Valve Hacker Arrested

By John Walker on June 30th, 2008 at 11:06 am.

Created by MaddoxX, apparently depicting Valve.

Scourge of Valve, hacker MaddoxX, was finally arrested in Holland last week. ShackNews reports that the man who last year hacked into third-party Valve servers was finally caught by Dutch police in Maastricht on Tuesday.

MaddoxX’s crimes were peculiar. After hacking the Steam Cyber Cafe server, he posted an archived file containing unverified credit card numbers, transaction amounts, apparent data for creating forged cyber cafe certificates, and what he claimed was Valve’s bank balance. This information would have allowed others to access the Cyber Cafe account, which would give access to most of Valve’s games. But of course his downfall was boasting about it, posting on the No-Steam forums of his actions, and adding, “We also don’t want money from VALVe. We want a simple message on their site.”

Some of the 'proof' MaddoxX sent to ShackNews

MaddoxX isn’t only in trouble for his Valve antics. Despite his boasts that he didn’t intend to steal from Valve or their customers, and that when he nabbed a pre-release Enemy Territory: Quake Wars from the Activision servers he didn’t leak it, these weren’t an overarching guide to his ethical code. He’s charged with having stolen and spent an astonishing 13 million Euros. The Dutch Ministry of the Interior explained that the money had gone on, “playing poker online and shopping for notebooks, flat screens and MP3 players.” That’s either a lot of tech, or he’s rubbish at poker.

Back in April 2007, Valve weren’t reported as being the victims in this story. Fiery tech site, The Register, broke the story having spoken to MaddoxX. At this point MaddoxX was playing the vigilante, saying his actions were only to expose Valve’s slack security, and his disgust that they weren’t informing the cyber cafes of the hack. “I’ve got several e-mails from cafe owners and they said VALVe hasn’t even said shit to them…so you can see how they threat their customers,” he told El Reg. Cyber cafes confirmed that they hadn’t heard anything from Valve in the week since the supposed attack, and it all seemed a bit odd. Valve didn’t reply to enquiries from The Register or ShackNews at first, leading the former to get all worked up and declare that Valve were “suppressing” the information. However, the next day Valve’s Doug Lombardi told 1Up,

“There has been no security breach of Steam. The alleged hacker gained access to a third-party site that Valve uses to manage the commercial partners in its Cyber Café program. This Cyber Café billing system is not connected to Steam. We are working with law enforcement agencies on this matter, and encourage anyone with more information to e-mail us at Catch_A_Thief@valvesoftware.com.”

The 1Up story questioned MaddoxX’s heroic stance, pointing out that his posting private credit card details of customers online wasn’t perhaps the strongest moral position. But at this point it wasn’t clear that he was quite the thief. 13 million Euros of other people’s money can really take the edge off your cyber-Batman persona.

And now to finish, I shall do my impression of a BBC news story:

A prison cell, not the online anarchy and wide screen televisions of which he dreamed, now awaits him.

, , .

48 Comments »

Sponsored links by Taboola
  1. Ci2e says:

    I remember Valve actually inviting him to America in the hopes of turning him over to the authorities. Whatever happened to that plan? Either way I think he got what he deserved…

  2. Lh'owon says:

    Ah, I just love that soft-spoken male English voice with its sober, world-weary, slightly disappointed tone, yet direct and without excessive hyperbole. I suppose you British types get sick of it but it’s a breath of fresh air to me. Love the BBC.

    Oh, and as for that linked BBC article – the gentleman in question wrote “We must secure the existence of our race and the future for white children.” I wonder how many of the children featured in the 39,000 images he was arrested for were white? Sickening.

  3. Naurgul says:

    Ci2e, you’re thinking of the Half-Life 2 hacker, who got access to Valve’s computers and stole their developer code and build. What happened with that guy was that the German authorities intervened and caught him before he left for the States.

  4. Michael Bay says:

    Pitch me a two page treatment. THIS COULD BE MASSIVE. Daniel Day Lewis can play Gabe Newell, the policeman can be Dame Judi Dench… but we need to sex this up. How about Jessica Alba as MaddoxX?

  5. The Hammer says:

    Nice to see him get caught.

    …both the Nazi Paedophile and this MaddoxX chap.

    He was always going to get arrested when some arrogant, whiny hacker was going up against a force called Team High Tech Crime.

    WOW.

  6. cliffski says:

    What bugs me is that surely ‘Team’ is a noun, and thus belongs at the end of these sentences. I don’t sit in the ‘chair leather’, but the ‘leather chair’.
    I pity the people for whom ‘Team High Tech Crime’ doesn’t sound silly.
    back to work on my Game New I guess…

  7. AbyssUK says:

    Jesus did this guy play it all wrong…
    1) hack system
    2) take lots of cc information
    3) tell lots of hack forums about the exploit
    4) wait for lots of people to have info on how to hack system
    5) then play online poker with other peoples money..
    6) blame all the lost money on other people using the exploit.

