Hackers put 'stolen' source code online
Published: 15 Jul 2004 07:40 BST
A group of self-identified hackers has set up shop online to sell what it claims are files containing confidential software code -- and it says it's ready to take orders for more.
The group, which calls itself the Source Code Club, is offering what seems to be the stolen source code for an older version of Enterasys Networks' Dragon intrusion detection system and Napster's client and server software. The price: $16,000 and $10,000, respectively.
As proof that it has the code, the group has put a listing of the files online. By using email drops and encryption, the group believes that it can keep both the buyer's and its own identity secret.
"A company can feel safe doing business with us, because everything related to our clients is encrypted...[and] after a transaction with a client is completed, all encrypted records are destroyed," said a person identifying himself as Larry Hobbles, who responded to a message sent to the contact email address on the Web site.
The Napster software appears to be related to the original file-sharing service, not the current legal music service, according to a statement from Roxio, which bought Napster's intellectual property.
Enterasys said it has contacted the FBI and is investigating the authenticity of the group's claims. While it did not confirm that the Source Code Club has the source code, the security company said it had analysed the listing posted on the group Web site and concluded that, if the files have indeed been stolen, the theft did not entail an intrusion of its network.
"The continuing investigation indicates that any possible misappropriation of the code would have been linked to a physical theft of media and not a breach of the network," Enterasys said in a statement given to CNET News.com.
Moreover, the company pointed out that the listing on the Web site indicated that the Dragon source code was two generations old.
Enterasys and Roxio would not be the first companies to have the blueprints to their crown jewels leaked or stolen.
In May, Cisco Systems discovered that the source code that powers many of its networking products had been stolen and posted online.
Earlier in the year, a significant portion of the code making up Microsoft's Windows 2000 and Windows NT4 operating systems began circulating around the Internet. And last week, authorities charged a Microsoft programmer with stealing code from AltaVista after he left the search company but before he began working for the software giant.
The Source Code Club said in statements on its Web site that Enterasys' code is not the only programming up for sale: the group also takes orders.
"If you are requesting something from a Fortune 100 company, there is a good chance that we might already have it," the group said. "If we do not have what you are looking for already, we will consider getting the said data for you, for a price. This could take our team up to two months to complete."
The Source Code Club appears to be setting up for long-term business. Whenever law enforcement agencies shut down its Web site, the group will move to a new one, it said, and advertise on software security mailing lists. That could make it hard for authorities to shut the group's trading down, despite its high-profile flaunting of stolen code.
"Although there is a possibility that our site may go down, it will only be short term," the group stated. "SCC is here for the long haul and will re-emerge as necessary."
Did you find this article useful?
40 out of 90 people found this useful
- Share this article:
Full Talkback thread
2 comments
