By Jennifer LeClaire E-Commerce Times Part of the ECT News Network
11/03/04 3:38 PM PT
Source Code Club's last attempt to cash in on other people's intellectual property targeted Enterasys Network's Dragon intrusion detection system, which SCC offered for $16,000, and Napster's client and server software, which it offered for $10,000.
The Source Code Club is back in business, if you can call it that. The
anonymous hacker group began peddling proprietary source code last July, disappeared, and now has reemerged with a bargain basement deal of US$24,000 for the source code for Cisco's (Nasdaq: CSCO) Pix security firewall.
"SCC is proud to announce the general availability of Cisco Pix 6.3.1 source code. This release is significant because Pix is vital to the security of many ultra-secure networks," read a Google (Nasdaq: GOOG) group posting marked as a Source Code Club newsletter.
Source Code Club organizers gave no word as to where or how they got the code. Cisco Pix 6.3.1 source code, however, is an older version of the product. Version 6.3.4 was released in July.
Poor Marketing Strategy
Ken Dunham, the director of malicious code research at iDefense, a Reston, Virginia-based threat-intelligence firm, told the E-Commerce Times that the Source Code Club is probably a hoax.
"Either these guys are just making noise to get attention and have fun behind the scenes or they are legitimately attempting to make money off of illicit goods," Dunham said. "It could be a little of both."
In any case, Dunham said even if the Source Code Club does have Cisco code, the hacker group has a poor marketing strategy. Underground sales channels would be a safer route, he said.
Source Code Club's last attempt at cashing in on other people's intellectual property targeted Enterasys Network's Dragon intrusion detection system, which it offered for $16,000, and Napster's client and server software for $10,000.
While the Source Code Club may be a hoax, Dunham said it is possible that Cisco's source code was leaked or otherwise hacked.
Criminal Hacking
"For the last six to 18 months, we've had a dramatic increase in the
criminalization of underground operations," he said. "We've moved away from script kitties for fun types of attacks and into organized criminals and sophisticated criminal attacks on the Internet at large."
The Source Code Club claims to keep buyer and seller identity's secret by conducting business via encrypted e-mail. The hackers are even launching customer loyalty initiatives.
The newsletter offers a "buyer incentive" to people who purchase one full set of source code. The first purchase enrolls customers as private members, which gives them access to additional sources of code.
Transatlantic Sting Busts Online Identity Thieves November 03, 2004
Ed Moyle, principal of information security firm Security Curve, said the arrests should help calm the fears of some customers who are deciding whether or not to shop online. "In the electronic space, we haven't had a lot of big wins against fraud," Moyle said. "But this is a pretty big win..."
Related Stories
UK Suspect Arrested in Cisco Source Code Theft September 20, 2004
The suspected code thief, arrested in the UK, has not been identified by name but was released on bail to face charges in November. The suspect is reportedly being accused of violating Great Britain's Computer Misuse Act of 1990 for accessing the U.S. systems of Cisco.
Cisco Probes Potential Source Code Leak May 17, 2004
Unlike a Windows code leak that occurred earlier this year and was soon made available on dozens of Web sites, the Cisco code appeared to have been removed from the Russian site by Monday morning.
Microsoft, Proprietary Code and the Shared Source Initiative April 27, 2004
Microsoft says a million individuals now have access to Windows source code through the various parts of the Shared Source Initiative. "Trust and partnership don't happen simply because of source code availability," Jason Matusow, manager of the Shared Source Initiative program, told TechNewsWorld.
SGI Removes Code, Rebuffs SCO October 06, 2003
SCO spokesperson Blake Stowell told TechNewsWorld that his company is "kind of mixed" on SGI's action and letter. "While it's good of [SGI] to make an effort to try and remove code which may have been misappropriated into Linux, they also minimize the code having gone into Linux," he said.
Related News Alerts
More by Jennifer LeClaire
The Digital Car: Cool Automotive Accessories, Part 2 January 16, 2007
Not all the latest high-tech automotive electronics are built to entertain. Many give the driver more information and more control. Vehicle tracking devices can tell where the car is at any time, software installed in a smartphone can turn off a vehicle's security system whenever the owner approaches, and diagnostic tools can tell what's wrong with the engine -- and how much it'll be to fix it.
'World of Warcraft' Wows 8 Million Subscribers January 12, 2007
"World of Warcraft," the massively multiplayer online role-playing game, has reached the 8 million subscriber mark. Since debuting in North America in Nov. 2004, "World of Warcraft" has become the most popular MMORPG in the world. The franchise is available in seven different languages and is played on at least four continents.
AT&T Bids Goodbye to Cingular Brand January 12, 2007
Starting Monday, AT&T will launch a multimedia campaign to transition the Cingular Wireless brand name into its advertising and customer communications. The campaign will integrate popular imagery, phrases and icons from Cingular's traditional advertising, including the "raising the bar" tagline, the "Jack" character and the color orange.
Headline Feeds
of US$24,000 for the source code for Cisco's (Nasdaq: CSCO) Pix security firewall.
Talkback: 
