Internet leak

An internet leak is the unauthorized release of information over the internet. Various types of information and data can be, and have been, "leaked" to the Internet, the most common being personal information, computer software and source code, and artistic works such as books or albums. For example, a musical album is leaked if it has been made available to the public on the Internet before its official release date.

Music leaks

A music leak is an unauthorized release of music over the internet. Songs or albums may leak days or months before their scheduled release date. In other cases, the leaked material may be demos or scrapped work never intended for public release. Leaks often originate from hackers who gain unauthorized access to the online storage of an artist, label, producer, or journalist.

Source code leaks

Source code leaks are usually caused by misconfiguration of software like CVS or FTP which allow people to get source files through exploits, software bugs, or employees that have access to the sources or part of them revealing the code in order to harm the company.

There were many cases of source code leaks in the history of software development.

  • As Fraunhofer IIS released in 1994 only a low quality version of their MP3 encoding software (l3enc), a hacker named SoloH gathered the source code from the unprotected servers of the University of Erlangen and developed a higher quality version, which started the MP3 revolution on the internet.[1][2][3][4]
  • Around 1996 Electronic Arts accidentally put the source code of the video game FIFA 97 on a demo disc.[5]
  • In 2003, Axel Gembe, a German hacker, who had infiltrated Valve's internal network months earlier, exploited a security hole in Microsoft's Outlook to get the complete source of the video game Half-Life 2. The source code was leaked online a week later, a playable version of Half-Life 2 was compiled from the source code, revealing how unfinished it was. The leaks damaged morale at Valve and slowed development.[6] In March 2004, Gembe contacted Gabe Newell, CEO of Valve, and identified himself, saying he was a fan and had not acted maliciously. Newell worked with the FBI to invite Gembe to a fake job interview, planning to have him arrested in the USA; however, police arrested him in Germany.[7][8][9] The complete source was soon available in various file sharing networks.
  • Also in 2003, source code to Diebold Election Systems Inc. voting machines was leaked. Researchers at Johns Hopkins University and Rice University published a critique of Diebold's products, based on an analysis of the software. They found, for example, that it would be easy to program a counterfeit voting card to work with the machines and then use it to cast multiple votes inside the voting booth.
  • In 2003 a Chinese hacker acquired the source code for Lineage II and sold it to someone in California who then used it to create a bootleg version of the game, powered by his own servers. Despite warnings from NCSoft that pirating an online game was considered illegal, he continued doing so for a few years, until the Federal Bureau of Investigation finally raided his home in 2007, seized the servers and permanently disabled the website that fronted his bootleg version of Lineage II.[10][11]
  • In 2003, one year after 3dfx was bought by Nvidia and support ended, the source code for their drivers leaked,[12] resulting in fan-made, updated drivers.[13]
  • In 2004, a large portion of Windows NT 4.0's source code and a small percentage (reportedly about 15%) of Windows 2000's were leaked online.[14] The Windows 2000 source code leak was analysed by a writer for (now defunct) website Kuro5hin who noted that while the code was generally well written, it allegedly contained about "a dozen" instances of profanity and the milder euphemism "crap". The writer also noted that there were a lot of code hacks, with the "uglier" ones mostly being for compatibility with older programs and some hardware.[15] It was feared that because of the leak, the number of security exploits would increase due to wider scrutiny of the source code. It was later discovered that the source of the leak originated from Mainsoft.[16][17]
  • Also in 2004, partial (800 MB) proprietary source code that drives Cisco Systems' networking hardware was made available in the internet. The site posted two files of source code written in the C programming language, which apparently enables some next-generation IPv6 functionality. News of the latest source code leak appeared on a Russian security site.[18]
  • In 2006, Anonymous hackers stole source code (about 1 GiB) for Symantec's pcAnywhere from the company's network. While confirmed in January 2012, it is still unclear how the hackers accessed the network.[19]
  • In late 2007, the source code of Norton Ghost 12 and a Norton Anti-Spyware version were available via BitTorrent.
  • In December 2007 and January 8, a Pirate Bay user published the sources of five Idera SQL products via BitTorrent.
  • In January 2011 the "stolen source code" of Kaspersky Anti-Virus 2008 was published on the Pirate Bay.
  • On May 20, 2011, EVE Online's source code was published by someone on a GitHub repository.[20] After being online for four days, CCP Games issued a DMCA take-down request which was followed by GitHub.[21]
  • In 2011, the source code of GunZ: The Duel v1.5 became available online.[22]
  • In December 2011, the source code of the Solaris 11 operating system's kernel was leaked via BitTorrent.[23]
