>"Have you any idea how lucky you are that we got to you before you got on that plane?"
That's the most important thing I took away from this article.
The kid did something stupid and it almost ruined his life because he almost got onto a plane that would have taken him to the FBI & US justice system.
Instead local authorities got a hold of him and he learned a vocation waiting for a trial (programming) & having shown he was willing to be a functional member of society, he received a few years of probation.
In the US the FBI would have put him on trial for the absurdly high $250M hacking theft and spent a decade or more in jail.
There's some differences:
1. He would the right to a public trial, there'd be free press coverage.
2. He'd have the right to a lawyer.
3. There wouldn't be political interference in the trial.
4. The majority of Chinese people that this happens to are political prisoners. I.e. they critisized their government. This guy commited a crime that is recognised in both the USA and Germany, there's no argument about that.
Yes, I’m the GP commenter and I was hesitant to present things in such stark terms but the format of an internet forum isn’t fit for highly nuanced and extended single-party discourse unless it takes place in multiple exchanges, a bit like this, of which HN is still a place they might be found.
The treatment this individual would have suffered and the mal-incentivized justice system in the US where high profile cases and large $ amounts make great news headlines and careers for junior-level agents splashing across the ticket taper screens of 24-hour news networks and social media feeds is awful. But the social agenda as spoon fed top down isn’t deliberately aimed at the outcome this kid would have faced in the US.
That outcome would have been kafkaesque but still just a product of shitty incentives at various socio-cultural levels. That would have made him an outlier, one of a few dozens of individuals abused in this way. Horrific, yes, and to be held up against progressive values of freedom as absolute failures of our systems to function properly. Exemplars of how our ostensible values sometimes— and maybe often— fail to be realized in action and fact. And even how there are still lurking undercurrents of more systemic problems that must be uprooted and dealt with.
But these failures are a whisper compared to the deliberate and overt and systematic, unflinching and unabashed abuses that occur elsewhere. Uyghurs in China are an obvious but too often ignored example.
All too often a false equivalency is made between the two ends of the spectrum, not to mention the gradations in between. In many ways it’s a paradox of freedom that we in the west are only able to be vocal about the outlier hypocrisies of our countries because we have the freedom to do so with significantly less fear of life-changing consequences.
It is… I don’t know, ironic? Tragic? Certainly inconvenient… but the exact freedoms we have in more progressive countries allow us to amplify our outlier failings on these issues to the point that more oppressive nations can use that as rhetorical ammunition and propagandistic cover for their own more deliberate and massively scaled efforts in further deliberate extremes of such efforts.
Of course. The concept of authoritarianism isn't exclusive to communist and/or fascist regimes. They can and do exist in all modern forms of government all over.
And the FBI, having no leads and no data, simply attempted to arrest a kid whom they knew got past Valve's firewall. The court judged there was no connection between the kid and the damages, and the FBI attempted to ruin his life anyway.
Oh, and those, of course, were claimed damages that failed to materialize ... Having about the same validity of the RIAA's claims of $25000 per mp3 downloaded.
The article claims/repeats the claim that this cost valve $250 million, but I don't see how. If the leaked version wasn't very playable the damage can't come from lost sales
yeah that is just "let's throw random numbers to victimize ourselves even more".
I don't think a lot of people downloaded the unfinished source code, compiled it, played the game and never bought the conplete game.
The worst that happened were people making memes with some 3d and graphics assets which didn't cost anyrhing to Valve. Quite the opposite it was free advertising.
The justice department has absurd ways of determining how much damages were caused by unauthorized access. Kevin Mitnick talks about it in his book "Ghost in the Wires", but he was accused of causing $1.5mil in damages to DEC or Sun or something because he copied code, printed it out on paper, and kept it for himself (he didn't distribute it to anyone else). Fortunately, he was ultimately only ordered to pay a few thousand in restitution.
Not that I can speak for this specific story, as I have no firsthand testimony, but Mitnick is a notorious embellisher, downplayer and (anecdotally) liar.
In around 10th grade a friend and I got the leak just as it came out and then used it to make the characters lips sync to our voices for a chemistry class project. The engine worked, the lips matching word tech was awesome, and people couldn’t believe what we pulled off.
Imagine that intro scene in HL2 where you walk through a trap door Pepsi vending machine and behind it there’s a lab - and instead of talking about HL2 stuff, Alyx and company talk about sampling and testing local natural water sources.
