At 6am on 7th May 2004, Axel Gembe awoke in the small German town of Schönau im Schwarzwald to find his bed surrounded by police officers. Automatic weapons were pointing at his head and the words, “Get out of bed. Do not touch the keyboard,” were ringing in his ears.
Gembe knew why they were there. But, bleary-eyed, he asked anyway.
“You are being charged with hacking into Valve Corporation’s network, stealing the video game Half-Life 2, leaking it onto the internet and causing damages in excess of $250 million,” came the reply. “Get dressed.”
Seven months earlier, on 2nd October 2003, Valve Corporation director Gabe Newell awoke in the large American city of Seattle to find the source code for the game his company had been working on for almost five years had leaked onto the internet.
The game had been due for release a couple of weeks earlier but the development team was behind. 12 months behind. Half-Life 2 was going to be late, and Newell had yet to admit how late. Such a leak was not only financially threatening but deeply embarrassing.
After a few moments pondering these immediate concerns, an avalanche of questions tumbled through Newell’s mind. How had this happened? Had the leak come from within Valve? Which member of his team, having given years of their life to building the game, would jeopardise the project in the final hour?
If it wasn’t an inside job, how the hell did it happen? Did someone have access to Valve’s internal server?
But the question which rang out loudest of all was the one anyone who has ever had something stolen from them cannot push from their mind: who did this?
Anticitizen One
“I got into hacking by being infected myself,” Gembe says today. “It was a program that pretended to be a Warcraft 3 key generator and I was stupid enough to run it. It was an sdbot, a popular general purpose malware at the time.”
The young German soon realised what he had installed on his PC. But instead of scrubbing the malware and forgetting about it, he reverse-engineered the program to see how it worked and what it did.
This led him to an IRC server from which the malware was being controlled. By following the trail back, Gembe was able to track down its operator. Rather than confronting the man, Gembe began asking him questions about the malware. He had a plan.
“While I have a €2000 Steam account nowadays, at the time I couldn’t afford to buy games,” he explains.
“So I coded my own malware to steal CD keys in order to unlock the titles I wanted to play. It grew quickly to one of the most prominent malwares at the time, mostly because I started writing exploits for some unpatched vulnerabilities in Windows.”
“Follow Freeman!”
On discovering the breach, Newell’s first thought was to go to the police. His second was to go to the players.
At 11pm on 2nd October 2003, Newell posted a thread on the official Half-Life 2 forum titled, “I need the assistance of the community.”
“Yes, the source code that has been posted is the HL-2 source code,” he admitted in the post. Newell went on to outline the facts Valve had been able to piece together so far.
He explained that someone had gained access to his email account around three weeks earlier. Not only that, but keystroke recorders had been installed on various machines at the company. According to Newell, these had been created specifically to target Valve as they were not recognised by any virus-scanning applications.
Whoever had done this was smart, capable and specifically interested in his company. But why?
Point Insertion
Gembe’s malware crimes, while undeniably exploitative and damaging, were crimes driven by a passion for games rather than profits.
His favourite game of all was Half-Life. In 2002, like so many fans of the series, Gembe was hungry for details about the forthcoming sequel. That’s when he had the idea. If Gembe could hack into Valve’s network, he might be able to find something out about the game nobody else knew yet.
A socially awkward loner who had endured a tough upbringing, he would gain status in the community of gamers he had adopted as his family by offering up such insider information. It was worth a try.
“I wasn’t really expecting to get anywhere,” Gembe says. “But the first entry was easy. In fact, it happened by accident.
“I was scanning Valve’s network to check for accessible web servers where I thought information about the game might have been held. Valve’s network was reasonably secure from the outside, but the weakness was that their name server allowed anonymous AXFRs, which gave me quite a bit of information.”
AXFR stands for Asynchronous Full Zone Transfer, a tool used to synchronise backup DNS servers with the same data as the primary server. But it’s also a protocol used by hackers to sneak a peek at a website’s data. By transferring this d
