U.S. Investigating Sale of Snort as Security Risk

msmoriarty writes "The Associated Press is reporting today that the same U.S. committee that approved the Dubai ports deal is 'strongly objecting' to Israeli-based Check Point's acquisition of Snort's parent company, Sourcefire, because it doesn't want a foreign company to own Snort's underlying technology. According to the article, the broader 45-day review process rejected for the ports deal is already underway regarding this transaction, and 'secret' meetings between the FBI, DoD and Check Point have been held."

Oh man

After I saw this article headline and for a few seconds before I read the actual article summary, I was just sitting there dumbfounded, going "wait, so that War On Drugs thing is still going on?"

gotta love it

[dorko16]

You've got to love how the post can have no mention of exactly what Snort is or the objectional underlying technology actually is or does.

Re:gotta love it

[A+beautiful+mind]

Erm, this is news for nerds. You ought to know what Snort is.

Re:gotta love it

[Crilen007]

The Snort® open source intrusion prevention and detection technology was created in 1998 by Martin Roesch, the founder of Sourcefire. With its unprecedented speed, power and performance, Snort quickly gained momentum to become the single most widely deployed intrusion prevention and detection technology in the world. In fact, Gartner recognized the mainstream acceptance of Snort in their "Gartner Hype Cycle for Open-Source Technologies" citing Snort as "Widely available. Used by mainstream companies and supported by many vendors." The wide availability of open source brings many advantages. Since the code is open and non-proprietary, open source development occurs at a markedly accelerated pace compared to proprietary models, thanks to a vast community of security experts continually analyzing and improving code. Simply, users in the open source security community worldwide can detect and respond to bugs and other security threats faster and more efficiently than in a "closed" environment. Now, with more than 2 million downloads, the Snort open source community has a well-earned reputation for extraordinary organization and dedication. Literally hundreds of thousands of security engineers and specialists the world over contribute Snort rules to new and evolving threats every hour of the day, often in record time. Today: The Best of Both Worlds Today, Sourcefire combines the very best of open source with the best of the commercial world. Leveraging the power and reach of the open source Snort rules-based detection engine, Sourcefire adds a critical layer of asset and behavioral profiling. Sourcefire's RNA (Real-time Network Awareness) maintains a persistent profile of a network and its assets. Using passive discovery methods, RNA adds a new level of visibility and intelligence. Sourcefire products are easy to use, out of the box, tuned and fully loaded, plug-n-protect appliances, with pre-optimized hardware and OS. Building on the proven, time-tested Snort intrusion prevention and detection engine, Sourcefire brings a new generation of the first ever unified intrusion and vulnerability management technologies to enterprises from manufacturing to the military. These include Sourcefire Intrusion Agents(TM) for Snort, commercial appliance versions based on Snort code, designed to make it easy for open source Snort users to fully capitalize on their investment in all open source Snort deployments. In addition, the Sourcefire Vulnerability Research Team (VRT), joined by the eyes and ears of the vast open source Snort community put the largest brain trust in network security at work for every Sourcefire customer. As part of an ongoing dedication and active involvement in the community, Sourcefire continues to enhance Snort. For example, the Sourcefire Security Education Program is a comprehensive certified training program. Delivered direct from the creators of Snort, users will learn the latest real world tools and techniques for optimizing Snort technology and all Sourcefire products. Sourcefire will continue to enhance open source as well as commercial versions. The result is a win-win for bringing truly effective network security for the real world. Source: http://www.sourcefire.com/snort.html

Isn't snort open source?

[commodoresloat]

Is the worry that the Israeli company will change the license? If they can't do this, what is the security risk? If the technology is open source, does it really matter what country the company that owns it resides in?

Re:Isn't snort open source?

[nuin]

I think the US government is concerned that the new non-American owner could silently change the source code and hide backdoors in it. Of course, America is as paranoid as usal.

Re:Isn't snort open source?

[JourneyExpertApe]

I wouldn't call it paranoia; the Israelis have spied on the US many, many times. Comparing it to the port deal isn't really fair. I'd say this story is the usual Zionist paranoia. You know, because, the US government secretly wants to support Arabs and destroy Israel. (Sarcasm. There really are people who think that way, though.)

Re:Isn't snort open source?

[TykeClone]

// Shh...You're not supposed to see this

Slashdot prone to xenophobia?

[mi]

the same U.S. committee that approved the Dubai ports deal

What the heck?

Whether or not the committees's qualms about Snort are justified, bringing up the "ports deal" is a useless flamebait... We all know perfectly well, that it was not the fact of the government ownership of the Dubai company, that is the real problem with that deal...

Re:Slashdot prone to xenophobia?

[Saeed+al-Sahaf]

Whether or not the committees's qualms about Snort are justified, bringing up the "ports deal" is a useless flamebait...

No, it's pointing out a double standard that seems to have its root in cronyism and personal financial interests.

Re:Slashdot prone to xenophobia?

[mi]

No, it's pointing out a double standard that seems to have its root in cronyism and personal financial interests.

Khmm, I was almost convinced, the US government (the crusaders) is owned by the Israelis :-) Suddenly, it opposition to a deal, that would benefit an Israeli company draws fire...

