Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Information-Security-News
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ISN] Hackers reopen stolen code store with Cisco wares

from [InfoSec News] Network Security [Permanent Link]
Subject: [ISN] Hackers reopen stolen code store with Cisco wares
Date: Thu, 4 Nov 2004 02:12:24 -0600 (CST) 
http://www.computerworld.com/securitytopics/security/story/0,10801,97194,00.html

By Paul Roberts
NOVEMBER 03, 2004 
IDG NEWS SERVICE

An anonymous group of malicious hackers reopened an online store that
sells the stolen source code of prominent software products and is
offering the code for Cisco Systems Inc.'s PIX firewall software for
$24,000, according to messages posted in online discussion groups.

The Source Code Club reappeared online Monday, using messages to
online security discussion groups to announce that it was back in
business. The group is using e-mail and messages posted in a Usenet
group to communicate with customers and take orders for the source
code of several security products, including Cisco's PIX 6.3.1
firewall and intrusion-detection system software from Enterasys
Networks Inc., the group said.

Cisco did not immediately respond to a request for comment.

The club first surfaced in July, using a Web page with an address in
Ukraine and messages posted to the Full-Disclosure security discussion
list to advertise its wares. Initially, the Source Code Club said it
was selling "corporate intel[ligence]" to its customers, along with
other unnamed services, according to a message posted in July to the
Full-Disclosure mailing list by a group or individual using the name
"Larry Hobbles."

The club offered the Enterasys Dragon IDS 6.1 source code for $16,000
and the code for file sharing software from Napster LLC, now part of
Roxio Inc., for $10,000. However, the group was forced to shutter its
operations after just a few days, citing the need to redesign its
business model.

In its latest incarnation, the Source Code Club is still marketing
itself as a corporate espionage service, but is also playing on
domestic security fears, appealing to "intelligence agencies [and]
government organizations" that want to understand exactly what
products like Cisco's PIX firewall do.

The group has raised the price on the Enterasys and Napster code, to
$19,200 and $12,000, respectively, according to a new message from the
group, which was also posted under the name "Larry Hobbles."

The Source Code Club is also offering private membership for those who
buy one full copy of product source code, with the promise of access
to a list of more source code "deemed to [sic] sensitive to put up,"  
the message said.

Cisco PIX is one of the most commonly deployed corporate firewalls.  
Version 6.3.1 was first released in March 2003. The current version is
6.3.4, which was released in July.



_________________________________________
Open Source Vulnerability Database (OSVDB) Everything is Vulnerable - 
http://www.osvdb.org/
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [ISN] Hackers reopen stolen code store with Cisco wares, InfoSec News <=
Previous by Date:  [ISN] Russian Denies Authoring "SoBig" Worm, InfoSec News
Next by Date:  [ISN] E.V. men accused in computer hacking ring, InfoSec News
Previous by Thread:  [ISN] Russian Denies Authoring "SoBig" Worm, InfoSec News
Next by Thread:  [ISN] E.V. men accused in computer hacking ring, InfoSec News
Indexes:  [Date] [Thread] [Top] [All Lists]