  • In August 2014 S.T.A.L.K.E.R.: Clear Sky's X-Ray Engine source code (and its successor) became available on GitHub under a non-open-source license.[24][25]
  • On December 29, 2015, the AmigaOS 3.1 source code leaked to the web, confirmed by the rights holder Hyperion Entertainment.[26][27]
  • In January 2017 the source code of Opera's Presto Browser engine was leaked to GitHub.[28] The source code was shortly after taken down with a DMCA notice.[29]
  • In June 2017 a small part of Microsoft's Windows 10 source code leaked to the public. The leak was of the Shared Source Kit, a small portion of the source code given to OEMs to help with writing drivers.[30]
  • In February 2018, the iBoot bootloader for Apple operating systems' source code was leaked onto GitHub by an Apple engineer. The code was from 2016, and by the time it was leaked, iBoot had been restructured, making it obsolete.[31]
  • On April 22, 2020, Counter-Strike: Global Offensive and Team Fortress 2 code was leaked.[32]
  • Some time during March 2018, Nintendo suffered a significant leak when a hacker obtained an alleged 2 TB of confidential material containing source codes to game consoles, games, and internal documentation.[33] Starting in 2018, the contents of this breach slowly made their way onto the Internet, starting with iQue Player ROMs and various Pokémon games.[34] Later in 2020, the leaks gained more attention and grew in size, culminating into the release of Wii and Nintendo 64 source code, and the so-called "Gigaleak", a massive release containing multiple N64 games' source code and SNES Prototypes.[35] After July 2021, no more releases have occurred.
  • On August 7, 2020, 20 GB of Intellectual property of Intel, including source code (in SystemVerilog and otherwise) of their system on chips leaked (with preserving git structure). That included Intel ME, Intel Microcode and software simulators of their hardware. Their various BIOS source code was also leaked. The SpaceX cameras firmware that Intel worked on also leaked. The data is being distributed through a torrent.[36]
  • On September 23, 2020, Windows XP SP1 and Windows Server 2003 complete source code depots were leaked. The archives included all the source code from the time it was used at Microsoft, including documentation and build tools. The leak was first dismissed as illegitimate, but it was soon clear that it was legitimate, the source code contained Windows XP specific code and resources, later one user managed to compile the OS and pack it into an ISO image.[37]
  • On January 4, 2021, Nissan North America source code was leaked online due to misconfiguration of a company Git server, which was left exposed online with a default username and password of admin/admin. Software engineer Tillie Kottmann learned of the leak and analyzed the data, which they shared with ZDNet. The repository reportedly contained Nissan NA mobile apps, parts of the Nissan ASIST diagnostics tool, Nissan's internal core mobile library, Dealer Business Systems and Dealer Portal, client acquisition and retention tools, market research tools and data, vehicle logistics portal, vehicle connected services, and various other back ends and internal tools, they reported.[38]
  • On February 10, 2021, Cyberpunk 2077 and Witcher 3 developer CD Projekt Red (CDPR) announced hackers had targeted the company and attempted to hold it to ransom. On 6 June 2021, someone in possession of the data had leaked all of Cyberpunk 2077 code (96.02 GB of data in 7z archive) online publicly, while previously it was only[39] available in encrypted form.[40][41][42]
  • On October 6, 2021, streaming site Twitch had its source code along with earnings reports of top streamers leaked by hackers on 4chan,[43] citing the streaming site's negative community and desire for competition and disruption of the online video streaming space. The breach was confirmed by Twitch on Twitter.[44] The leak was distributed freely via a torrent file and was 135.17 GB in size. As a precaution, all the stream keys have been reset by Twitch.[45]
  • On February 25, 2022, ransomware group LAPSUS$ hacked NVIDIA and reportedly obtained 1 terabyte[46] of proprietary information. The group subsequently released a ~20 GB archive containing the source code for NVIDIA GPU drivers among other things.[47] Details for a Nintendo Switch successor were also found among the data.[48] It was also reported recently that the group also infiltrated Portuguese media conglomerate Impresa, the Ministry of Health in Brazil and Brazilian telecommunications company Claro.[49]
  • On September 18, 2022, an Untitled Grand Theft Auto game had a massive leak online, with 90 videos of the game being released.[50] [51] It was confirmed by a worker at Rockstar Games that the leak was real. The content of the leak received mixed reviews, with many calling the game unfinished and rushed, but many criticized these complaints by stating the game was not near completion. The leak itself, however, received negative reception, with many claiming it discredited the work of several employees. Publisher TakeTwo began taking down leaks on several different websites. Rockstar issued a statement on September 19, which stated they were "disappointed" with the leak.
    • The hacker who got the leak also got the source code for Grand Theft Auto V, and announced he would be selling both. Shortly after, he announced the GTA VI source code was no longer for sale, but was still selling the GTA V source code. This has been considered a form of blackmail.
  • On January 25, 2023, leaked archive with approx. 44GB of Yandex services has been published on Torrents.[52][53]

