Stinkysteve
07-16-2004, 07:07 PM
Story here:
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=23901125
Brazen Hackers Amp Up The Hubris
By Gregg Keizer, TechWeb News
Hackers are getting ever more brazen, said a security analyst Thursday after one group boldly advertised it would sell stolen source code.
"What with the commoditization of hacking," said Ken Dunham, the director of malicious code research at iDefense, a Reston, Va.-based threat intelligence firm, "hackers are getting ever braver."
Earlier this week, someone identifying himself as Larry Hobbles posted a message to the Full Disclosure security mailing list claiming that his Source Code Club had the source code for Enterasys Networks' Dragon IDS (Intrusion Detection System) software and would sell it for $16,000.
"SCC is a business focused on delivering corporate intel to our customers. Our main focus is selling source code and design documents," wrote Hobbles in a message to the list. "To get the ball rolling, we are now offering the source code/design docs for both Enterasys Intrusion Detection System (NIDS/HIDS) and Napster server and clients."
The message then referenced a Web site registered to a Misha Balyasny in Kiev, Ukraine.
By late Wednesday, however, the group closed down its Web site, leaving it showing only a brief message.
"We regret to inform that SCC has temporarily suspended operations. Our business model is currently being re-designed to alleviate some of the initial fears our customers faced," the site stated.
But the hacking group plans on being back in business soon. "Selling corporate secrets is a very tricky, and we believe it is an area that we can conquer. Look for us in the near future as we re-emerge to bring you all kinds of secrets."
"It's a nasty world out there," said iDefense's Dunham. "There's everything from groups willing to sell a spam zombie army for a few hundred to groups ready and willing to do a denial-of-service (DoS) attack on the target of your choice for several grand."
Other examples of recent hackers-for-hire schemes that iDefense has tracked, said Dunham, include online job postings for people able to hack into highly secure sites, industrial sabotage-style offers to penetrate and bring down a competitor's network, and out-and-out extortion.
"Some of these guys aren't any different than in the old days when someone from the Mob would show up and say, 'You don't want your store burned down, then pay us,'" said Dunham. Dubbed worm or DoS "insurance," hackers will approach a firm and threaten to launch attacks against its computers or Web site, then hope the shakedown scares up some cash.
In some places, this kind of criminal activity doesn't bother to operate underground. Russia and Eastern Europe in particular, said Dunham, are locales where groups do business with impunity, and know it.
"There's simply no fear of reprisals," he said. "If I had a concern in my neighborhood about crime, I could just call the cops, but on the Net, who is going to shut them down, how are they even going to be found?"
It's no coincidence, then, that the Source Code Group is running a server out of the Ukraine.
"Surprised? No, I'm not surprised that a group like [Source Code Club] is advertising," concluded Dunham. "This kind of thing goes on all the time."
Related story here:
http://www.internetweek.com/allStories/showArticle.jhtml?articleID=23901055
Stolen Source Code Site 'Suspended'
By George V. Hulme, InformationWeek
The Source Code Club, a group of hackers who offered to sell stolen source code, closed down its Web site Wednesday evening. The group popped up on the Web earlier this week and claimed to have a variety of code for sale, including the source code to Napster as well as an intrusion-detection system from Enterasys Networks Inc. Someone with the name Larry Hobbles on Monday posted an E-mail advertisement to a security mailing list stating that the Source Code Club "is now open for business." The E-mail described the Source Code Club as a business focused on "delivering corporate intel to our customers."
It said the group's primary focus was selling source code and design documents, and claimed that "there are many other facets to our business."
By late Wednesday, the group decided it needed to make some changes.
"Thank you for your interest in SCC. We regret to inform that SCC has temporarily suspended operations. Our business model is currently being re-designed to alleviate some of the initial fears our customers faced," the Web site states.
It promises to return. Selling corporate secrets is "very tricky," the Web site reads, but "we believe it is an area that we can conquer. Look for us in the near future as we re-emerge to bring you all kinds of secrets."
A spokeswoman for Napster said in an E-mail interview that the company believes the group has the source code to the original peer-to-peer Napster software. "We don't use the same source code, so we are not concerned," she wrote.
A spokesman for security software maker Enterasys said in an E-mail statement that the company is investigating the alleged theft and has "not definitively concluded that they have any actual source code."
If code were stolen, the spokesman said, it may have been a portion of an older version, 6.1, of its Dragon IDS software, and customers can download the latest version, 6.3, from its Web site.
"Our continuing investigation indicates that any possible misappropriation of the code would have been linked to a physical theft of media and not a breach of our network," he wrote.
Enterasys is also working with law enforcement and therefore "can provide no further details at this time," he wrote.
The raw source code for commercial software companies is highly guarded intellectual property. Not only can competitors study source code to attempt to gain a competitive advantage, but security researchers and hackers can pore through the code to attempt to uncover security holes that can be used to hack into corporate networks or launch Internet worms such as Sasser and Code Red.
This isn't the first time this year hackers claimed to, or actually, have gained access to proprietary software. Portions of Microsoft's Windows operating system source code leaked onto the Internet in February. And in May, portions of Cisco Systems' Internetworking Operating System software, which runs much of its networking gear, were stolen, with chucks of code published on the Internet.
