Internet leak

Last updated

An Internet leak occurs when a party's confidential information is released to the public on the Internet. Various types of information and data can be, and have been, "leaked" to the Internet, the most common being personal information, computer software and source code, and artistic works such as books or albums. For example, a musical album is leaked if it has been made available to the public on the Internet before its official release date; and is still intended to be confidential.


Source code leaks

Source code leaks are usually caused by misconfiguration of software like CVS or FTP which allow people to get source files by exploiting, by software bugs, or by employees that have access to the sources of part of them revealing the code in order to harm the company.

There were many cases of source code leaks in the history of software development.

For instance, as Fraunhofer IIS released in 1994 only a low quality version of their MP3 encoding software (l3enc), a hacker named SoloH gathered the source code from the unprotected servers of the University of Erlangen and developed a higher quality version, which started the MP3 revolution on the internet. [1] [2] [3] [4]

Around 1996 Electronic Arts accidentally put the source code of FIFA 97 on a demo disc. [5]

In 2003 a hacker exploited a security hole in Microsoft's Outlook to get the complete source of the video game Half-Life 2 , which was under development at the time. [6] [7] The complete source was soon available in various file sharing networks. This leak was rumored to be the cause of the game's delay, [8] but later was stated not to be. [9]

Also in 2003, source code to Diebold Election Systems Inc. voting machines was leaked. Researchers at Johns Hopkins University and Rice University published a damning critique of Diebold's products, based on an analysis of the software. They found, for example, that it would be easy to program a counterfeit voting card to work with the machines and then use it to cast multiple votes inside the voting booth.

In 2003 a Chinese Hacker acquired the Lineage II source code, and sold it to someone who set up alternative servers. Shutdown by FBI in 2007. [10] [11]

In 2003, one year after 3dfx was bought by Nvidia and support ended, the source code for their drivers leaked, [12] resulting in fan-made, updated drivers. [13]

In 2004, a large portion of Windows NT 4.0's source code and a small percentage (reportedly about 15%) of Windows 2000's were leaked online. [14] The Windows 2000 source code leak was analysed by a writer for (now defunct) website Kuro5hin who noted that while the code was generally well written, allegedly "there are a dozen or so 'fucks' and 'shits', and hundreds of 'craps'." The writer also noted that there were a lot of code hacks, with the "uglier" ones mostly being for compatibility with older programs and some hardware. [15] It was feared that because of the leak, the number of security exploits would increase due to wider scrutiny of the source code. It was later discovered that the source of the leak originated from Mainsoft. [16] [17]

Also in 2004, partial (800 MB) proprietary source code that drives Cisco Systems' networking hardware was made available in the internet. The site posted two files of source code written in the C programming language, which apparently enables some next-generation IPv6 functionality. News of the latest source code leak appeared on a Russian security site. [18]

In 2006, Anonymous hackers stole source code (about 1 GiB) for Symantec's pcAnywhere from the company's network. While confirmed in January 2012, it is still unclear how the hackers accessed the network. [19]

In late 2007, the source code of Norton Ghost 12 and a Norton Anti-Spyware version were available via BitTorrent.

In December 2007 and January 8, a Pirate Bay user published the sources of five Idera SQL products via BitTorrent.

In January 2011 the "stolen source code" of Kaspersky Anti-Virus 2008 was published on the Pirate Bay.

On May 20, 2011, EVE Online's source code was published by someone on a GitHub repository. [20] After being online for four days CCP issued a DMCA take-down request which was followed by GitHub. [21]

In 2011 the source code of GunZ: The Duel v1.5 became available online. [22]

In December 2011, the source code of the Solaris 11 operating system's kernel was leaked via BitTorrent. [23]

In August 2014 S.T.A.L.K.E.R.: Clear Sky's X-Ray Engine source code (and its successor) became available on GitHub under a non-open-source license. [24] [25]

On December 29, 2015 the AmigaOS 3.1 source code leaked to the web, confirmed by the rights holder Hyperion Entertainment. [26] [27]

In January 2017 the source code of Opera's Presto Browser engine was leaked to GitHub. [28] The source code was shortly after taken down with a DMCA notice. [29]

In June 2017 part of Microsoft's Windows 10 source code leaked to the public. [30]

End-of-life leaks by developers

Sometimes software developers themselves will leak their source code in an effort to prevent a software product from becoming abandonware after it has reached its end-of-life, allowing the community to continue development and support. Reasons for leaking instead of a proper release to public domain or as open-source can include scattered or lost intellectual property rights. An example is the video game Falcon 4.0 [31] [32] which became available in 2000; another one is Dark Reign 2 , [33] [34] which was released by an anonymous former Pandemic Studios developer in 2011. Another notable example is an archive of Infocom's video games source code which appeared from an anonymous Infocom source and was archived by the Internet Archive in 2008. [35]

