Samiksha Jaiswal (Editor)

Internet leak

Updated on
Edit
Like
Comment
Share on FacebookTweet on TwitterShare on LinkedInShare on Reddit

An Internet leak occurs when a party's confidential information is released to the public on the Internet. Various types of information and data can be, and have been, "leaked" to the Internet, the most common being personal information, computer software and source code, and artistic works such as books or albums. For example, a musical album is leaked if it has been made available to the public on the Internet before its official release date; and is still intended to be confidential.

Contents

Source code leaks

Source code leaks are usually caused by misconfiguration of software like CVS or FTP which allow people to get source files by exploiting, by software bugs, or by employees that have access to the sources of part of them revealing the code in order to harm the company.

There were many cases of source code leaks in the history of software development.

For instance, as Fraunhofer IIS released in 1994 only a low quality version of their MP3 encoding software (l3enc), a hacker named SoloH gathered the source code from the unprotected servers of the University of Erlangen and developed a higher quality version, which started the MP3 revolution on the internet.

For example, in 2003 a hacker exploited a security hole in Microsoft's Outlook to get the complete source of the video game Half-Life 2, which was under development at the time. The complete source was soon available in various file sharing networks. This leak was rumored to be the cause of the game's delay, but later was stated not to be.

Also in 2003, source code to Diebold Election Systems Inc. voting machines was leaked. Researchers at Johns Hopkins University and Rice University published a damning critique of Diebold's products, based on an analysis of the software. They found, for example, that it would be easy to program a counterfeit voting card to work with the machines and then use it to cast multiple votes inside the voting booth.

Another case in 2004 involved a partial leak of the source code to Microsoft Windows 2000. Two files containing Microsoft source code were circulating on the Internet. One contains a majority of the NT4 source code and the other contains a fraction of the Windows 2000 source code, reportedly about 15% of the total. This includes some networking code including Winsock and inet; as well as some shell code. It was feared that because of the leak, the number of security exploits would increase due to wider scrutiny of the source code.

In 2003, one year after 3dfx was bought by Nvidia and support ended, the source code for their drivers leaked, resulting in fan-made, updated drivers.

In 2004, partial (800 MB) proprietary source code that drives Cisco Systems' networking hardware was made available in the internet. The site posted two files of source code written in the C programming language, which apparently enables some next-generation IPv6 functionality. News of the latest source code leak appeared on a Russian security site.

In 2006, Anonymous hackers stole source code (about 1 GiB) for Symantec's pcAnywhere from the company's network. While confirmed in January 2012, it is still unclear how the hackers accessed the network.

In late 2007, the source code of Norton Ghost 12 and a Norton Anti-Spyware version were available via BitTorrent.

In December 2007 and January 8, a Pirate Bay user published the sources of five Idera SQL products via BitTorrent.

In January 2011 the "stolen source code" of Kaspersky Anti-Virus 2008 was published on the Pirate Bay.

On May 20, 2011, EVE Online's source code was published by someone on a GitHub repository. After being online for four days CCP issued a DMCA take-down request which was followed by GitHub.

In December 2011, the source code of the Solaris 11 operating system was available via BitTorrent.

In August 2014 S.T.A.L.K.E.R.: Clear Sky's X-Ray Engine source code (and its successor) became available on GitHub under a non-open-source license.

On December 29, 2015 the AmigaOS 3.1 source code leaked to the web, confirmed by the rights holder Hyperion Entertainment.

End-of-life leaks by developers

Sometimes software developers themselves will leak their source code in an effort to prevent a software product from becoming abandonware after it has reached its end-of-life, allowing the community to continue development and support. Reasons for leaking instead of a proper release to public domain or as open source can include scattered or lost intellectual property rights. An example is the video game Falcon 4.0 which became available in 2000; another one is Dark Reign 2, which was released by an anonymous former Pandemic Studios developer in 2011. Another notable example is an archive of Infocom's video games source code which appeared from an anonymous Infocom source and was archived by the Internet Archive in 2008.

Other leaks

  • In fall 1998, a number of confidential Microsoft documents later dubbed the Halloween documents were leaked to Eric S. Raymond, an activist in the open-source software movement, who published and commented on them on the net. The documents revealed that internally Microsoft viewed free and open-source software such as Linux as technologically competitive and a major threat for Microsoft's dominance in the market, and they discussed strategies to combat them. The discovery caused a public controversy. The documents were also used as evidence in several court cases.
  • On January 28, 2008, Nintendo's crossover fighting video game Super Smash Bros. Brawl for the Wii console had a major leak having to do with unconfirmed playable characters. The leak was unintentionally started by the Japanese language www.wii.com website, which released a video that included small images of not-yet confirmed characters within the game. The website fixed this mistake, but the leak still continued. Websites like YouTube contain screenshots and video gameplay of the unconfirmed characters of the game. In August 2014, Super Smash Bros. for Nintendo 3DS and Wii U suffered a similar leak, where unannounced fighters and stages were shown through images taken by a supposed ESRB member.
  • Recently, several high-profile books have been leaked on the Internet before their official release date, including If I Did It, Harry Potter and the Deathly Hallows, and an early draft of the first twelve chapters of Midnight Sun. The leak of the latter prompted the author Stephenie Meyer to suspend work on the novel.
  • On January 31, 2014 the original uncensored version of the South Park episode "201" was leaked, when it was illegally pulled from the South Park Studios servers and was posted online in its entirety without any approval by Comedy Central. The episode was heavily censored by the network when it aired in 2010 against the will of series creators Trey Parker and Matt Stone, and was never formally released uncensored to the public. The episode was the second in a two parter and was censored after the airing of the first part as a result of death threats from Islamic extremists who were angry of the episode's storyline satirizing censorship of depictions of Muhammad.
  • In 2015 the unaired Aqua Teen Hunger Force episode "Boston" was leaked online. The episode was set to air during the fifth season, but Adult Swim was forced to pull it to avoid further controversy surrounding the 2007 Boston bomb scare.
  • On March 13, 2016, the full list of qualifying teams and first round match-ups for the 2016 NCAA Men's Division I Basketball Tournament leaked on Twitter in the midst of a television special being broadcast by CBS to officially unveil them. The leak exacerbated criticism of a new, two-hour format for the selection broadcast, which was criticized for revealing the full tournament bracket at a slower pace than in previous years.

    • High-profile Internet leaks

  • 3 October 2003: Half-Life 2 source code
  • 13 February 2004: Microsoft Windows 2000/NT source code
  • November 2009: Climatic Research Unit email leak, aka Climategate

    • References

    Internet leak Wikipedia
    (Text) CC BY-SA