Stolen code shop back in business - on Usenet
An online group claiming to have the source code for two popular computer programs for sale opened its doors for business again on Saturday.
An e-mail message that claims to come from "larry hobbles" and the Source Code Club was sent to the Full-Disclosure security discussion list. The message said that the group has moved operations to Usenet, the network of online bulletin boards that makes up part of the Internet, where interested customers can buy the source code for the Dragon intrusion detection system (IDS) software from Enterasys Networks Inc. and peer-to-peer server and client software from Napster LLC, now owned by Roxio Inc.
The club made headlines last week after posting messages to online discussion groups that advertised a Web site selling the source code and design documents for Dragon and Napster. By Thursday, the group's Web page displayed a message saying the club had ceased operations due to "fears our customers faced."
A subsequent "newsletter" from the club dated July 17 and posted to the Usenet group alt.gap.international.sales at 10:28 PM Pacific Standard Time called Usenet the "official home" of the Source Code Club and said the informal network was "better suited" to the club and would give potential customers two ways to contact club members: through a club e-mail address and through messages posted in the Usenet group.
The newsletter claims that the Source Code Club soon hopes to go underground and stop offering code for sale in public, but is offering the Dragon and Napster code "to authenticate our skills." The Enterasys code would allow purchasers to understand the "secrets behind Dragon," whereas the Napster code could give "any company interested in breaking into the online music industry" a jump-start, the newsletter said.
The club also expressed regret for the "public fiasco that ensues when you publicly offer source code," an apparent reference to media attention to the group's unveiling.
The club also posted instructions for potential customers to purchase the stolen code.
Customers are encouraged to contact the group using e-mail and PGP (Pretty Good Privacy) encryption to disguise their requests. Source code for the Dragon software was priced at US$16,000 and Napster for $10,000, with payments made through one of a number of online payment services. Those wary of sending money to the club have the option of buying the source code in $500 increments to build confidence.
Enterasys is working with the U.S. Federal Bureau of Investigation and reviewing the club's claims. The company claims that its product code was lifted off stolen media, such as a compact disc or computer hard drive, rather than stolen directly from its computer network, according to Kevin Flanagan, an Enterasys spokesman.
A Napster spokeswoman said last week that while Roxio owns the rights to the original Napster code being sold by the club, the current Napster online service does not use any code from the original, free music swapping service and is not affected by the alleged theft.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