End-of-life leaks by developers

Sometimes software developers themselves will intentionally leak their source code in an effort to prevent a software product from becoming abandonware after it has reached its end-of-life, allowing the community to continue development and support. Reasons for leaking instead of a proper release to public domain or as open-source can include scattered or lost intellectual property rights. An example is the video game Falcon 4.0[54][55] which became available in 2000; another one is Dark Reign 2.[56][57]

Other leaks

  • In late 1998, a number of confidential Microsoft documents later dubbed the Halloween documents were leaked to Eric S. Raymond, an activist in the open-source software movement, who published and commented on them online. The documents revealed that internally Microsoft viewed free and open-source software such as Linux as technologically competitive and a major threat for Microsoft's dominance in the market, and they discussed strategies to combat them. The discovery caused a public controversy. The documents were also used as evidence in several court cases.
  • Nintendo's crossover fighting video game series Super Smash Bros. has a history of having unconfirmed content leaked. Every game since, including 2008's Super Smash Bros. Brawl has been affected by leaks in some form:
    • Super Smash Bros. Brawl for the Wii was leaked by a video on the Japanese language wii.com website, revealing unconfirmed playable characters on January 28, 2008 (three days before the game's Japanese release).
    • Super Smash Bros. for Nintendo 3DS and Wii U was afflicted in August 2014 by the "ESRB leak", where many screenshots and limited video footage of the 3DS version were leaked by a supposed member of the ESRB. The leak gained traction very quickly due to the screenshots mostly containing elements that the game ratings board would be interested in, such as trophies of suggestively-dressed female characters (some of which were later found to be edited or cut altogether in the final game).
    • Super Smash Bros. Ultimate was leaked in its entirety two weeks before its release, allowing many to play and datamine in advance. While the entire roster of characters and stages had already been officially revealed, many unrevealed collectibles, music tracks, and story elements were discovered and distributed. This prompted Nintendo to issue copyright strikes to many YouTube and Twitch channels.
  • November 2009:[58] Climatic Research Unit email leak, aka Climategate
  • Several high-profile books have been leaked on the Internet before their official release date, including If I Did It, Harry Potter and the Deathly Hallows, and an early draft of the first twelve chapters of Midnight Sun. The leak of the latter prompted the author Stephenie Meyer to suspend work on the novel.
  • 2010 My Little Pony: Friendship Is Magic has been filled with lot of leaks for later seasons on scenes, leaked full song to the theme song, leaked early released episodes before they got aired on Discovery Family, unfinished episodes, 2018–present there was leaks for the generation 5 as My Little Pony: A New Generation was the start.
  • On January 31, 2014, the original uncensored version of the South Park episode "201" was leaked, when it was illegally pulled from the South Park Studios servers and was posted online in its entirety without any approval by Comedy Central. The episode was heavily censored by the network when it aired in 2010 against the will of series creators Trey Parker and Matt Stone, and was never formally released uncensored to the public. The episode was the second in a two parter and was censored after the airing of the first part as a result of death threats from Islamic extremists who were angry of the episode's storyline satirizing censorship of depictions of Muhammad.[59]
  • In 2015 the unaired Aqua Teen Hunger Force episode "Boston" was leaked online. The episode was set to air during the fifth season as a response to a controversial publicity stunt for Aqua Teen Hunger Force Colon Movie Film for Theaters that occurred in the titular city, but Adult Swim was forced to pull it to avoid further controversy.[60]
  • On March 13, 2016, the full list of qualifying teams and first round match-ups for the 2016 NCAA Men's Division I Basketball Tournament leaked on Twitter in the midst of a television special being broadcast by CBS to officially unveil them. The leak exacerbated criticism of a new, two-hour format for the selection broadcast, which was criticized for revealing the full tournament bracket at a slower pace than in previous years.[61][62]
  • On April 20, 2021, Apple supplier Quanta Computer was hit by a ransomware attack. The attackers began posting documents and schematics of MacBook computer designs as recent as March 2021. The attackers threatened to release everything they had obtained by May 1, 2021, unless a ransom had been paid, however nothing further came out of the breach.[63]
  • On March 6, 2023, the unreleased film Scooby-Doo! and Krypto, Too!, a crossover involving Scooby-Doo and Krypto the Superdog was alledgedly canceled,[64] and was leaked online.[65] It was alleged to be cancelled as tax write-off for parent company Warner Bros. Discovery's cost savings effort.[64] On July 26, 2023, it was confirmed to not be cancelled,[66] and a trailer was released on July 27, 2023 with a release date of September 26, 2023.[67][68]