There is no "double standard" neccessarily — government ownership of a weapon (such as encryption) is a legitimate concern. Operating ports are not — despite all of the politicians' hysterics — a "key to our national security". That is and will be in the hands of US Coast Guard.

Re:Slashdot prone to xenophobia?

[JourneyExpertApe]

Nope, I gotta agree with the GP. If you'd listened to objective coverage of the ports deal, you'd know that:

1. The ports were already in the hands of a foreign company (Peninsular and Oriental Steam Navigation Company).
2. Dubai and the UAE are US allies. The fact that a few criminals came from there does not change that.
3. The inspection of cargo will still be handled by US Customs and Border Protection.
4. Security will still be provided by the Coast Guard.

Now, Israel, on the other hand, has a history of spying on the US, including having their spies caught on US soil. I'm not familiar with Snort, but since it is computer security related, I think further investigation is probably warranted before this is allowed. Israel, while nominally a US ally, could potentially be a great threat.

I could be wrong...

[farrellj]

But isn't Snort Open Source? Doesn't that mean that the "technology" is already *out* there?

Could this just be another bogus attempt by the Bush's krewe to "spin" things, and make it look like they actually care about the US surviving another 200 years, as opposed to preparing for "The Rapture" that Fundamentalist Christians have been saying is 'comming soon', for the past 1,000 years?

Good thing there are term limits!

ttyl
          Farrell

Re:I could be wrong...

[Secrity]

Snort is dual licensed. There is an open source version and a commercial version. The problem is that the commercial version, which the US government and industry buys, could be diddled with. It is possible to put back doors and other nasties in the commercial version.

Anti Business Practices

[Rac3r5]

This seems to be a really dumb move. Its basically telling the world that its ok for the US to take over foreign companies, but its not ok for foreign companies to take over a US business.

What doesn't make sense is Snort is OPEN SOURCE. So if someone wanted to do something to the US computers, they would have already done so. There are lots of highly skilled network layer programmers all over the world that are capable of reporducing snort's functionality. This deal will just screw the US company involved, nothing more.

Sale of 'Family Silver'

[chris_sawtell]

When both countries and people have run up debts that they cannot service they have to be prepared to sell off things to repay those debts. Warmongering is an expensive exercise, you have to pay for by selling assets. US, get used to the idea; it will happen more and more in the future.

Re:What is good for the goose

[Philip+K+Dickhead]

Use the SOURCE, Avi... I mean Luke.

It is long since time we all forked from Marty, anyway. The Nessus debacle looms, again.

Per Leonid Shebarshin, ex-chief of the Soviet Foreign Intelligence Service:
Referring to his meeting with an unnamed al-Qaeda expert at the Rand Corporation, a nonprofit research organization in the U.S., Shebarshin said: "We have agreed that [al-Qaeda] is not a group but a notion."

Re:Israelis are just fine

[einhverfr]

Where do you buy your gasolene? I am sure none of that money makes it back to Muslim countries.

You are not my mother

[Vindaloo]

A Snort is a large piece of construction equipment which a tiny bird thinks may be its mother. I'm not sure what the security implications are.

Not slashdot

[commodoresloat]

You can blame this flamebait on AP, not slashdot, since it appears in the article.

Eh, big deal.

[irregular_hero]

First, I should point out that some of the other posters here seem to think Sourcefire == Snort. It does not, although Sourcefire's products have some dependency on Snort as a general engine. Sourcefire's main product line is actually far deeper than just SnortOnABox -- it delves into areas like vulnerability management and event collection/aggregation, things that "open source" Snort does only if you have a really good administrator who knows how to piece together all the various moving parts into something manageable.

Second, it's remarkable that the DoD would question Check Point's intentions. If they truly cared whether this particular deal was in the best interests of "national security" (whatever that happens to mean today, then they wouldn't use Check Point's firewall products either. But they do! The US Navy uses Check Point firewalls in great, prodigious quantities -- enough that they need Check Point's ISP-class management console software to run all of them! And they're not the only branch of the military using it, not to mention the multitude of other Federal agencies.

This sounds like a reach to me. Something based in rumor, started by a politician, that has to be ended by the press finding the real story inside the rumor...

Israelis Aren't "just fine" In Tech Industries

[cmholm]

Let's repeat that: the Israelis aren't just fine in tech industries. While there's quite a bit of cultural affinity with the US, the Israelis have a national interest which overlaps that of the US in only a few areas. Their commercial interests even less so. They have, like the French, been more than happy to sell or resell intelligence, technologies, and material to nations the US would just as soon they didn't.

In the case of Sourcefire, I suspect the goodies that go into the US Federal Govt's version of Snort are more 'interesting' than what you and I can download. And, whether it's more interesting or not, hiding information from one's adversaries isn't all about the latest rocket science. A look at what used to be classified shows that it's what seems mundane that's the most important to hide. "When is Admiral Yamamoto's plane leaving?" "Uday is in that house." "The FBI standardized on Snort 1.5.x."

It's nothing to transfer Sourcefire's IP, or the cubes where the work really gets done, or the sales and customer support data to Haifa or Tel Aviv.