Other leaks

High-profile Internet leaks

See also


  1. The heavenly jukebox on The Atlantic "To show industries how to use the codec, MPEG cobbled together a free sample program that converted music into MP3 files. The demonstration software created poor-quality sound, and Fraunhofer did not intend that it be used. The software's "source code"—its underlying instructions—was stored on an easily accessible computer at the University of Erlangen, from which it was downloaded by one SoloH, a hacker in the Netherlands (and, one assumes, a Star Wars fan). SoloH revamped the source code to produce software that converted compact-disc tracks into music files of acceptable quality." (2000)
  2. Pop Idols and Pirates: Mechanisms of Consumption and the Global Circulation ... by Dr Charles Fairchild
  3. Technologies of Piracy? - Exploring the Interplay Between Commercialism and Idealism in the Development of MP3 and DivX by HENDRIK STORSTEIN SPILKER, SVEIN HÖIER, page 2072, International Journal of Communication 7 (2013)
  5. When EA Sports Accidentally Put a Game's Source Code on a Demo Disc by Luke Plunkett on (02-05-2012)
  6. "Playable Version of Half-Life 2 Stolen". CNN Money. 2003-10-07. Retrieved February 14, 2007.
  7. Parkin, Simon (2011-02-21). "The Boy Who Stole Half-Life 2 - The story behind the $250 million robbery". Retrieved 2013-09-05.
  8. "Half Life 2 Source-Code Leak Delays Debut". TechNewsWorld. Retrieved February 14, 2007.
  9. Catching up with the guy who stole Half-Life 2’s source code, 10 years later by Simon Parkin on Ars Technica (Jun 19, 2016)
  10. fbi-shuts-down-lineage-ii-private-server on (2007)
  11. CRACKING THE CODE Online IP Theft Is Not a Game on (02/01/2007)
  12. Treiber-Quellcode von 3dfx im Netz aufgetaucht - Von Nvidia offenbar geduldet by Christian Klaß on (7 May 2003, in German)
  13. Drivers on
  14. Windows Code May Be Stolen on PC World by Joris Evers (February 2004)
  15. "We Are Morons: a quick look at the Win2k source ||". Retrieved 2018-09-30.
  16. "Mainsoft Eyed as Windows Source Code Leak". 2004-02-13. Retrieved 2009-07-03.
  17. "Microsoft Updates Code Leak Statement, Mainsoft Fingered". 2004-02-19. Retrieved 2009-07-03.
  18. "SecurityLab" . Retrieved 15 June 2015.
  19. "Symantec suspected source code breach back in 2006". Ars Technica . Retrieved 15 June 2015.
  20. Humphries, Matthew (2011-05-25). "Eve Online source code posted online, DMCA takedown quickly follows". Retrieved 2015-11-07. It looks as though someone has posted the source code for the space MMO Eve Online there. As you’d imagine, developer CCP isn’t too happy about this and was quick to issue the takedown request.
  21. dmca/2011-05-24-cpp-virtual-world-operations.markdown Archived 2015-11-08 at the Wayback Machine . on GitHub
  22. Gunz 1.5 Source Code released. on (20 November 2011)
  23. Oracle Solaris 11 Kernel Source-Code Leaked on Phoronix by Michael Larabel (on 19 December 2011)
  24. xray on (August 2014)
  25. xray-16 on
  26. Larabel, Michael (5 January 2016). "Hyperion Confirms Leak Of AmigaOS 3.1 Source Code". Phoronix.
  27. amiga-os-kickstart-and-workbench-source-coded-leaked on December 29, 2015
  28. presto_engine_source_code_available_on_github (2017)
  30. Windows 10 source code leak is an embarrassment for Microsoft - It's less serious than initially thought but still important, given security is high on everyone’s mind. by Swapna Krishna on (June 24, 2017)
  31. Hiawatha Bray (2004-01-21). "Diehard pilots keep Falcon flying". Archived from the original on 2004-04-08. Retrieved 2016-06-28.
  32. Bertolone, Giorgio (2011-03-12). "Interview with Kevin Klemmick - Lead Software Engineer for Falcon 4.0". Cleared-To-Engage. Archived from the original on 2011-03-18. Retrieved 2014-08-31. [C2E] In 2000 the source code of Falcon 4.0 leaked out and after that groups of volunteers were able to make fixes and enhancements that assured the longevity of this sim. Do you see the source code leak as a good or bad event? [Klemmick] "Absolutely a good event. In fact I wish I’d known who did it so I could thank them. I honestly think this should be standard procedure for companies that decide not to continue to support a code base."
  33. Timothy (2012-08-07). "Dark Reign 2 Goes Open Source". Retrieved 2013-08-13. One of Activision's last RTS games, Dark Reign 2, has gone open source under the LGPL.
  34. "darkreign2". Google Code. 2011-09-01. Retrieved 2013-08-19.
  35. Baio, Andy (Apr 17, 2008). "Milliways: Infocom's Unreleased Sequel to Hitchhiker's Guide to the Galaxy". Retrieved 2016-01-26. From an anonymous source close to the company, I've found myself in possession of the "Infocom Drive" — a complete backup of Infocom's shared network drive from 1989.[...] Among the assets included: design documents, email archives, employee phone numbers, sales figures, internal meeting notes, corporate newsletters, and the source code and game files for every released and unreleased game Infocom made
  36. O'Neal, Sean. "An uncensored version of South Park's controversial Muhammad episode has surfaced". The A.V. Club . Retrieved 3 April 2014.
  37. Gonzales, Dave. "Banned Aqua Teen Hunger Force Boston episode leaks online". . Retrieved 19 April 2015.
  38. "Ratings for CBS's NCAA tournament selection show were almost as bad as show itself". Washington Post. March 14, 2016.
  39. "NCAA says it's investigating the bracket leak that saved us from the two-hour Selection Sunday show". Los Angeles Times. March 14, 2016.
  40. "BBC NEWS - Technology - Half-Life 2 code leaked online" . Retrieved 15 June 2015.
  41. "BBC NEWS - Technology - Q&A: Microsoft source code leaked" . Retrieved 15 June 2015.