No arrests have been made to date in the Cisco or Microsoft cases.
http://www.internetweek.com/breakingNews/showArticle.jhtml?articleID=23901125
Brazen Hackers Amp Up The Hubris
By Gregg Keizer, TechWeb News
Hackers are getting ever more brazen, said a security analyst Thursday after one group boldly advertised it would sell stolen source code.
"What with the commoditization of hacking," said Ken Dunham, the director of malicious code research at iDefense, a Reston, Va.-based threat intelligence firm, "hackers are getting ever braver."
Earlier this week, someone identifying himself as Larry Hobbles posted a message to the Full Disclosure security mailing list claiming that his Source Code Club had the source code for Enterasys Networks' Dragon IDS (Intrusion Detection System) software and would sell it for $16,000.
"SCC is a business focused on delivering corporate intel to our customers. Our main focus is selling source code and design documents," wrote Hobbles in a message to the list. "To get the ball rolling, we are now offering the source code/design docs for both Enterasys Intrusion Detection System (NIDS/HIDS) and Napster server and clients."
The message then referenced a Web site registered to a Misha Balyasny in Kiev, Ukraine.
By late Wednesday, however, the group closed down its Web site, leaving it showing only a brief message.
"We regret to inform that SCC has temporarily suspended operations. Our business model is currently being re-designed to alleviate some of the initial fears our customers faced," the site stated.
But the hacking group plans on being back in business soon. "Selling corporate secrets is a very tricky, and we believe it is an area that we can conquer. Look for us in the near future as we re-emerge to bring you all kinds of secrets."
"It's a nasty world out there," said iDefense's Dunham. "There's everything from groups willing to sell a spam zombie army for a few hundred to groups ready and willing to do a denial-of-service (DoS) attack on the target of your choice for several grand."
Other examples of recent hackers-for-hire schemes that iDefense has tracked, said Dunham, include online job postings for people able to hack into highly secure sites, industrial sabotage-style offers to penetrate and bring down a competitor's network, and out-and-out extortion.
"Some of these guys aren't any different than in the old days when someone from the Mob would show up and say, 'You don't want your store burned down, then pay us,'" said Dunham. Dubbed worm or DoS "insurance," hackers will approach a firm and threaten to launch attacks against its computers or Web site, then hope the shakedown scares up some cash.
In some places, this kind of criminal activity doesn't bother to operate underground. Russia and Eastern Europe in particular, said Dunham, are locales where groups do business with impunity, and know it.
"There's simply no fear of reprisals," he said. "If I had a concern in my neighborhood about crime, I could just call the cops, but on the Net, who is going to shut them down, how are they even going to be found?"
It's no coincidence, then, that the Source Code Group is running a server out of the Ukraine.
"Surprised? No, I'm not surprised that a group like [Source Code Club] is advertising," concluded Dunham. "This kind of thing goes on all the time."
Related story here:
http://www.internetweek.com/allStories/showArticle.jhtml?articleID=23901055
Stolen Source Code Site 'Suspended'
By George V. Hulme, InformationWeek
The Source Code Club, a group of hackers who offered to sell stolen source code, closed down its Web site Wednesday evening. The group popped up on the Web earlier this week and claimed to have a variety of code for sale, including the source code to Napster as well as an intrusion-detection system from Enterasys Networks Inc. Someone with the name Larry Hobbles on Monday posted an E-mail advertisement to a security mailing list stating that the Source Code Club "is now open for business." The E-mail described the Source Code Club as a business focused on "delivering corporate intel to our customers."
It said the group's primary focus was selling source code and design documents, and claimed that "there are many other facets to our business."
By late Wednesday, the group decided it needed to make some changes.
"Thank you for your interest in SCC. We regret to inform that SCC has temporarily suspended operations. Our business model is currently being re-designed to alleviate some of the initial fears our customers faced," the Web site states.
It promises to return. Selling corporate secrets is "very tricky," the Web site reads, but "we believe it is an area that we can conquer. Look for us in the near future as we re-emerge to bring you all kinds of secrets."
A spokeswoman for Napster said in an E-mail interview that the company believes the group has the source code to the original peer-to-peer Napster software. "We don't use the same source code, so we are not concerned," she wrote.
A spokesman for security software maker Enterasys said in an E-mail statement that the company is investigating the alleged theft and has "not definitively concluded that they have any actual source code."
If code were stolen, the spokesman said, it may have been a portion of an older version, 6.1, of its Dragon IDS software, and customers can download the latest version, 6.3, from its Web site.
"Our continuing investigation indicates that any possible misappropriation of the code would have been linked to a physical theft of media and not a breach of our network," he wrote.
Enterasys is also working with law enforcement and therefore "can provide no further details at this time," he wrote.
The raw source code for commercial software companies is highly guarded intellectual property. Not only can competitors study source code to attempt to gain a competitive advantage, but security researchers and hackers can pore through the code to attempt to uncover security holes that can be used to hack into corporate networks or launch Internet worms such as Sasser and Code Red.
This isn't the first time this year hackers claimed to, or actually, have gained access to proprietary software. Portions of Microsoft's Windows operating system source code leaked onto the Internet in February. And in May, portions of Cisco Systems' Internetworking Operating System software, which runs much of its networking gear, were stolen, with chucks of code published on the Internet.
No arrests have been made to date in the Cisco or Microsoft cases.