    Hackers may be getting cleverer but common sense has been thrown out the window.

  8. The Hammer says:

    Don’t tell Team Rocket.

  9. Sucram says:

    There’s something fishy with that image.

  10. Noc says:

    On a side note, I have a hard time taking Neo Nazism seriously, for the sole reason of their symbol looking like a silly little running man.

    Also chuckleworthy, from the 1UP article: “Nothing will happen. I work through remote PCs to do my job.”

  11. Ci2e says:

    @ Naurgul

    Damn I haven’t been paying attention then have I, lol…

    @ Michael Bay

    Nice 360 days til Transformers 2 – that’s too long!

    That’s awesome a movie director is at Rock Paper Shotgun posting opinions…

  12. Jonas says:

    John, just a little heads up: Use single quotes in the alt-text on that second image. You broke it :P

  13. John Walker says:

    Stupid me.

  14. Jonas says:

    Not at all! Hope I didn’t come across as condescending.

    IRT topic: Mwahahah! Serves him right, the bugger.

  15. Cargo Cult says:

    MaddoxX even dared steal from Cyriak, AKA ‘mutated monty’ on b3ta.

    The shame!

    I take it MaddoxX is the caveman?

  16. Alex says:

    From what I gather from a Dutch article on the story, Activision used a private investigator to find the kid and turned over the info to the police.

  17. El Stevo says:

    Why does he call it ‘VALVe’?

  18. Nimic says:

    I generally have no respect at all for hackers and people in the “pro” pirate ‘business’. Yes, I realize that they are often the ones making it possible whenever I occasionally download from TvTorrents or The Pirate Bay, but their arrogance and “we’re the real pirates!” attitude just puts me off.

    See how I managed to turn it from hackers to.. whatever they call themselves?

  19. Optimaximal says:

    Why does he call it ‘VALVe’?

    Because that’s how Valve officially spell their name. It’s like Intel with their subscript e…

  20. Sprafa says:

    so Valve only have 9 million dollars ? That’s really… bad.

  21. mpk says:

    so Valve only have 9 million dollars ?

    That’s just Gabe Newells’s slush fund.

  22. ZenArcade says:

    How did he get what he deserved? This is not a morally questionable crime. This isn’t murder. He hacked a corperations server, he’s not bloody Hitler. You’re all going on like Valve have apprehended a criminal mastermind of epic proportions, and that the realm of video games is now safer. Wrong. All I see is a twat who thought he was golden being smacked in the mush by a big bullying corperation. No justice in this at all nor is there anything worthy to report as a triumph for the industry. Valve and the hacker are both a pair of arses.

  23. AbyssUK says:

    @ZenArcade
    totally agree mate VALVe are the ones really at fault here. This MaddoxX shouldn’t have been able to do it in the first place, no excuse for poor data protection this day in age. This guy didn’t do anything new, he used an old well know exploit so VAVLe should have had it covered. Even if it is a third party holding the data.. its your customer data.. your responsibility you should check everything is watertight. If I was one of the affected customers I’d be looking to take VALVe to court not MaddoxX

  24. Turin Turambar says:

    Nimic, pirates who encode and torrent a tv show for free are a bit different from the ones with hack a company and steal credit cards numbers.

  25. ZenArcade says:

    Don’t get me wrong. I’m not condoning piracy but I don’t think putting on a big show and chucking one pimply nerd in prison is teaching anyone a lesson. This guy sounds like a second rate hacker who found a very easy way into the valve servers. Valve should be going red with embarrassment, not taking a humungous legal shit on one person.

  26. sherwinpg says:

    Valve also got their source code stolen for Half-life 2 awhile back didn’t they?

    Man, weak sauce….they need new systsem admins or network gurus over there

  27. Lars Balker Rasmussen says:

    I think online poker is a common way to launder money from stolen credit cards – just lose a lot to a bunch of buddies.

  28. Acosta says:

    Worst poker player, ever.

  29. John Walker says:

    ZenArcade: I think you’re missing the bit where he stole THIRTEEN MILLION EUROS. I’m not exactly conservative, but at around the thirteen million mark is where I’d say someone should probably get in trouble with the law. Thereabouts.

    Also, the Dutch police arrested the guy, not Valve.

  30. SightseeMC says:

    Um…no offense, but why is there always this “corporations are EVIL, steal from them at will” sentiment? If the man stole your entire bank account in that $13 mil, I highly doubt you’d just say, “Ah well, my security was lax, I deserve it. I banked at a corporation.” It’s like saying that I deserve my house broken in to because I locked the door, but I didn’t use a lock that couldn’t be picked. That is a stupid and immature argument, period.

