Scourge of Valve, hacker MaddoxX, was finally arrested in Holland last week. ShackNews reports that the man who last year hacked into third-party Valve servers was finally caught by Dutch police in Maastricht on Tuesday.
MaddoxX's crimes were peculiar. After hacking the Steam Cyber Cafe server, he posted an archived file containing unverified credit card numbers, transaction amounts, apparent data for creating forged cyber cafe certificates, and what he claimed was Valve's bank balance. This information would have allowed others to access the Cyber Cafe account, which would give access to most of Valve's games. But of course his downfall was boasting about it, posting on the No-Steam forums of his actions, and adding, "We also don't want money from VALVe. We want a simple message on their site."
MaddoxX isn't only in trouble for his Valve antics. Despite his boasts that he didn't intend to steal from Valve or their customers, and that when he nabbed a pre-release Enemy Territory: Quake Wars from the Activision servers he didn't leak it, these weren't an overarching guide to his ethical code. He's charged with having stolen and spent an astonishing 13 million Euros. The Dutch Ministry of the Interior explained that the money had gone on, "playing poker online and shopping for notebooks, flat screens and MP3 players." That's either a lot of tech, or he's rubbish at poker.
Back in April 2007, Valve weren't reported as being the victims in this story. Fiery tech site, The Register, broke the story having spoken to MaddoxX. At this point MaddoxX was playing the vigilante, saying his actions were only to expose Valve's slack security, and his disgust that they weren't informing the cyber cafes of the hack. "I've got several e-mails from cafe owners and they said VALVe hasn't even said shit to them...so you can see how they threat their customers," he told El Reg. Cyber cafes confirmed that they hadn't heard anything from Valve in the week since the supposed attack, and it all seemed a bit odd. Valve didn't reply to enquiries from The Register or ShackNews at first, leading the former to get all worked up and declare that Valve were "suppressing" the information. However, the next day Valve's Doug Lombardi told 1Up,
"There has been no security breach of Steam. The alleged hacker gained access to a third-party site that Valve uses to manage the commercial partners in its Cyber Café program. This Cyber Café billing system is not connected to Steam. We are working with law enforcement agencies on this matter, and encourage anyone with more information to e-mail us at Catch_A_Thief@valvesoftware.com."
The 1Up story questioned MaddoxX's heroic stance, pointing out that his posting private credit card details of customers online wasn't perhaps the strongest moral position. But at this point it wasn't clear that he was quite the thief. 13 million Euros of other people's money can really take the edge off your cyber-Batman persona.
And now to finish, I shall do my impression of a BBC news story:
A prison cell, not the online anarchy and wide screen televisions of which he dreamed, now awaits him.