North American Network Operators Group

Date Prev | Date Next | Date Index | Thread Index | Author Index | Historical

Light Reading: PIX Source Code For Sale

  • From: frank
  • Date: Fri Nov 05 08:44:37 2004

Black Market Offers Cisco's PIX [Firewall Source Code]

NOVEMBER 05, 2004 

Source code for Cisco Systems Inc.'s (Nasdaq: CSCO - message board) PIX firewall is up for sale. Too bad 
it's not Cisco doing the selling.

An underground group known as the Source Code Collective is offering PIX version 6.3.1 for $24,000, 
according to a newsletter posted by the group to Usenet on Halloween. 

Little is known about SCC. The group debuted in July with an offer to sell source code from Enterasys 
Networks Inc.'s (NYSE: ETS - message board) Dragon Intrusion Defense System for $16,000 as well as Napster 
server and client source code for $10,000. Those prices have since gone up to $19,200 and $12,000, 
according to the recent newsletter.

Those aren't the only companies in SCC's sights. The newsletter claims the group has virtual reams of 
source code to sell, but a full list is only available to previous buyers. "If you are requesting something 
from a Fortune 100 company, there is a good chance that we might already have it," the newsletter says. SCC 
even takes requests, supposedly assigning a team of hackers to retrieve source code for a price.

The newsletters are posted by someone calling himself "Larry Hobbles" with an email address registered to a 
South African domain. SCC originally did its selling through a Web site registered to a Ukrainian domain -- 
they're a very cosmopolitan crew -- but had to drop that business model, citing concerns from customers. 
SCC now communicates with customers through email and Usenet only.

To allay concerns of authenticity, SCC is willing to sell its code in chunks, allowing the customer to 
verify that the product appears genuine before purchasing the whole thing. 

The PIX sale is Cisco's second significant source-code scandal this year. In May, hackers claimed to have 
stolen the code for one version of the company's Internetwork Operating System (IOS) and posted part of the 
bounty on a Russian Web site. A British man was arrested in September, but few other details of the 
investigation have emerged. (See Cisco's IOS Code 'Compromised' and Cisco Code Hacker Arrested .)

� Craig Matsumoto, Senior Editor, Light Reading

http://www.lightreading.com/document.asp?site=lightreading&doc_id=62317
---------------------------------------------------------------

[email protected]