    Okay, maybe a little offense was intended.

    I will *never* buy into the “robin hood” hacker bit. If any security pirate is so altruistic, then hack the system, and alert the company to the issue. If they haven’t fixed the hack by a reasonable amount of time, do it again, and alert them again. And maybe go public on the third try, with no sensitive info. But posting bank accounts and cc info points out both the inherent theft and showboating of this guy, neither of which fits any contrived altruistic motives you assign to him or that he assigns to himself.

  31. Radiant says:

    so Valve only have 9 million dollars ?

    That’s just Gabe Newells’s slush fund.

    Nope that’s just his slushy fund.

    Remember when he used to be slim?

    [Sorry Valve please don’t send team gabe’s not fat just big boned after me.]

  32. Radiant says:

    Also how are you going to put nail bombs UNDER YOUR BED?
    You’re drunk you reach for your hitler slippers…

  33. Down Rodeo says:

    Totally off track but I had a massive sense of déjà vu while reading this… quite scary really.

    Still, good that he got caught eh? Sounds like a bit of a prat.

  34. ZenArcade says:

    I think you’re misinterpereting my post for a generic anti-capitalist type stuff. You cannot possibley compare my meagre bank account to that of a corperation. I will ignore that point because even you know that’s a foolish comparison to make.

    13 Billion can easily be made back by pumping out a stream of sub-standard* FPS title- oh… wait.

    They con us with the whole episodic content schtick enough. I am not upset that they have had thier balls hacked to bits by a geek somewhere in Europe.

    *Episode 2 was good though, the only highlight of Half-Life 2 thus far.

  35. Pod says:

    ZenArcade? Is your argument serious?

    Rather than $13billion imagine £5000 got nicked fom your account.

    Don’t worry! That’s only a few months at work. I’m sure it won’t matter.

    edit: Also, at NO POINT was this money stolen from VALVe. It was stolen from people like YOU who run cyber cafes. (A reply with “I’ve never run a cyber cafe” causes you to lose). Why should VALVe be responsible for this data? Braclays trust Omega Security to transport their money. If it gets robbed en-route who’s fault is it?

    Definatley not VALVe’s

  36. dhex says:

    now, this is another good example where my shoe stealing argument-in-action routine would work out great. most people can afford another pair of shoes; so if i steal zenarcade’s shoes off of his feet, i’m not actually injuring him in any way that’s worth talking about because you can buy another pair of cheap shoes for 10 bucks. (6 euro?)

    besides, the master said this world is a burning house, so any attachment zenarcade would have to the shoes would be detrimental. in one sense i’d be helping him.

  37. Saflo says:

    What an ingenious little con they’ve devised, charging people less than usual for short games of extremely high quality.

  38. ZenArcade says:

    I get your points, guys, but they didn’t steal 13 billion from a nobody, they stole it from Valve. There is a VAST difference. Saying “imagine them stealing money from you” is wholly irrelevant because I am not a rich business owner so it isn’t the same thing at all.

  39. ZenArcade says:

    *ran out of time to edit my post…*

    To reiterate; I’m not saying we should walk around stealing money off each other. Okay? It seems like thats what you all think.

    You see, in a world as flawed as this one, some kid comitting fraud is not the worst thing that can happen, but that won’t stop the law pulling out all the stops and making an example of someone. Is this guy risking jail time? if so, then that’s sad. For crimes like murder, yes, I can understand (even though prison does nothing to reform an individual) but fraud on a corperation? Give me a break. He’s not Myra Hindley. His crime is mere petty theft. Stories like this get all the attention because it has the magic word “money” in it, which is really quite depressing.

  40. Frymaster says:

    it’s 13 _million_ not billion. Which mistake makes me even more wierd that you only consider it petty theft.

    don’t forget a corporation is not a person. depending on how you look at it, it’s either all the owners, or all the employees. This is why people who say “x large oil company has y billion profits, they’re greedy” are misleading; that profit is shared amongst a lot of people.

    saying “valve” can afford to lose the money is also misleading. If I had the amount of money in the bank valve does I’d just retire and live off the interest, but “valve” can’t do that because there is no person called Mr Valve*, and the money has to go into a lot more people’s pockets than you’d think.

    The difference is, if someone steals from a person you can point at the victim. If someone steals from a corporation, the victims (owners/shareholders, and employees, or even people who might have been employed had the company not developed a 13 million euro hole in their finances) are diffuse and harder to interview bravely holding back tears on the news.

    I fail to understand why stealing 13 million from one person is more heinous than stealing 100 from 130,000 people. Which is, in fact, closer to what he did.

