1. 24
  1.  

  2. 7

    I’m confused. The article was written in 2011, Gembe was 28 at that point. Half-life 2 was stolen, according to the article, in 2003. That means, Gembe was 20 at that point. By German law, that’s well beyond the time where a criminal offense can be considered under youth legislation.

    How such a person can be described as a “boy” and basically be described as an unknowing nerd is beyond me.

    He caused - even if accidentally - 250 Million in damages, with criminal energy. I’m not sure how the reporters even allow him to spin that story like that.

    This is a story of so much privilege that I’m confused how it is told like it’s a fairy tale. He is just extremely lucky that pressing charges would have looked bad for Valve. I wouldn’t have counted it against them if they did.

    1. 5

      IIRC german youth legislation (“Jugendstrafrecht”) is usually applied for offenders aged 14-17, however for offenders aged 18-20 (young adults / “Heranwachsende”) the court can decide whether to apply youth or adult legislation, depending on several factors.

      Edit: See also: German Youth Courts Law Section 1 - Scope as to persons and substantive scope, Section 105 - Application of youth criminal law to young adults

      1. 5

        He caused - even if accidentally - 250 Million in damages, with criminal energy. I’m not sure how the reporters even allow him to spin that story like that.

        I didn’t see a break down of how they came up with this 250 million in damages, it seems a lot like the ‘virtual damage’ where counting every download of a movie or audio track counts as 1 lost sale. Although, maybe it includes the cost to society for law enforcement agencies as well and the hours used by Valve employees to fix their crappy security.

        1. 1

          Although, maybe it includes the cost to society for law enforcement agencies as well and the hours used by Valve employees to fix their crappy security.

          Which certainly isn’t “virtual” in any case. He could have reported, if he loved Valve so much.

          If you leave your door unlocked and I take all your household, is the damage I’ve caused somewhat better?

          1. 11

            If you take my things I don’t have them any more. Did he delete the source code when he took it? If not, it wasn’t stolen.

            1. 1

              My point wasn’t “stolen”, my point was “damages”. The article uses “stolen”.

              Do you imply that there were not damages to Valve by this?

              1. 4

                I remember playing the leaked HL2 before it launched. Let me tell you, the copy I had was quite broken and the game froze reliably when you jumped out the window of the train station in the very first level. Still, the ability to explore that platform and pick up that can had me hooked and I bought the game when it launched. I wouldn’t have bought it otherwise, I’m sure of this.

                I have a feeling I’m not alone. This goes back to the classic piracy argument.

                1. 3

                  You ended your comment with a literal comparison to theft.

                  I imply that the comparison is neither relevant nor apt, and claiming that it wasn’t your point is, at best, prevarication - since you brought it up.

              2. 5

                He could have reported

                Eh… 2003 was a very different time with regards to security. Responsible disclosure simply wasn’t a big deal back then like it is now. Bug bounties and security@ email aliases for companies were non-existent.

                1. 2

                  Responsible disclosure and just taking stuff is a very different thing. Full disclosure wasn’t unusual back then.

                  You are making this look as if he had no other choice or it was morally okay what he did. The opposite is true: he could have stopped at any time and never showed interest in any kind of hacker ethics.

                  1. 1

                    Responsible disclosure was a long-standing tradition by 2003: https://en.m.wikipedia.org/wiki/Bugtraq

            2. 4

              At 6am on 7th May 2004, Axel Gembe awoke in the small German town of Schönau im Schwarzwald to find his bed surrounded by police officers. Automatic weapons were pointing at his head and the words, “Get out of bed. Do not touch the keyboard,” were ringing in his ears.

              If this is true, its a little concerning. Regardless of how you feel about the actual crime, there is an alarming tendency for police (seemingly everywhere, the US is definitely not immune to this) to choose breaking into private dwellings to arrest criminals over just waiting for the criminal to come out of the house. They could have just waited for him to get up and go get groceries, drive to work, whatever. It wasn’t like he had hostages in there or something.

              Maybe it’s just me, but this seems like something you would read about the KGB doing in cold war era Soviet Russia.

              1. 4

                I would expect that for someone involved in organized crime, where there is immediate threat for the officers performing the arrest. I have no idea why we all as a society accept seizing people in raids at gunpoint over digital crimes.

              2. 4

                It’s fascinating that he was smart enough to discover an unsecured obscure DNS feature, find a public-writeable web server, and then island hop in to their network, yet somehow dumb enough to think they would give him a job rather than trap him.

                1. 6

                  AXFR is hardly an obscure DNS feature…