Props, my friends just played through the demos for the most part. Quickly we learned the e3 demo was scripted when it was ostensibly the enemy so reacting to the environment
But I did use it as inspiration for an 3D engine project at school, they had geometrical formulas I had trouble to find online, at least efficiently implemented. It helped a bit in reverse engineering their map format too so I could just display any sort of already made map.
I imagine that if I branched out in gaming it would have been a nice bonus, it's not everyday you get to see the competition's code. I suppose they lost in opportunity cost to license their thing, a bit ?
Hard to say - I don't think Valve was ever big on licensing their technology. Source was used for dozens of games in the end (https://vghe.net/source-engine.html) which isn't too bad, but Source 2 licensing isn't even offered.
It's literally SDK, if you care to actually read your link. Not the engine itself: the game-specific logic DLLs (client.dll and server.dll in the game's folder) that hook into the engine, and can be modified to make mods. Valve started publishing those with the release of their first game in 1998.
If you are familiar with the latest version of Unreal, then it's like having access to the "Games" project in your solution and only some headers from the "Engine" project.
Yeh I recall the leaked version quickly gained a poor reputation. I had zero interest in downloading or playing it. Not surprised that sales of the final release were unaffected.
Some of it may come from them rebuilding a lot of the game after the leak, but that was arguably an unnecessary exercise to protect their IP. Even then, not close to that figure. Federal agencies are keen to protect corporations' quarterly profits, even if it ruins people's lives. Nothing new about that.
This kid went of his way to reach out to Valve and apologize for what he did, because he felt guilty. Valve's response was to forward his message to the FBI and organize a sting operation.
I realize he broke the law, but only because he wanted to play Half-Life 2. It was done out of love for what Valve themselves created.
I can't disagree more. He built malware, and distributed it to steal game keys. Then, he stole and published the hl2 source. It's a lot more than just wanting to play a game early.
Yes. HL2 is how Axel became known to gamers, but it's nearly irrelevant. He also created the most popular open source malware framework (Agobot) in existence at the time. Millions of systems were enlisted in botnets based on variants of his work (which were usually just recompilations with IRC C&C server changes). He didn't typically talk about running a botnet, but many of the other minor project collaborators and IRC regulars did.
Sure, to be clear, I also think Valve's response was over the top. Conspiring to extradite a foreigner, as a private corporation, is straight out of cyberpunk fiction. Axel's a very lucky person, all things considered. If he had been held liable for Agobot's staggering DDOS/theft/remediation costs many in this community might otherwise think it fair.
This is an habit with USA to try to extradite in a trap attempt, suspected « hackers ».
This happened to Gaius, in late 90th, for impersonating US president on the hacked White House pabx.
This happened to Casper/leader2 connecting to a shell of military US server after someone on IRC asked him to kee the connection alive.
Back in the day cyber force of USA were fighting for budget, and having hacker arrested and judged in a very advertised way was helping them get more money for their work.
Even if it means to totally disrespect internationnal procedure/law/agreement on dealing with « criminal ».
Once a foreigner puts a feet on US ground, he is totally in the hand of US officials, in disregard of any official treaties and international laws.
Anyone remembering this Russian guy arrested straight from plane when he landed in USA going to make a talk to defcon ?
> Anyone remembering this Russian guy arrested straight from plane when he landed in USA going to make a talk to defcon ?
I had to look it up, but it's Dmitry Sklyarov [1], who worked for the russian-based ElcomSoft, which was known for selling all sorts of DRM cracking programs.
>> However, ElcomSoft's product, and thus presumably the efforts of its employees including Sklyarov, were entirely legal in Russia. Sklyarov was eventually released on bail, but forced to remain in California, separated from his family, until his case concluded
> To this day, Gembe maintains he was not the person who uploaded the source code to the internet. But there's no denying he handed it over to whoever did. [...] "The person I shared the source with assured me he would keep it to himself. He didn't."
Was this dumb? Yes. I still think Valve could have been more sympathetic. My ire would be for the person who actually leaked the source publicly.
Do you disagree with the article or did you just not believe it? Because, Gembe denied publishing the source code and there was no evidence that Gembe is the one who published it.
That kid destroyed the life of many people for quite some time. Now I can agree that this is the kind of situation where what he did VS the consequences of what he did are disproportionate, which is the issue with computer/cyber crimes in general. Some kind of punishment is required here, I think Valve did the right thing, now the Justice System...
You really can't just throw out a line like "destroyed a lot of lives" when we are talking about an essentially useless leak of a video game without further explanation.
