Cyber terrorism, maybe the Bush administration should put that on the top of their priorities list, alongside Iraq’s ‘weapons of mass destruction’, or know what, maybe governor Schwarzenegger can make a statement on national TV, addressing whomever falls under that title, maybe that’ll make an impression. In reality not many people will participate in anything that qualifies as genuine cyber terrorism, yet the term is pitched at any site defacement or dos attack.
But let’s put things back into perspective shall we, if you’re running your server wide open do you think someone with a point to prove will walk by and do nothing. It is pure statistics, at some point in time a insecure server will be compromised. Just to give you an analogy, suppose the bank you frequently visit has a backdoor which enables you to walk into the vault and walk back out with a bulk load of money, rest assured that someone will use this ‘exploit’ rather sooner than later, that’s why banks have security measures installed that prevent exactly these things from happening. A server, or even a home pc, connected to the internet is much like it, if there are any openings that will allow someone from the outside to take a peek inside, or worse, some people will give it a try, just like people rob banks even though security measures are in place.
Just as the bank invests in these security measures, so should network or server administrators, and make sure that the server can only by accessed for its intended purpose. However the mentality for a lot of the corporations that run internet connected servers is to rely on legislation and the police to safeguard them. That’s like putting a security guard right next to the backdoor at the bank. You can count on it that when he’s on lunch break, or off to the toilet, that someone will try to get into the bank and walk out with some money. The mentality amongst home users is to blame Microsoft for their ‘buggy’ software and point fingers at Bill Gates when their system is hacked from the outside, most of them just don’t bother to tell you that the last time they updated Windows was when they installed it about a year ago, so who’s to blame? That not only home users forget to patch their systems is a given, as even Microsoft was affected by one of the many worm attacks we’ve witnessed in the past few months. And the current situation with Valve and the exploit that allowed the HalfLife2 source code to be downloaded off of a machine on the local network is another prime example.
Valve too was quick to comment that a non-patched Outlook was to blame as an exploit was used that allowed the installation of keyloggers and eventually the leak of the source code. That’s easy, another jab at Microsoft, but now consider that this is coming from none other than Gabe Newell, who worked at Microsoft for 13 years according to the below bio at Valve’s website
, so you'd think he knows what works and what doesn't.
Gabe held a number of positions in the Systems, Applications, and Advanced Technology divisions during his 13 years at Microsoft. His responsibilities included running program management for the first two releases of Windows, starting the company's multimedia division, and, most recently, leading the company's efforts on the Information Highway PC.
But to put things back into perspective, and ask the question that'll matter most to Valve's investors and partners but more importantly the stockholders of Vivendi. Why is the source code for a game in development, already costing millions of dollars, residing on a system that could be accessed from outside? This is just like the backdoor at the bank, and there’s no excuse for a leak such as this, even if it is an attack targeted at Valve directly, something that was deliberately planned and executed. But wait, what if the leak was staged, and the hack done by someone that knows the internal network at Valve well, wouldn’t that be convenient?
Valve now has a legitimate reason to delay the game, a delay that they can blame on external influences, something which might not please their investors and partners, but at least something that they can’t be held accountable for. On top of that they get media coverage the world over with news networks such as CNN
and BBC tuning in to report on the most recent act of cyber terrorism. Food for thought and maybe a more plausible explanation than blaming it on the usual suspects, the cyber terrorists.