A group of self-identified hackers has set up shop online to sell what it claims are files containing confidential software code--and it says it's ready to take orders for more.

The group, which calls itself the Source Code Club, is offering what seems to be the stolen source code for an older version of Enterasys Networks' Dragon intrusion detection system and Napster's client and server software. The price: $16,000 and $10,000, respectively.

As proof that it has the code, the group has put a listing of the files online. By using e-mail drops and encryption, the group believes that it can keep both the buyer's and its own identity secret.

The Source Code Club said in statements on its Web site that Enterasys' code is not the only programming up for sale: The group also takes orders.

"If you are requesting something from a Fortune 100 company, there is a good chance that we might already have it," the group said. "If we do not have what you are looking for already, we will consider getting the said data for you, for a price. This could take our team up to two months to complete."

The Source Code Club appears to be setting up for long-term business. Whenever law enforcement agencies shut down its Web site, the group will move to a new one, it said, and advertise on software security mailing lists. That could make it hard for authorities to shut the group's trading down, despite its high-profile flaunting of stolen code.

"Although there is a possibility that our site may go down, it will only be short term," the group stated. "SCC is here for the long haul and will re-emerge as necessary."

View: Full Story
News source: C|NET News.com

If they have trouble shutting down the website then why not go for the people who run it?

Isn't it illegal for them to be selling the intillectual property of somebody else for profit, as well as copyright infringement, and most likely theft considering they claim to take orders?

I think the point is that they can't figure out who is actually in this club yet. They (read: FBI) will find someone though. Someone will take the hit for this and do hard time with no bail if one of the companiees they stole code from sicks their lawers on them hard enough (Fortune 100 is not to be messed with!).

The thing is that if this group gets established, they will at the very least spawn copycat groups, so if this one goes down, another will pop up to take it's place. Or we may see a situation like in the pirated movie scene, with groups like Centropy being the top name, and then other groups that "release" the same or similar things and there gets to be a "scene" that can't really be shut down by the feds.

Stolen Source Code Site 'Suspended' July 15, 2004




More Stories on:
Security
Software
Windows



Selling corporate secrets is 'tricky,' the site says, so it's 'redesigning' its business model.
By George V. Hulme



The Source Code Club, a group of hackers who offered to sell stolen source code, closed down its Web site Wednesday evening. The group popped up on the Web earlier this week and claimed to have a variety of code for sale, including the source code to Napster as well as an intrusion-detection system from Enterasys Networks Inc.
Someone with the name Larry Hobbles on Monday posted an E-mail advertisement to a security mailing list stating that the Source Code Club "is now open for business." The E-mail described the Source Code Club as a business focused on "delivering corporate intel to our customers."

It said the group's primary focus was selling source code and design documents, and claimed that "there are many other facets to our business."

By late Wednesday, the group decided it needed to make some changes.

"Thank you for your interest in SCC. We regret to inform that SCC has temporarily suspended operations. Our business model is currently being re-designed to alleviate some of the initial fears our customers faced," the Web site states.

It promises to return. Selling corporate secrets is "very tricky," the Web site reads, but "we believe it is an area that we can conquer. Look for us in the near future as we re-emerge to bring you all kinds of secrets."

A spokeswoman for Napster said in an E-mail interview that the company believes the group has the source code to the original peer-to-peer Napster software. "We don't use the same source code, so we are not concerned," she wrote.

A spokesman for security software maker Enterasys said in an E-mail statement that the company is investigating the alleged theft and has "not definitively concluded that they have any actual source code."

If code were stolen, the spokesman said, it may have been a portion of an older version, 6.1, of its Dragon IDS software, and customers can download the latest version, 6.3, from its Web site.

"Our continuing investigation indicates that any possible misappropriation of the code would have been linked to a physical theft of media and not a breach of our network," he wrote.

Enterasys is also working with law enforcement and therefore "can provide no further details at this time," he wrote.

The raw source code for commercial software companies is highly guarded intellectual property. Not only can competitors study source code to attempt to gain a competitive advantage, but security researchers and hackers can pore through the code to attempt to uncover security holes that can be used to hack into corporate networks or launch Internet worms such as Sasser and Code Red.

This isn't the first time this year hackers claimed to, or actually, have gained access to proprietary software. Portions of Microsoft's Windows operating system source code leaked onto the Internet in February. And in May, portions of Cisco Systems' Internetworking Operating System software, which runs much of its networking gear, were stolen, with chucks of code published on the Internet.

No arrests have been made to date in the Cisco or Microsoft cases.