Cisco Source Code Up For Sale: Only $24,000

spackbace writes "The notorious, mysterious Source Code Club (SCC) has re-emerged, this time selling source code for a Cisco application in another blatant violation of copyright regulations. Believed to be an anonymous collection of hackers, the SCC this week announced in a posting on a group Web site that it is offering the complete Cisco Pix 6.3.1 source code for US$24,000. Cisco Pix is a firewall application providing security, intrusion protection, network monitoring and other services for business and carrier networks."

Again? This is the first time I'd heard of them

[hackwrench]

Relevant Google Search:
http://www.google.com/search?hl=en&q=%22Source+Cod e+Club

A bit more

[erick99]

I found this in another article about the same story:

Also on offer, apparently, is the Enterasys Dragon IDS 6.1 intrusion detection system (IDS) software for $16,000 and an old Napster file sharing code, a snip at $10,000.

The original name behind the group was one Larry Hobbles who now seems to have disappeared. The Source Code Club is now said to be hawking a list of other stolen code to anyone who buys one full copy of the source code for sale.

FBI Sting

[Honest+Man]

Who'd bet this is more likely an FBI sting to get people who would use/modify/resell this code.... It wouldn't be the 1st time they did it.

Shouldn't matter

So what if the source code is available? If the device is any good, availability of source code shouldn't make any difference to the security.

White Elephant

[Toby+The+Economist]

I'm not sure the source code to a huge programme is useful.

About the only thing you can do with it, without *understanding it*, is compile it and use the binary (and stealing the binary in the first place is much easier than the source.)

The effort required to understand a large programme is vast. It's far easier just to buy a license.

--
Toby

Re:I would buy it

[spuzzzzzzz]

BAHAHAHAHA!

Someone mod this funny! At the risk of ruining the joke by explaining it, it's a reference to the fact that drug dealers in California are required to pay tax.

Details

[Rabin+Vincent]

The group posted to FullDisclosure that they will post further announcements in alt.gap.international.sales.

Sure enough, here's the CISCO Pix file listing and the "newsletter".

Here's their newsletter

[enosys]

Here's the newsletter that they just posted to alt.gap.international.sales.

Original Story is WRONG

[SJasperson]

The offer to sell the source code wasn't "posted on the group's Web site", no matter what Enterprise Security Today claims. It was done via a newsgroup posting. Go read it if you want to actually learn what the Source Code Club says about communicating and paying them anonymously, instead of reading rubbish written by lazy journalists whose legal departments won't let them link to interesting things.

Re:Anonymous collection of hackers?

[DanteBlack]

Yes it certainly will have to go somewhere. When dealing in multiple $24K transactions that place is a un-named, numbered account. Somewhere. I would put it in the Caymans or some such. In fact I would probably pass it around through a few such accounts in places with non-exctradition to 'clean' it up a bit. If you have enough of it, money laundering is shockingly simple in principle.

Re:Now that's irony!

[xski]

Funny, it used to be called social engineering.

Non-News Item

[funk49]

Really, I really don't understand why this is a big deal. Anyone worth their salt in trying to take the code and develop the 'sploits doesn't need the source to get 'em. Many groups out there have already reverse-engineered the OS without the source and have plenty of 0-day exploits for the PIX, as well as Checkpoint and many other vendors. These groups are commerical R&D groups as well as hackers.

Between all the 0-days for Checkpoint and PIX, I honestly don't understand why anyone in their right mind would want to use these firewalls. This source offer is for eager script kiddies and nothing more.

Re:Will buy Linux

[wizzardme2000]

Who you ask? It be these people: http://www.webhostworks.net/helpdesk.html

Here is the original usenet post from SCC

[CowboyWolf]

Quote from Google Groups
--

• SOURCE CODE CLUB NEWSLETTER #2 - November 1, 2004
  
  TABLE OF CONTENTS
  
  1) Contact Information
  2) News
  3) Buy
  4) FAQ
  5) About
  
  Contact Information
  
  Two ways to contact us:
  
  1) Post a PGP message encrypted with our public key via usenet to: alt.gap.international.sales This method of contact is preferred.
  
  2) Send email to: dmitrysky@rediffmail.com
  
  THE EMAIL COULD CHANGE OR GO DOWN. If you absolutely must get a message to SCC, we recommend using usenet. The SCC PGP public key is located on full disclosure mailing list archives, usenet, and the end of this newsletter. It is wise to make sure they all match, for your safety. This public key will NEVER change. Only PGP encrypted email will be responded to.
  
  News
  
  SCC is proud to announce the general availability of Cisco Pix 6.3.1 source code. This release is significant because pix is vital to the security of many ultra-secure networks.
  
  With the ubiquity of pix devices these days, we see a huge market for such code. Many intelligence agencies/government organizations will want to know if those 1's and 0's in the pix image really are doing what was advertised. You must ask yourself how well you trust the pix images you download to your appliance from cisco.com.
  
  After reading the code, you may build the source code with one of the many Makefiles provided in the distribution to create your own in-house pix images. Sleep well at night knowing exactly what is sitting in your pix device's memory. Scroll down to the Buy section below for more information.
  
  The price of Enterasys IDS and Napster has been raised. SCC is a dynamic entity, always evolving and trying out new ways of doing things. We have made a few changes in the way we operate, all for the
  better.
  
  We are now offering some buyer incentives. After you purchase one full source from SCC, you become a private member. Private members get access to lists of sources that are not available to the general public. This list may contain sources that have been deemed to sensitive to put up
  for public buying, or it may contain sources that we plan on releasing in the future to public buyers. Private members not only get many months advance buying power to the sources, but will also pay less for sources than non-members.
  
  The source you purchase to become a private member can be any source, no matter how cheap or expensive. This means you will purchase every 'part' of the source before becoming a private member.
  
  We keep track of who is a private member by your PGP public key. This way a customer may always approach us from any anonymous place, and we can always verify he/she is a member by the public key. Do do not destroy those PGP keys!
  
  Buy
  
  SCC is currently offering:
  
  o Cisco Pix 6.3.1-release source code (NEW!)
  o Enterasys network and host IDS source code and design documentation
  o Napster source code repository
  
  Buying Options:
  1) All at once
  2) Piece by piece
  
  Buying Instructions:
  Email us with our PGP key to tell us how many pieces of which package you wish to purchase (read FAQ if you are confused). PUT YOUR PUBLIC PGP KEY INSIDE THE MESSAGE SO WE CAN RESPOND TO YOU. We will not take orders from anyone not using PGP.
  
  Cisco Pix Information:
  
  Cisco Pix is one of the leading firewall security applications on the market. This firewall provides security, ipsec, vpn, intrusion protection, network monitoring, and much more services that can be used
  on small personal & business networks and massive gigabit carrier networks. For more information on this product and many other great products, please visit www.cisco.com.
  
  The source package includes all sources and 'make' files to compi