    If you wanna argue Valve “deserves” punishing, find their crime, collect evidence, and get a case brought against them.

    “It’s not the worst that could happen” Well, no. Planetary genocide is. I don’t see how that means anything less than that gets a free pass.

    *There probably is someone called Mr Valve, but it’s not the same person. honest

  41. Dorian Cornelius Jasper says:

    ZenArcade:

    It’s important to bear in mind that your attempts to justify MaddoxX stealing from Valve are off-base for a very important reason. One that I’ll inform you of at the end of this post. But for now, I’ll respond to your appeal to sentiment in kind before making you sit in a corner.

    HEEEAAAAALP!

    I’m pretty scared that you think stealing “13 billion” is nothing to scoff at. Hell, plenty of people are willing to kill for only a few thousand. And Euros are twice as strong as the dollar (as far as I know) so this is some serious stuff.

    You somehow want to try to justify it by saying you, well, don’t like Valve’s games. This is also pretty iffy, because an opinion is not a fact, not a strong basis to justify such a serious felony, and your opinion isn’t even a very common one–most of us PC gamers happen to love Valve’s games, and Steam.

    But seriously, how is a multi-million dollar theft “petty” in any way? Have you looked up the definition of the word? Petty theft is robbing $300 from a cash register. Stealing 13 million Euros is freaking insane.

    You ask people not to confuse your opinions with generic anti-corporation claptrap, but that’s all they are. You’re not giving us definite, supportable, morally stable reasons for your position. You’re attempting to sway people with shaky appeals to sentiment that, fortunately, nobody’s buying because nobody shares your sentiment. Because we don’t approach this issue from an anti-corporate, anti-Valve stance. Some of us see a duck and call it a duck.

    And now for the elephant in the room:

    Are You Ready? Let’s Go!

    Those 13 million Euros aren’t even from Valve. They’re stolen credit cards from people using Valve’s third-party cyber cafe program. You know, the people he claimed he was “sticking up for.” “Fraud on a corporation” my ass. The guy didn’t steal from Valve, he went straight after their customers. The people he tried to say were Valve’s victims. If you honestly believed that these people were being hurt by Valve in some way, how could you justify victimizing them again?

    The man’s a greedy identity thief and a damned hypocrite, not Robin Hood. Now go sit in a corner and think about what you’ve done.

  42. MadTinkerer says:

    ZenArcade, you seriously need to READ THE ARTICLE. The guy posted credit card details of Cyber Cafe customers, not Gabe Newell’s credit card.

    Where did the thirteen million come from? Not the supposed NINE million in Valve’s account. It came from guys like you. This is not an allegory about Valve being a guy like you, it’s a literal fact about the case if you actually read it, genius.

    Also, allow me to point out something: Corporations only continue to exist as long as their employees are paid. If you steal from a corporation, you effectively steal from it’s employees. Less cash = more layoffs. This whole “fuck Valve for daring to make a game and actually charge money for it” is the argument of a mental midget. Go take an economics class and then tell me anarchy is a better idea.

  43. Dorian Cornelius Jasper says:

    Hmm.

    Sorry for the double post, but my agents have informed me that I have misquoted them and I’ve missed the edit window.

  44. MadTinkerer says:

    Oops. Dorian Cornelius Jasper beat me to it. :)

  45. Crispy says:

    @Cliffski

    Ever crossed a bridge over the River Thames in London? Ever eaten a banana split, or a beef Wellington? Names don’t always have to follow the rules, you know.

  46. Dorian Cornelius Jasper says:

    And let us all make good use of yonder chairs leather.

  47. dhex says:

    Saying “imagine them stealing money from you” is wholly irrelevant because I am not a rich business owner so it isn’t the same thing at all.

    it’s never the same thing when it’s happening to us.

    your shoes, please.

  48. Twin™ says:

    I agree with his part of saying “FUCK VALVE”. Valve build theses games, but they doesn’t even give a shit about normal players, without a position, posts on thier forums etc etc..

    Some of the problem, I’d be taking for an example “The Steam servers are too busy to handle your request. Please try again in a few minutes.” Haven’t been fixed as for peoples that use “Undead Patch” and for players that pay (as I’d fully include myself in them).

    Peoples that pays can have to wait for 15 minutes for the download to start, as others can wait years.
    My friend, which I had asked when did he finally could install HL2:E2, and he told me it took him a year. I bought it two weeks ago, the first week, I tried to get it working at: 1:00 AM, 9:00 AM, 12:00 AM, 3:00 PM, 9:00 PM, 11:00 PM and with all of theses attempts, I’ve almost had it once.. At the last bar, I had this error.

    -Twin™