http://www.eweek.com/article2/0,1759,1623245,00.asp By Dennis Fisher July 13, 2004 A group calling itself the Source Code Club is offering to sell files that it claims contain the source code for Enterasys Networks Inc.'s Dragon IDS (intrusion detection system) software. The asking price: $16,000. The group's rudimentary Web site, which is registered under a Ukrainian domain name, lists hundreds of files that appear as though they could indeed be source-code files. There is no way to tell whether the group actually has the code, although it claims to have obtained it by breaking into the Enterasys network. Officials at Enterasys, based in Andover, Mass., were unaware of the group's site when asked to comment and said they would review the site. The group also claims to have the source code for the Napster client and server software, which it is offering for sale at $10,000. Someone using the name Larry Hobbles posted a message to the Full Disclosure security mailing list Monday night saying that both the Dragon and Napster code were available for sale. "The Source Code Club is now open for business. SCC is a business focused on delivering corporate intel to our customers. Our main focus is selling source code and design documents, but there are many other facets to our business," the message reads. "To get the ball rolling, we are now offering the souce [sic] code/design docs for both Enterasys Intrusion Detection System (NIDS/HIDS) and Napster server and clients." The files listed on SCC's site appear to be from version 6.1 of Dragon; the current release is 6.3. In an e-mail interview, the SCC member who posted the message to Full Disclosure said the group is made up of professional hackers who are simply in it for the money. "The Enterasys and Napster code were both acquired via a remote penetration of said corporate networks. SCC is not worried about the legal consequences of such actions for a number of reasons: 1) The countries where we originate from do not have hacking laws. 2) Our team has over 10 years in the information security industry. We know what we are doing," he said. "Our motivation for selling the property is money and to put our skills to use. We do not only offer source code; there are many hacking services that we provide. We do not wish to continue offering source code publicly, but it is something that must be done initially to ensure the public that we are real." Both the message and the group's Web site provide an e-mail address registered to a South African domain. The group's site says customers have the option of buying the code all at once or in smaller chunks, which supposedly allows the buyer to verify the authenticity of the code before committing to buying the entire archive. Dragon is Enterasys' flagship security product and is one of the more popular and well-regarded IDS systems on the market. It is both a network and host IDS. _________________________________________ Help InfoSec News with a donation: http://www.c4i.org/donation.html
This archive was generated by hypermail 2.1.3 : Tue Jul 13 2004 - 23:22:00 PDT