Internet leak

An Internet leak occurs when a party's confidential information is released to the public on the Internet. Various types of information and data can be, and have been, "leaked" to the Internet, the most common being personal information, computer software and source code, and artistic works such as books or albums. For example, a musical album is leaked if it has been made available to the public on the Internet before its official release date; this musical material is still intended to be confidential.

Source code leaks

Source code leaks are usually caused by misconfiguration of software like CVS or FTP which allow people to get source files by exploiting, by software bugs, or by employees that have access to the sources of part of them revealing the code in order to harm the company.

There were many cases of source code leaks in the history of software development. For example, in 2003 a hacker exploited a security hole in Microsoft's Outlook to get the complete source of Half-Life 2, which was under development at the time.[1][2] The complete source was soon available in various file sharing networks. This leak was rumored to be the cause of the game's delay,[3] but later was stated not to be.

Also in 2003, source code to Diebold Election Systems Inc. voting machines was leaked. Researchers at Johns Hopkins University and Rice University published a damning critique of Diebold's products, based on an analysis of the software. They found, for example, that it would be easy to program a counterfeit voting card to work with the machines and then use it to cast multiple votes inside the voting booth.

Another case involved a partial leak of the source code to Microsoft Windows 2000. Two files containing Microsoft source code were circulating on the Internet. One contains a majority of the NT4 source code and the other contains a fraction of the Windows 2000 source code, reportedly about 15% of the total. This includes some networking code including Winsock and inet; as well as some shell code. It was feared that because of the leak, the number of security exploits would increase due to wider scrutiny of the source code.

In 2004, partial (800 MB) proprietary source code that drives Cisco Systems' networking hardware was made available in the internet. The site posted two files of source code written in the C programming language, which apparently enables some next-generation IPv6 functionality. News of the latest source code leak appeared on a Russian security site.[4]

In 2006, Anonymous hackers stole source code (about 1 GiB) for Symantec's pcAnywhere from the company's network. While confirmed in January 2012, it is still unclear how the hackers accessed the network.[5]

In late 2007, the source code of Norton Ghost 12 and a Norton Anti-Spyware version were available via BitTorrent.

In December 2007 and January 8, a Pirate Bay user published the sources of five Idera SQL products via BitTorrent.

In January 2011 the "stolen source code" of Kaspersky Anti-Virus 2008 was published on the Pirate Bay.

In December 2011, the source code of the Oracle Solaris 11 operating system was available via BitTorrent.

End-of-life leaks by developers

Sometimes the developers themselves leak source code in an effort to prevent that a software product from becoming Abandonware after End-of-life and to allow the community to continue development and support. Reasons for leaking instead of a proper release to public domain or as open source are often scattered or lost intellectual property rights. An example is the video game Falcon 4.0[6] which became available in 2000; another one is Dark Reign 2,[7][8] which was released by an anonymous former Pandemic Studios developer in 2011.

Other leaks

High-profile Internet leaks

See also

References

  1. "Playable Version of Half-Life 2 Stolen". CNN Money. 2003-10-07. Retrieved February 14, 2007.
  2. Parkin, Simon (2011-02-21). "The Boy Who Stole Half-Life 2 - The story behind the $250 million robbery.". www.eurogamer.net. Retrieved 2013-09-05.
  3. "Half Life 2 Source-Code Leak Delays Debut". TechNewsWorld. Retrieved February 14, 2007.
  4. securitylab.ru
  5. Symantec suspected source code breach back in 2006 | Ars Technica
  6. Bertolone, Giorgio (2011-03-12). "Interview with Kevin Klemmick - Lead Software Engineer for Falcon 4.0". Cleared-To-Engage. Archived from the original on 2011-03-18. Retrieved 2014-08-31. [C2E] In 2000 the source code of Falcon 4.0 leaked out and after that groups of volunteers were able to make fixes and enhancements that assured the longevity of this sim. Do you see the source code leak as a good or bad event? [Klemmick] "Absolutely a good event. In fact I wish I’d known who did it so I could thank them. I honestly think this should be standard procedure for companies that decide not to continue to support a code base."
  7. Timothy (2012-08-07). "Dark Reign 2 Goes Open Source". slashdot.org. Retrieved 2013-08-13. One of Activision's last RTS games, Dark Reign 2, has gone open source under the LGPL.
  8. "darkreign2". Google Code. 2011-09-01. Retrieved 2013-08-19.
  9. O'Neal, Sean. "An uncensored version of South Park's controversial Muhammad episode has surfaced". The AV Club. Retrieved 3 April 2014.
  10. news.bbc.co.uk
  11. news.bbc.co.uk