What the...!?!?

Wow.

The Half Life 2 source code has leaked onto the Net.
Not the compiled code, the source code. A complete (or near-complete) build from a month ago, apparently including the source to the editing tools and Team Fortress 2 stuff. Multi-million dollar code, free for the taking, using, and abusing.

How did this happen?

Valve was H4X0r3D.
In a public post, Gabe indicated that his email account had been compromised, as had his computer. It sounds like an email exploit was used to install a keylogger application custom tailored for Valve, onto Gabe's machine, which then gathered enough information for further penetration. But he wasn't specific, indicating they hadn't fully figured out the hack yet. The hack was the work of months, and I'm quite impressed (assuming that no insider was involved, and I guess that's still unknown. But I guess it's not like leet hax0rs have anything else to do in their life than bang away at a challenge like Valve).

Interestingly, the prime suspect is a hacker group called myg0ts. Prime suspects because the first posting of the code found so far was from one of the myg0ts. Interesting because Valve was aware of these guys back when I was there. It went something like this:

(This is all from memory, so there may be distortions present :-)

Myg0ts were some of the most despised and hated people on the internet. This was because the only way they knew how to get any attention in life was by deliberately ruining other people's fun. That was their fun - making people angry from the safety of their computers. They were behind some of the nastier cheats for Counter-strike that were destroying the community. No-one could play CS on a public server, because they simply didn't know when someone was cheating, and half the time someone was overtly cheating anyway simply to ruin the game, revelling in the fact that people couldn't do anything except fume.

And these people fumed at Valve too. Previously, some reduction in cheating had been achieved via third party plug-in called Punkbuster. But Valve had started developing their own solution to cheats, and so Valve and Punkbuster had parted ways. Valve did not tell the community they had their own solution in the works, and so many thought the parting was a Bad Thing. Punkbuster was Very Not Happy about the breakup, and lost no chance to fan these flames against Valve, regularly insinuating to the community that Valve split because it just didn't care about them or the problem of cheating, or whatever. Stupidly perhaps, Valve didn't tell about their anti-cheat plans, and the despair of the community at thinking CS was finished, grew strong, with many giving up and moving to other games.

But the time eventually came when the tech was done, and Valve announced that the latest version of CS finally had the anti-cheat features the community had been begging (and screaming) for.

HAHAHA! said myg0ts WE PWN YOU! Our cheats will be updated to bypass your anti-cheats within days! DAYS! Seeya later suckas!

Controversy in the CS forums raged. Would the Valve tech win? And if so, for how long could it hold out? Would the hackers win? Some thought it was too little too late. Others dared to hope.

The release day of the new version arrived. As expected, it broke the cheats. People held their breath... waiting... wondering...

HAHAHA! LU53RS!
One of the biggest of the myg0t cheat utilities had been updated to work on the new Counterstrike. The cheaters rejoiced. People were heartbroken. Myg0t jeered and mocked, revelling in their superiority.

Then Valve activated the anti-cheating features. They had released it switched off.

WHAM. The cheaters were wiped out to the last man. Instantly. They literally didn't know what hit them. Overnight, the nature of the game changed. Players awoke to find substantially fewer people on the servers, and endless people constantly being kicked off as they tried to enter the game.
As time wore on, cheaters became increasingly worried. And withdrawn. They couldn't actually play unless they set up a system free of cheats. And sometimes that wasn't easy, especially if they hadn't purchased HL or CS to begin with...
Valve started to get increasingly panicked calls from CS-withdrawn people with creative, if flimsy, reasons how cheats had ended up on their systems and just seeking a way to decontaminate. The community revelled in the poetic justice, while many called for more blood - don't just boot cheaters off the servers, they pleaded, blacklist them from public servers forever. There was merit to this call, because it meant that even if new cheats arose that could get around Valve's tech, the people who would use it, would not be able to on account of the blacklist. But Valve rightly resisted this pressure - this could penalise honest gamers who shared a machine with dishonest room-mates or family. Valve figured they could quickly and effectively counter any major new cheats that the future might bring.

So basically, Valve publicly mopped the floor with myg0ts face.

And I don't think they forgot it. Hackers are known for two things - lack of a life, and obsessive behaviour. So now revenge and getting one back over becomes a powerful motivation. (I'm speculating here).

Maybe they gave up on CS, maybe they tried to crack it and failed, but at any rate, assuming they are the guilty party, it seems they decided to stop going head to head with Valve, and turn their attention to getting a headstart on HL2. This is a pretty good plan actually. Even better is that they pulled it off.

Because, at the end of the day, what can the HL2 source be used fot?
Commercial use is mostly out of the question - it would be both obvious and illegal.
Underground games are a possibility, but not a major one.
Education (and industrial espionage) is also a possibility, but also risky and illegal for legitimate parties.
Super-awesome HL2 Total Conversions are a good possibility - and this is arguably a good thing.

But basically, the biggest thing it can be used for, is making the ultimate cheating utilities. Of all the people in the world, who benefits the most from the leak? Myg0t. So even if they're innocent, they'll be under suspicion.

At the end of his post, Gabe called on the community to help track down the culprits. And he did so very persuasively. The people have rallied. Focusing the awesome power of something of the size, energy, and devotion, as the HL, TFC, and CS communities, onto a single problem like that, is quite frankly, a little scary. The BIG guns are out.

Unfortunately, in this case it likely means little, because if myg0ts are the culprits, then they are already, by necessity, adept at hiding from these communities. They've been so hated for so long, that even a year ago if their real-space address were to get out, I suspect they'd have been "taken care of" frighteningly efficiently.

---

In other developments, it seems that the law making it illegal to "out" a CIA agent only applies to agents under cover, and there are conflicting accounts as to whether the agent in question qualifies. My best guess is that she was an under cover agent at some point in time, but not recently, thus it is entirely unclear whether an arrest could be made. It looks like the investigation will be looking into these and other issues before it tackles the question of who did it.

Interestingly, the law was made to criminalise the actions of a man trying to hinder the support of oppressive dictatorships by revealing names of CIA people where the CIA was busy creating and maintaining these hellholes. In the American one-dimensional grasp politics, that probably means a law designed to stop those commie pinko bastards might accidentally catch some fine upstanding Decent Folk. But dems the breaks I guess. They can't be that Fine if they're breaking laws designed to only affect commies :-)