Throwback Attack: Hacker steals source code for Half-Life 2 video game

Courtesy: CFE Media and Technology

Regardless of their goal or intent, hackers’ general modus operandi is about disruption and causing chaos for a company, organization or other entity. Sometimes, the hackers try to increase the lye in a water filtration system; other times, they try to shut down a pipeline. Still others, however, are about stealing intellectual property (IP). In certain cases, that is worse because IP is the bedrock upon which companies can make money and provide a stable source of income for their employees.

One of the best-known instances of IP theft was when German hacker Axel Gembe stole the source code in 2003 for the video game Half-Life 2, a first-person shooter developed by Valve Corporation that was scheduled for release that year for the PC.

While there were internal discussions of delaying the game until 2004 due to missing development deadlines, the secretive developer still had egg on its face because the game, while not completed, was being potentially exposed to the public through the internet. It could have had an adverse effect on sales and the company’s image.

Warcraft to Half-Life: A hacker’s odyssey

According to an article by ArsTechnica, the hacker’s journey into stealing the source code started when he himself was hacked while playing Warcraft III on his PC. Gembe was able to find the source of the malware through reverse engineering and looked for insights on how it worked. It wasn’t long before the hacked became the hacker.

Gembe’s plans were not driven by profit; nor did he want to cause damage to the company. He claimed his goal was much simpler: His favorite game was the original Half-Life, released in 1998, and he was anxious to get as much information as he could about the sequel, which was one of the most anticipated games in the industry at that time.

According to the interview, he hadn’t planned on actually getting the source code during his endeavors, but he happened to find an opening around their asynchronous full zone transfer (ASFR) through a separate company that wasn’t firewalled. He scanned Valve’s network to check for accessible web servers where game information might be held. Gembe was able to get in because the system had a blank password, giving him access to the unfinished source, which he downloaded.

“The Valve PDC had a username ‘build’ with a blank password,” Gembe said, explaining how he got access. “I was able to crack the passwords in no time. Once I had done that … well, basically I had the keys to the kingdom.”

Moving forward

While Gembe claimed he didn’t release the source code, he did share it with the person who released it on the internet. From there, it was open season for anyone who wanted access to the unfinished game.

Gembe was arrested by German authorities in mid-2004 after the hacker tried to apologize to Valve CEO Gabe Newell in an email and, in an odd twist best saved for the movies, requested a job. Newell played along with the proposal while getting in touch with the FBI. Once they had enough information, they contacted German authorities to arrest him.

Gembe pled guilty to hacking into Valve’s network and was sentenced to two years probation. The judge took into account the defendant’s remorse and his desire to turn his life around. Gembe subsequently landed a job in the security sector.

Everything turned out well enough for Valve. Half-Life 2 sold 6.5 million units at retail and has a 96 score on Metacritic, making it one of the highest-rated video games of all time. Critics called the sequel one of the finest ever made and one of the greatest first-person shooters ever.

Valve, thanks in large part to the success of the Half-Life franchise, went on to create its own platform, Steam, which has become a clearinghouse of sorts for developers and companies.

While hacking is not an uncommon phenomenon, this was certainly the first high-profile hack of a game. While some developers like id software (the developer of Doom) took pride in making their games as open as possible, they were the exception rather than the rule. Valve’s general knack for secrecy, coupled with the original Half-Life’s popularity, gave this incident more attention than it might have otherwise merited.

The incident may not have had long-term adverse effects for the company or the hacker — other than the stream of bad publicity — but it remains an issue for video game companies and is a microcosm of the challenges companies face in protecting their image and their IP. In June of 2021, publisher Electronic Arts had their source code stolen for multiple games as well as their game engine, Frostbite. This kind of hacking can and will remain an issue for developers looking to protect their work and the livelihood of their employees.




Keep your finger on the pulse of top industry news