November 13, 2008 // 9:33 pm
- After the secret source code for its then-unreleased shooter Half Life 2 showed up on file sharing services in 2003, game-maker Valve Software cooked up an elaborate ruse with the FBI targeting the German hacker suspected in the leak, even setting up a fake job interview in an effort to lure him to the United States for arrest.
The gambit ultimately failed, and Axel "Ago" Gembe remained safely in Germany. He was indicted last month in Los Angeles on new charges of creating the Agobot malware, and sharing it with a crew of U.S. hackers who used it to stage denial-of-service attacks in 2003.
In September 2003, the source code for the much-anticipated Half Life 2 game turned up online, and Valve's managing director, Gabe Newell
, revealed that the company's network had been breached. In a post to the company's Web forum, Newell asked for gamer's assistance in finding the hackers responsible.
"If you have information about ... the infiltration of our network, please send the details," Newell wrote. "There are some pretty obvious places to start with the posts and records in IRC, so if you can point us in the right direction, that would be great."
Two anonymous sources who'd seen the hack discussed in IRC channels came forward and began feeding the FBI chat transcripts pertaining the breach, according to FBI documents (.pdf) freshly unearthed by the Südwestrundfunk, German public radio.
Then, in February 2004, Valve received an e-mail from "[email protected]
" claiming credit for infiltrating Valve's network, the documents show. Though the author denied leaking the source code himself, he described having access to Valve's systems for six months, and provided technical details that bolstered his claim.
"He claimed that he had hacked into Valve Software's system only to observe their development of HL2," reads an FBI memo sent to German police at the time.
"He claimed that he was careless during an IRC session with a friend, and that members of a group known as myg0t eavesdropped on this conversation and obtained sufficient information to enable them to use his established but unauthorized access into Valve Software's network. In fact, myg0t was responsible for the initial public dissemination of the internal Valve Software e-mail and source code."
Coordinating with the FBI in Seattle, Valve began a correspondence with DaGuy, who expressed interest in getting a job with the company. From clues in the e-mail, the FBI identified the aspiring employee as Axel Gembe, of Schonau, Germany.
In March, several Valve managers staged a 40-minute "job interview' with DaGuy over the phone, in which the hacker confirmed that he was Gembe. Gembe detailed how he'd cracked the company's network, first entering through an account that had no password, then ramping up to root access using remote CGI exploits and scanning software.
After the interview, the then-21-year-old Gembe sent the company his résumé. "Well, I really hope you hire me," he wrote. "I'm no bad guy, just a little misguided."
Newell passed the resume along to the feds, then invited Gembe to travel to Seattle for a follow-up interview in person. "We pay for all interview related expenses (travel, hotel, food, etc. ...) as well as relocation expenses (pretty standard for the game business)."
The same Seattle FBI office had successfully used an identical gambit in 2001, when they created a fake startup company called Invita, and lured two known Russian hackers to the U.S. for a job interview, where they were arrested.
Perhaps sensing that his relocation expenses would be shouldered by U.S. taxpayers, Gembe didn't take the bait. He was ultimately charged in Germany, where he was sentenced to probation.
The feds haven't forgotten Gembe, however. And last month federal prosecutors in Los Angeles added him to an old case involving Jay Echouafni, 41, an online satellite TV retailer who allegedly paid an employee to organize crippling distributed denial-of-service attacks against competing websites in 2003.
The employee, Paul Ashley, pleaded guilty to the attacks and has already served a two-year prison term, while Echouafni skipped out on $750,000 bail and is now believed to be hiding out in Morocco, where he was born.
Axel Gambe is named in the new indictment as the creator of the Agobot malware, which he allegedly provided for use in the attacks.
It's not clear if prosecutors are seeking to extradite Gambe, or if they're prepping another job offer.