[ISN] Group Offers to Sell Supposed Dragon IDS Code

From: InfoSec News (isn@private)
Date: Tue Jul 13 2004 - 22:48:56 PDT


By Dennis Fisher 
July 13, 2004 

A group calling itself the Source Code Club is offering to sell files
that it claims contain the source code for Enterasys Networks Inc.'s
Dragon IDS (intrusion detection system) software. The asking price:  

The group's rudimentary Web site, which is registered under a
Ukrainian domain name, lists hundreds of files that appear as though
they could indeed be source-code files. There is no way to tell
whether the group actually has the code, although it claims to have
obtained it by breaking into the Enterasys network.

Officials at Enterasys, based in Andover, Mass., were unaware of the
group's site when asked to comment and said they would review the

The group also claims to have the source code for the Napster client
and server software, which it is offering for sale at $10,000.

Someone using the name Larry Hobbles posted a message to the Full
Disclosure security mailing list Monday night saying that both the
Dragon and Napster code were available for sale.

"The Source Code Club is now open for business. SCC is a business
focused on delivering corporate intel to our customers. Our main focus
is selling source code and design documents, but there are many other
facets to our business," the message reads. "To get the ball rolling,
we are now offering the souce [sic] code/design docs for both
Enterasys Intrusion Detection System (NIDS/HIDS) and Napster server
and clients."

The files listed on SCC's site appear to be from version 6.1 of
Dragon; the current release is 6.3.

In an e-mail interview, the SCC member who posted the message to Full
Disclosure said the group is made up of professional hackers who are
simply in it for the money.

"The Enterasys and Napster code were both acquired via a remote
penetration of said corporate networks. SCC is not worried about the
legal consequences of such actions for a number of reasons: 1) The
countries where we originate from do not have hacking laws. 2) Our
team has over 10 years in the information security industry. We know
what we are doing," he said.

"Our motivation for selling the property is money and to put our
skills to use. We do not only offer source code; there are many
hacking services that we provide. We do not wish to continue offering
source code publicly, but it is something that must be done initially
to ensure the public that we are real."

Both the message and the group's Web site provide an e-mail address
registered to a South African domain. The group's site says customers
have the option of buying the code all at once or in smaller chunks,
which supposedly allows the buyer to verify the authenticity of the
code before committing to buying the entire archive.

Dragon is Enterasys' flagship security product and is one of the more
popular and well-regarded IDS systems on the market. It is both a
network and host IDS.

Help InfoSec News with a donation: http://www.c4i.org/donation.html

This archive was generated by hypermail 2.1.3 : Tue Jul 13 2004 - 23:22:00 PDT