Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.
Stolen Source Code Site 'Suspended'
Selling corporate secrets is 'tricky,' the site says, so it's 'redesigning' its business model.
George V. Hulme
July 15, 2004
3 Min Read
The Source Code Club, a group of hackers who offered to sell stolen source code, closed down its Web site Wednesday evening. The group popped up on the Web earlier this week and claimed to have a variety of code for sale, including the source code to Napster as well as an intrusion-detection system from Enterasys Networks Inc.
Someone with the name Larry Hobbles on Monday posted an E-mail advertisement to a security mailing list stating that the Source Code Club "is now open for business." The E-mail described the Source Code Club as a business focused on "delivering corporate intel to our customers."
It said the group's primary focus was selling source code and design documents, and claimed that "there are many other facets to our business."
By late Wednesday, the group decided it needed to make some changes.
"Thank you for your interest in SCC. We regret to inform that SCC has temporarily suspended operations. Our business model is currently being re-designed to alleviate some of the initial fears our customers faced," the Web site states.
It promises to return. Selling corporate secrets is "very tricky," the Web site reads, but "we believe it is an area that we can conquer. Look for us in the near future as we re-emerge to bring you all kinds of secrets."
A spokeswoman for Napster said in an E-mail interview that the company believes the group has the source code to the original peer-to-peer Napster software. "We don't use the same source code, so we are not concerned," she wrote.
A spokesman for security software maker Enterasys said in an E-mail statement that the company is investigating the alleged theft and has "not definitively concluded that they have any actual source code."
If code were stolen, the spokesman said, it may have been a portion of an older version, 6.1, of its Dragon IDS software, and customers can download the latest version, 6.3, from its Web site.
"Our continuing investigation indicates that any possible misappropriation of the code would have been linked to a physical theft of media and not a breach of our network," he wrote.
Enterasys is also working with law enforcement and therefore "can provide no further details at this time," he wrote.
The raw source code for commercial software companies is highly guarded intellectual property. Not only can competitors study source code to attempt to gain a competitive advantage, but security researchers and hackers can pore through the code to attempt to uncover security holes that can be used to hack into corporate networks or launch Internet worms such as Sasser and Code Red.
This isn't the first time this year hackers claimed to, or actually, have gained access to proprietary software. Portions of Microsoft's Windows operating system source code leaked onto the Internet in February. And in May, portions of Cisco Systems' Internetworking Operating System software, which runs much of its networking gear, were stolen, with chucks of code published on the Internet.
No arrests have been made to date in the Cisco or Microsoft cases.
About the Author(s)
An award winning writer and journalist, for more than 20 years George Hulme has written about business, technology, and IT security topics. He currently freelances for a wide range of publications, and is security blogger at InformationWeek.com.
You May Also Like