Compare that to P&O's sale to - in essence - the Sheik of Dubai. The infrastructure P&O runs stay in the US, the dock workers and their management up several rungs remain American. There's pissing and moaning because Al Qaeda has links in Dubai. No shit. Dubai, Singapore, Lichtenstein, to a large degree Israel, on and on... sucessful small nations have to be hard core entreprenuerial to stay afloat, which means everybody and their uncle are running contriband and shady deals through them, in addition to Costco's jugs of olive oil. Tax havens, duty free ports, and other such city-states of commerce don't stay in business by asking too many questions.

Re:Israelis Aren't "just fine" In Tech Industries

[az99p11]

The thing that people dont realize how many federal and military branches use Check Point products throughout their networks. They also use Check Point Integrity as their desktop soloutions(Integrity came from the Zone Labs Acquisition). 100% of Fortune 100 companies use Check Point as well as 90% of the Fortune 500 companies. So I don't see what the issue is, since most of the government agencies and contractors use Check Point. Also, Sourcefire isnt just Snort, they have an enterprise version which adds onto the snort engine and sells to enterprises for a pretty penny.

I do not see what the issue is since the Snort engine is open source, and Check Point already has an in depth knowledge of the Sourcefire product. Either way its ridiculous to try to veto this acquisition.

Snort, Dubai, and India

[WillAffleckUW]

Amusingly, both Congress and the White House have spent more time investigating the Isreali-produced Snort than they have investigating either the Dubai buying US ports or making a deal to allow India to receive US nuclear technology even though they won't permit inspections of their military nuclear facilities.

Hypocrisy is rampant.

Re:Well...

[grahamlee]

Currently, yes. But the argument is that if some evil superpower (which, I mean, even Canada is, these days, right?) were controlling things, then the two may diverge in interesting and nuclear-proliferation-causing ways.

Re:Israeli Security

[chill]

So you must be unaware that there are several departments in the government that are prohibited by policy from using Check Point products due to the parent company being foreign (Israeli)?

You sound also equally unaware that the Israeli's are routinely in the top 5 countries that use gov't-sourced espionage to illegally assist native (Israeli) businesses? (France and China are two others. I can't remember the rest off the top of my head.)

What is boils down to is Israel is more like the U.S. that almost anywhere else in when push comes to shove, they will put their best interests first and fuck everyone else and everone else's opinion.

US thinks it's non free and they should know.

[twitter]

What a nice showcase of the difference between "open" and "free". From the article:

Under the sale, publicly announced Oct. 6, Check Point would own all Sourcefire's patents, source-code blueprints for its software and the expertise of employees. ...

Reinsch, a former Commerce Department undersecretary. "The most important case is where we're making an irrevocable technology transfer to a foreign party. Port operations raise security issues, but the ports are still in the United States."

Patents == Forever? What do they mean "irrevocable"?

Employees == Slaves.

Dude, you're moving to Israel! Maybee that's a stretch but the panel and the companies seem to think they own their employees. How insulting, but that's what a NDA is all about, isn't it?

Software freedom is important. Having the source code is useless if you don't have the legal right to compile it, change it and share it with your friends. Software patents, NDA's, closed source binaries keep you from doing what you want with your own computer. The DMCA will keep you from sharing what you know about someone else's stuff. What you find is that the "owner" holds the card you need. All the anti-competitive games people play have more serious consequences than meets the eye.

Lawmakers are more aware of the consequences of the laws they have written than you might give them credit for. US "Ownership" of whole categories of computer function is clearly the intent of much recent IP legislation. RIM's problems make sense, viewed through this lens. It won't due to have foreigners buy or otherwise enjoy that ownership. It makes me sick.

Did you get the memo?

[aywwts4]

Mmmm... yeah. You see, all nerds have to administer at least one network. Did you see the memo about this? So if you could just start to administer a network now that would be great, let me go and send you that memo again, Thanks.

/. effect

[Psykosys]

I love how the above summary completely leaves out the reasons for the review. From the article:

The objections by the FBI and Pentagon were partly over specialized intrusion detection software known as "Snort," which guards some classified U.S. military and intelligence computers.

Re:Israelis are just fine

[goodie3shoes]

Sadly the poster's viewpoint vis a vis "muslims" reflects the Administration's victory in painting all "A-rabs" and muslims as terrorists and enemies of the USA and "freedom". Hence the reaction of the ignorant to the Dubai Ports non-issue.

Re:Strange politics

[johansalk]

Two things, what you need to understand about the Dubai Ports issue is that Dubai Ports is not directly running the US ports. What happened is that Dubai Ports recently acquired P & O, a British company with a long, long history, which had been running 6 US ports. It's as simple as that. P & O will run ports in the US and elsewhere, as it had long done. The Dubai thing will only be in name and on paper. It will continue to be a British operation. Also, Dubai did not buy a third of DaimlerChrysler, it bought $1 Billion in shares which made it the third largest shareholder. $1 Billion is hardly something to cry about in the international investment world.

Somthineg isn't kosher about this transaction

I mean, an Israeli company buying a company with a pig as a logo?