The entire source code for a much-anticipated computer game, Half-Life 2, has been leaked to the Internet, according to a security expert.
Copies of the source code began trading wildly on Internet Relay Chat (IRC) channels and apparently followed a sophisticated attack on the network of Valve, which makes Half-Life, according to Thor Larholm, a senior security researcher at PivX Solutions.
A message posted last Thursday on a Half-Life enthusiast bulletin board and purporting to be from founder of Valve, Gabe Newell, said that the source code was stolen on September 19 by hackers who systematically compromised the company's computer systems.
"Ever have one of those weeks? This has just not been the best couple of days for me or for Valve," he said.
He went on to describe a sophisticated attack in which hackers infiltrated the Valve computer network by exploiting a vulnerability in Microsoft's Outlook email client on Newell's computer, installed key stroke capture software to capture passwords and other security credentials, then stole a copy of the Half-Life 2 source code.
Neither Newell nor other Valve representatives responded to repeated requests for comment. However, the message claiming to be from Newell called on the large community of avid Half-Life fans to track down those responsible for stealing the code.
The US Federal Bureau of Investigation (FBI) declined to comment on whether Valve had informed the agency of the theft.
Half-Life is a popular computer game in which players take on the role of Gordon Freeman, a scientist at the fictional Black Mesa Federal Research Facility. After an experiment goes awry, a doorway into another dimension is accidentally opened and Freeman is called on to rescue the facility from a horde of unearthly beasts.
Originally released in November 1998, Half-Life won awards from computer game aficionados and the gaming press and spawned a popular online version, Counter-Strike, that allows multiple players to compete against each other on the Internet.
The sequel to the original game, Half-Life 2 was scheduled for release on September 30, but was then delayed under mysterious circumstances.
IRC channels devoted to Half-Life 2 were crowded last Friday with people discussing the leak. Some users offered links to what they claimed was the stolen code. Links to images of the source code being compiled were also available on IRC.
"It's out there and being spread actively on IRC," Larholm saidd.
The leaked code covered the entire game, including early versions of Counter-Strike, he said.
"You can compile it and play Half-Life 2 straight up," he said.
The leaked code also included model and world editors, which are used to create new levels in Half-Life, Larholm said.
Proprietary software libraries from Valve were also leaked. Among other things, those libraries contain code for generating graphics, conducting network play and interacting with DirectX , a Microsoft technology that optimises graphics and sound on Windows systems, he said.
Half-Life 2 was a much-anticipated sequel to the original Half-Life. The source code represented more than five years of development effort by Valve, Larholm said.
While the theft of the code may not impact the release date, Valve would have to do an exhaustive code audit before release, he said.
With the source code now in the public domain, malicious hackers have a free peek at the exact workings of the game, which makes writing exploits for code vulnerabilities a simple matter. Typically, hackers would have to use a "black box" approach, trying different attacks against the compiled code and seeing what results they produced, Larholm said.
The release will also be a boon to Half-Life 2 players who develop so-called "cheats", software programs that give their character special powers and advantages in the game. Cheats are usually developed using a black box approach as well, Larholm said.
With the game source code freely available, however, it was possible that powerful cheats would be created before Half-Life 2 even hit the shelf in stores, he said.