When Valve announced last month that a wave of international arrests had been made in the Half-Life 2 code theft, they directed questions to the FBI's Cybercrime Task Force. Task Force officers would only confirm arrests had been made but would not comment beyond that.
Luckily, the FBI's European counterparts are apparently more forthcoming. An article in yesterday's London Guardian outlined the Half-Life 2 code-theft arrests in the most detail to date. Besides talking about how the gaming community helped track down the perpetrators via online group-sleuthing, the article revealed several new details, including:
How the theft was perpetrated: According to the Guardian, "Having accessed Valve's server through a security-bypassing loophole in Windows, the hackers were able to download an early and hugely incomplete version of Half-Life 2 and posted it on the Internet for downloading via Usenet. A boxed version of the code was even on sale on the Ukrainian and Russian black markets."
This was confirmed to the Guardian by Newell himself, who told the paper, "Once into our network, hacking tools were installed, and a custom source control client [was] created to extract the Half-Life 2 code. This continued until October, when one of the hackers distributed one of my e-mails on a Web site. We knew something was horribly wrong with our network and took steps to prevent further incursions. This was followed shortly after by the hackers releasing the source code."
The "primary hacker" was German: The Guardian describes how tips from the gaming community led investigators to Germany. So large was the online hunt that "the risk of being caught prompted the primary instigator to contact Newell. He admitted hacking into Valve's server but denied any role in the theft, instead naming those responsible for distributing the stolen code." After the hacker ratted out his colleagues, Newell said he "had three independent ways of confirming this primary instigator and, through conversations with this individual, had convinced him to fly out to us in Seattle for a job interview." This is where the hacker would be picked up by the FBI. However, "the plan was changed so German authorities could [make] the arrests on German soil."
The Half-Life 2 hackers are in deep trouble: Besides being charged with the Half-Life 2 code theft, those arrested were "found to have links with similar crimes." (That information jibes with unconfirmed rumors that the German author of the Phatbot worm was involved in the theft.) The suspects can also look forward to being served a big, steaming bowl o' litigation by Valve, which is planning a battery of civil lawsuits against them.