See also

References

  1. The heavenly jukebox on The Atlantic "To show industries how to use the codec, MPEG cobbled together a free sample program that converted music into MP3 files. The demonstration software created poor-quality sound, and Fraunhofer did not intend that it be used. The software's "source code"—its underlying instructions—was stored on an easily accessible computer at the University of Erlangen, from which it was downloaded by one SoloH, a hacker in the Netherlands (and, one assumes, a Star Wars fan). SoloH revamped the source code to produce software that converted compact-disc tracks into music files of acceptable quality." (2000)
  2. Dr Charles Fairchild (2013). Pop Idols and Pirates: Mechanisms of Consumption and the Global Circulation of Popular Music. Ashgate Publishing, Ltd. p. 75. ISBN 978-1-4094-9381-5.
  3. Technologies of Piracy? - Exploring the Interplay Between Commercialism and Idealism in the Development of MP3 and DivX by HENDRIK STORSTEIN SPILKER, SVEIN HÖIER, page 2072, International Journal of Communication 7 (2013)
  4. "Online.nl | Internet, TV en Bellen". www.online.nl.
  5. When EA Sports Accidentally Put a Game's Source Code on a Demo Disc by Luke Plunkett on kotaku.com (May 2, 2012)
  6. Keighley, Geoff. "The Final Hours of Half-Life 2". Gamespot. Retrieved October 20, 2021.
  7. Parkin, Simon (May 25, 2014). "The boy who stole Half-Life 2". Eurogamer. Archived from the original on November 28, 2019. Retrieved December 1, 2019.
  8. "Playable Version of Half-Life 2 Stolen". CNN Money. October 7, 2003. Retrieved February 14, 2007.
  9. Parkin, Simon (February 21, 2011). "The Boy Who Stole Half-Life 2 - The story behind the $250 million robbery". eurogamer.net. Retrieved September 5, 2013.
  10. fbi-shuts-down-lineage-ii-private-server on mmorpg.com (2007)
  11. CRACKING THE CODE Online IP Theft Is Not a Game on FBI.gov (02/01/2007)
  12. Treiber-Quellcode von 3dfx im Netz aufgetaucht - Von Nvidia offenbar geduldet by Christian Klaß on Golem.de (May 7, 2003, in German)
  13. NuAngel.net Drivers on nuangel.net
  14. Windows Code May Be Stolen Archived July 31, 2013, at the Wayback Machine on PC World by Joris Evers (February 2004)
  15. "We Are Morons: a quick look at the Win2k source || kuro5hin.org". atdt.freeshell.org. Archived from the original on September 9, 2016. Retrieved September 30, 2018.
  16. "Mainsoft Eyed as Windows Source Code Leak". internetnews.co. February 13, 2004. Retrieved July 3, 2009.
  17. "Microsoft Updates Code Leak Statement, Mainsoft Fingered". windowsitpro.com. February 19, 2004. Archived from the original on February 1, 2010. Retrieved July 3, 2009.
  18. "SecurityLab". Retrieved June 15, 2015.
  19. "Symantec suspected source code breach back in 2006". Ars Technica. January 26, 2012. Retrieved June 15, 2015.
  20. Humphries, Matthew (May 25, 2011). "Eve Online source code posted online, DMCA takedown quickly follows". geek.com. Archived from the original on November 18, 2015. Retrieved November 7, 2015. It looks as though someone has posted the source code for the space MMO Eve Online there. As you'd imagine, developer CCP isn't too happy about this and was quick to issue the takedown request.
  21. dmca/2011-05-24-cpp-virtual-world-operations.markdown Archived November 8, 2015, at the Wayback Machine on GitHub
