A group that earlier this year offered for sale the source code of a popular intrusion detection system now is selling what it says is a copy of the source code for a recent version of Cisco Systems Inc.’s PIX firewall.
A member of the Source Code Club, which first surfaced in July, posted a message to a Usenet newsgroup Monday saying that the group is now selling the code for the PIX 6.3.1 firewall firmware for $24,000. Cisco, based in San Jose, Calif., released a newer version of the firmware this summer.
In the posting advertising the code for sale, the group claims that buyers will get all of the files necessary to compile their own images of the firmware, which then can be loaded onto PIX firewalls. The posting says that the full code file is 37.5MB and can be purchased whole or in 20 separate chunks for $1,200 each.
“With the ubiquity of pix devices these days, we see a huge market for such code,” the posting says. “Many intelligence agencies/government organizations will want to know if those 1’s and 0’s in the pix image really are doing what was advertised. You must ask yourself how well you trust the pix images you download to your appliance from Cisco.com.”
Cisco officials were unavailable for comment.
The Source Code Club first announced its presence in July in a message to the Full Disclosure security mailing list, in which it offered for sale the source code to an older version of Enterasys Networks Inc.’s Dragon IDS software. The asking price then was $16,000 and officials at Enterasys confirmed that the files listed on the group’s Web site did appear to correspond to file names in the Dragon 6.1 software. In its most recent posting, the club says the price for Dragon code is now $19,200.
In an interview in July, a member of the Source Code Club going by the name of Larry Hobbles said that the group had obtained the Dragon code as well as the Napster client and server source code through remote penetrations of the respective companies’ networks.
“We know what we are doing,” Hobbles said at the time. “Our motivation for selling the property is money and to put our skills to use. We do not only offer source codethere are many hacking services that we provide. We do not wish to continue offering source code publicly, but it is something that must be done initially to ensure [sic] the public that we are real.”
Originally, the group operated a Web site but soon shuttered the site and moved its communications to a Usenet newsgroup.
This is the second such incident to hit Cisco this year. In May, some of the code for the company’s ubiquitous IOS software, which runs its routers and switches, was stolen from Cisco’s network.
Check out eWEEK.com’s for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzer’s Weblog.