own stamp on the virtual world he created, and for players who first discovered the room (long after the designer left Atari), it was a link to an invisible creator.
Gembe had broken into another secret room, filled with illicit treasures. It was, as he put it, a kingdom that he believed would find the solution half-life 2 mystery.
At that point, Gembe didn’t bother to cover his tracks. So far he had nothing to hide. But he wanted to make sure he went undetected as he continued to explore.
“All I cared about at the time was not getting kicked out,” he says. “My first task was to find a host where I could set up some sort of shelter.”
Gembe started searching for information about the game. He found several design documents and notes about its creation, the kind of material he hoped to find. As the weeks passed, Gembe realized that no one at Valve had noticed he was within the company’s network. He started to push a little harder. Then he found the ultimate prize: the source code of the game he had been waiting to play for so many years.
The temptation was too great. On September 19, 2003, Gembe downloaded the unfinished game’s code and made off with Valve’s crown jewels.
“Getting the source code was easy, but the game wouldn’t run on my computer,” he says. “I made some code changes to make it work in a basic form, but it wasn’t fun. Also, I only had main development on the game. They had so many development branches I couldn’t even begin to look at them all.”
The secret was too powerful for Gembe to keep to herself. While he insists he was not the person who uploaded the source code to the Internet, he undoubtedly passed the code on to the person who did.
“I didn’t think it through very carefully,” he says. “There was of course an element of bragging. But the person I shared the source with assured me he would keep it to himself. He didn’t.”
Once the game was on the internet, there was no stopping it.
“The cat was out of the bag,” says Gembe. “You can’t stop the internet.”