  22. Gunz 1.5 Source Code released. on ragezone.com (November 20, 2011)
  23. Oracle Solaris 11 Kernel Source-Code Leaked on Phoronix by Michael Larabel (on December 19, 2011)
  24. xray on github.com (August 2014)
  25. xray-16 on github.com
  26. Larabel, Michael (January 5, 2016). "Hyperion Confirms Leak Of AmigaOS 3.1 Source Code". Phoronix.
  27. amiga-os-kickstart-and-workbench-source-coded-leaked on December 29, 2015
  28. "Presto engine source code available on GitHub : operabrowser".
  29. "github.com/prestocore". GitHub.
  30. Windows 10 source code leak is an embarrassment for Microsoft - It's less serious than initially thought but still important, given security is high on everyone’s mind. by Swapna Krishna on engadget.com (June 24, 2017)
  31. "How a Low-Level Apple Employee Leaked Some of the iPhone's Most Sensitive Code". February 12, 2018.
  32. Tassi, Paul. "Valve Says 'Team Fortress 2,' 'CS:GO' Code Leak Is No Cause For Concern". Forbes. Retrieved April 24, 2020.
  33. Schwartz, Mathew J. "Hacker Who Hit Microsoft and Nintendo: Suspended Sentence". BankInfoSecurity. Retrieved October 25, 2020.
  34. "Nintendo's iQue Player Hacked Fifteen Years After Launch". NintendoSoup.com. April 29, 2018. Retrieved October 25, 2020.
  35. Hernandez, Patricia (July 26, 2020). "Massive Nintendo leak reveals early Mario, Zelda, and Pokémon secrets". Polygon. Retrieved October 25, 2020.
  36. Smith, Ryan. "Intel Suffers Apparent Data Breach, 20GB of IP and Documents Leaked on to Internet". www.anandtech.com. Retrieved August 7, 2020.
  37. Cimpanu, Catalin. "Windows XP leak confirmed after user compiles the leaked code into a working OS". ZDNet.com. Retrieved October 25, 2020.
  38. "Nissan Source Code Leaked via Misconfigured Git Server". Dark Reading. January 7, 2021. Archived from the original on January 7, 2021. Retrieved January 7, 2021.
  39. Kent, Emma (June 4, 2021). "CD Projekt's stolen source code, console SDKs and internal dev videos reportedly being shared online". Eurogamer. Retrieved June 7, 2021.
  40. Statt, Nick (February 10, 2021). "Cyberpunk and Witcher hackers auction off stolen source code for millions of dollars". The Verge. Retrieved February 15, 2021.
  41. "Секреты Киберплотвы: исходный код показал, что машины в Cyberpunk 2077 — это ездовые животные с дверьми". 3DNews - Daily Digital Digest (in Russian). Retrieved June 7, 2021.
  42. "Разбор исходного кода Cyberpunk 2077. Машины — лошади с дверями, Винни-Пух и комментарии разработчиков". iXBT.games - санитары игровой индустрии (in Russian). Retrieved June 7, 2021.
  43. Sharma, Ax (October 6, 2021). "Twitch source code, creator earnings exposed in 125GB leak". Ars Technica. Retrieved October 7, 2021.
  44. "We can confirm a breach has taken place. Our teams are working with urgency to understand the extent of this. We will update the community as soon as additional information is available. Thank you for bearing with us". Twitter. Retrieved October 7, 2021.
  45. Mathan, Gayatri (October 7, 2021). "Twitch Data Leaked: Here's Everything You Need To Know - Game Specifications". Retrieved February 28, 2022.
  46. Gatlan, Sergiu (February 25, 2022). "GPU giant NVIDIA is investigating a potential cyberattack". BleepingComputer.
  47. Ionut, Ilascu (February 28, 2022). "Hackers to NVIDIA: Remove mining cap or we leak hardware data". BleepingComputer.