Article is from 2011 (figured that out after I read the whole thing).
I wonder if in in the interim anything else happened to Gembe. Somehow, I kinda want to hear he ended up at Valve in a turnaround of events, but I highly doubt it.
I can't imagine Valve would ever hire him, given the lengths they went to assisting the FBI with the fake entrapment style job interview. Also sets a horrible precedent that you can hold the company ransom over stolen code to get a job if nothing else!
When I was in high school, in the Before Times[1], a guy who ran in my hacker circles broke into the school system's mainframe and gave everyone he liked straight A's. He was, of course, caught -- but the school system really did hire him after he graduated, as their IT security guy.
[1] This was before the internet, before there were laws specifically about this sort of thing, and before the public started mistakenly equating "hacker" with "criminal".
I broke into some systems at my high school, and got hired jr/sr year at my school district. Their issue was a permission misconfiguration in AD, and allowed me to do all sorts of things like adjust the backgrounds for all the computers in the district
I thought it'd be an interesting entry into tech jobs, specifically around microsoft AD, which was something I never got to really play with enough at home (licensing, and hardware limitations)
They ended up just using me to re-image and setup machines :(
I got caught defeating computer protections in high school. They gave me a job. It helps that I used my elevated access to fix the printer so I could print without moving to another computer.
Gaining illicit access to systems lost the appeal when I realized they’d just grant the access if they trusted you not to screw it up. That was the end of my hacking and beginning of my career.
That's easy to know, just look up "Xbox Underground" and you'll know what happens when you get caught by the FBI accessing video games developers networks and leaking games:
> This culminated in the perpetrators carrying out a physical theft, by using stolen credentials to enter "a secure building" at Microsoft's Redmond headquarters and exiting with publicly unreleased prototypes of the Xbox One codenamed "Durango". Group members say they were driven by a strong curiosity about Microsoft's then-unreleased Xbox One console and associated software.
I don’t know, this seems a lot more than ‘hacking’.
18 to 24 months seems about right for that IMO. Typically I am horrified at US sentencing but this doesn’t seem terrible.
Yeah, you know you are in Germany when the police even tells you that :D Epic..
> There he was greeted by the police chief. He walked up to Gembe, looked him in the eye and said, "Have you any idea how lucky you are that we got to you before you got on that plane?"
It's honestly insane how a company can just claim this cost us X without a shred of evidence. I very much even doubt this cost Valve a single dollar. In fact it would not even surprise me that this helped sell Half-Life 2. The game that some people where willing to risk years of jail time to get it a month earlier. Can't get better marketing then that honestly.
Expense depends upon the amount of auditing done in response and auditing time can get very expensive fast if you go deep enough. Especially when you go combinatorial with interactions. There also isn't a neat threshold of when it starts to become "overkill". If it was for knocking a hole in a non-structural wall they can safely call it overkill somewhere between "replacing the entire wall" and "replacing the entire building".
I didn't see anything about the MAC authentication but I do remember MaddoxX at the time and all he was doing. I think the forum he was posting on ended up purging all his posts after he was arrested.
TL-DR:
1) don't hack.
2) if you hack, don't get caught.
3) if you hack and get caught, be in a country that you can bribe yourself out of the mess (definitely not Germany!)
4) don't destroy other people's hard work, it's not nice.
Not only they own it but their entire gaming position with Steam is thanks to Half-Life 2 forcing everyone to download it (and pretty much everyone hated Steam at the time).
Actually the beta release of Steam with CSS worked fine and dandy (I recall fun times), but the general release was just plain crap for months afterwards.
I mean it fucked all of the devs morale and the situation of HL2 for months after that. I remember downloading the leak and playing around, it was a shit show.
I wish more people would hack and steal code from big video game studios. It's thanks to kids like him that Source Engine games are so well-understood and easily moddable nowadays.
I think it happens more often than you'd think - this was the first of maybe four leaks of the full Source engine code (so far). Generally it doesn't make headlines though because it's just code, not an unreleased game.
That's the most important thing I took away from this article.
The kid did something stupid and it almost ruined his life because he almost got onto a plane that would have taken him to the FBI & US justice system.
Instead local authorities got a hold of him and he learned a vocation waiting for a trial (programming) & having shown he was willing to be a functional member of society, he received a few years of probation.
In the US the FBI would have put him on trial for the absurdly high $250M hacking theft and spent a decade or more in jail.