4 years later Valve found themselves negotiating terms with another hacker yet again. A forum post by "MaddoxX" on the "anti-STEAM website" revealed that he had bypassed Valve's security systems and accessed a significant chunk of data, including:
- Screenshots of internal Valve web pages
- A portion of Valve's Cafe directory
- Error logs
- Credit card information of customers
- Financial information on Valve
And again with the help of the community, the nickname was found on various other websites which lead to the arrest and prosecution of a 20 year old Dutch IT student.
Now, 5 years later, we can conclude that in the time period that "MaddoxX" was actively abusing Valve's infrastructure not only creditcards and financial information were stolen.
It appears that as of August 31 2012 a Russian underground forum is discussing and linking to the source code for the Source engine (rev: 2007). After getting my hands on a sample myself I can confirm this is the actual source code with a 'Last Modified Date' from Jan 2008 (ofcourse this can be altered easily).
The above screenshot show client builds for the 2007 engine:
- 2x TF2 and something called "TFC"
- Counter-strike Source
- Day of Defeat: Source
- Half-Life: Source
- Portal
- Portal - Multiplayer test
- Half-Life 2: Deathmatch
Also included are builds for servers.
The thread on the Russian underground forum in question is located here.
Which after translation brings up several suprising details. It seems that the codebase was stolen from yet another hacker called "Adamix" in another data breach. From what I hear in some chatrooms on steam he tried to sell it, got hacked, and the person(s) responsible made it public.
This can mean 2 things:
- Before MaddoxX got arrested he quickly uploaded/gave the code to someone else.
- The leak which gave MaddoxX the possibility to even get in was discovered by another party and due to their expertise came further into Valve's network.
In my opinion, the latter seems more plausible but who am I to form an opinion about this. Fact is, the source code is real and available on the internet for download. Although heavily outdated, I can see a lot of mods coming out using this as a base.
More information to come I guess.
Update #1: Valve has been made aware of the situation.
Update #2: LINK
ben5015se wrote:This engine was meant for a game development company who licensed the engine source code. That means they probably had no need to get an extra liscense for havana/ivp/vphysics so there is no code for it, just libraries. also you can get the vaudio source from the beta hl2 source code, and it should work.