  48. Doolan, Liam (March 1, 2022). "'Switch Pro' Trends On Social Media After Massive Nvidia Leak Reignites Speculation". Nintendo Life.
  49. titanadmin (March 4, 2022). "Lapsus Ransomware Gang Ups the Ante with Impresa and NVIDIA Attacks". SpamTitan. Retrieved March 10, 2022.
  50. "Grand Theft Auto 6 leak reveals over 90 gameplay videos". Polygon. September 18, 2022.
  51. "GTA 6: Gameplay Videos Reportedly Leak". September 18, 2022.
  52. "Yandex source code leaked on a hacking forum". Cybernews. January 26, 2023.
  53. "Yandex denies hack, blames source code leak on former employee". Bleeping Computer. January 26, 2023.
  54. Hiawatha Bray (January 21, 2004). "Diehard pilots keep Falcon flying". Boston.com. Archived from the original on April 8, 2004. Retrieved June 28, 2016.
  55. Bertolone, Giorgio (March 12, 2011). "Interview with Kevin Klemmick - Lead Software Engineer for Falcon 4.0". Cleared-To-Engage. Archived from the original on March 18, 2011. Retrieved August 31, 2014. [C2E] In 2000 the source code of Falcon 4.0 leaked out and after that groups of volunteers were able to make fixes and enhancements that assured the longevity of this sim. Do you see the source code leak as a good or bad event? [Klemmick] "Absolutely a good event. In fact I wish I'd known who did it so I could thank them. I honestly think this should be standard procedure for companies that decide not to continue to support a code base."
  56. Timothy (August 7, 2012). "Dark Reign 2 Goes Open Source". slashdot.org. Retrieved August 13, 2013. One of Activision's last RTS games, Dark Reign 2, has gone open source under the LGPL.
  57. "darkreign2". Google Code. September 1, 2011. Retrieved August 19, 2013.
  58. "Climate sceptics claim leaked emails are evidence of collusion among scientists". the Guardian. November 20, 2009. Retrieved October 28, 2020.
  59. O'Neal, Sean (January 31, 2014). "An uncensored version of South Park's controversial Muhammad episode has surfaced". The A.V. Club. Retrieved April 3, 2014.
  60. Gonzales, Dave. "Banned Aqua Teen Hunger Force Boston episode leaks online". Geek.com. Archived from the original on April 19, 2015. Retrieved April 19, 2015.
  61. "Ratings for CBS's NCAA tournament selection show were almost as bad as show itself". Washington Post. March 14, 2016.
  62. "NCAA says it's investigating the bracket leak that saved us from the two-hour Selection Sunday show". Los Angeles Times. March 14, 2016.
  63. "Apple targeted in $50 million ransomware attack resulting in unprecedented schematic leaks". The Verge. April 21, 2021.
  64. "Scooby-Doo! And Krypto, Too! Animated Film Not Canceled, Trailer Announced". Yahoo Entertainment. July 27, 2023. Retrieved October 9, 2023.
  65. Lund, Anthony (March 6, 2023). "Full Scooby-Doo and DC Crossover Movie Leaks Online After Cancelation". MovieWeb. Retrieved October 9, 2023.
  66. "https://twitter.com/WBHomeEnt/status/1684262384469147681". X (formerly Twitter). Retrieved October 9, 2023. {{cite web}}: External link in |title= (help)
  67. "Scooby-Doo! and Krypto, Too!", Wikipedia, October 9, 2023, retrieved October 9, 2023
  68. Scooby-Doo! and Krypto, Too! - Official Trailer - IGN, July 28, 2023, retrieved October 9, 2023
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.