Source code traders spotted on Usenet
by Dan Ilett
Stolen source code traders, who shut up shop and ran after authorities came
too close for comfort, have been spotted touting more of the code on a
Usenet group.
The Source Code Club, which closed its Eastern European-based website that
sold code for Dragon intrusion detection, posted text that said it was
moving to the alt.gap.international.sales group on Usenet.
The Dragon source code is available for $16,000 and Napster server and
client source code for $10,000.
An Enterasys spokesman has confirmed that a criminal investigation is
underway regarding the possibility of stolen source code, but pointed out
that the code on offer, for version 6.1, is more than a year old and
unlikely to result in any vulnerabilities being discovered.
Google catch here:
http://groups.google.com/groups?group=alt.gap.international.sales&selm=15d5a144.0407162112.3986d1d9%40posting.google.com
From: Larry Hobbles (mordor79@mighty.co.za)
Subject: SCC Newsletter #1
This is the only article in this thread
View: Original Format
Newsgroups: alt.gap.international.sales
Date: 2004-07-16 22:13:00 PST
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
_______ _______ _______
/|_|_|_|\ /|_|_|_|\ /|_|_|_|\
|_| |_|/ |_|/
|_|______ |_| |_|
\|_|_|_|\ |_| |_|
|_| |_| |_|
_______|_| |_|\______ |_|\______
\|_|_|_|/ \|_|_|_|/ \|_|_|_|/
SOURCE CODE CLUB NEWSLETTER #1 - July 17, 2004
======================================================================
Please verify this PGP signed message with our old public key. This
is for YOUR safety. This key will never change.
TABLE OF CONTENTS
=================
1) Contact Information
2) News
3) Buy
4) FAQ
5) About
Contact Information
===================
Two ways to contact us:
1) Post a PGP message encrypted with our public key via usenet to:
alt.gap.international.sales
This method is contact is preferred.
2) Send email to:
mordor79@mighty.co.za
THIS EMAIL COULD CHANGE/GO DOWN. SCC Team PGP public key is located
on full disclosure mailing list archives. The pubkey is also
on usenet, after this message, but we prefer you to get it
off the full disclosure mailing list for extra security.
This public key will NEVER change.
News
====
SCC moves to usenet
Usenet is now the official home of SCC. Although you will not have
any nice navigation links anymore, we feel usenet is better suited
for us.
Usenet gives you two ways to contact us. You can either send
a pgp encrypted message to our current email address or post a
pgp encrypted message right to the usenet group (preferred).
Please remember that when you send us anything via our pgp key,
only SCC and you can know what is in that message.
We are still offering both Enterasys IDS (NIDS/HIDS) and the Napster
server and client source code. Before buying, we urge you to read
our FAQ, posted below.
SCC does not wish to continue offering sources publicly, but
we may do so periodically. Our main business should be requests
that come from our clients. We are initially offering sources
only to authenticate our skills. We do regret the public fiasco
that ensues when you publicly offer source code.
A common fear amoung our clients is: 'How can you guys ensure I
don't get in trouble for buying from you?'
First of all, no one but SCC knows that you are purchasing from us;
we do not do business with anyone not using our pgp key. If you
are truly paranoid, you might go to a net cafe, sign up for a free
email account, then post to our usenet group via groups.google.com
interface. You can also walk down any road in a big city
and find free internet access in the airwaves if you have a wireless
card. There are many paranoid things you can do, although none
of these are really necessary.
Once you have contacted us, no one will EVER know any of the details
of our business with you, as we DO NOT keep any records whatsoever
of transactions.
We hope you will buy with confidence!
SCC Team
Buy
===
SCC is currently offering:
o Enterasys network and host IDS source code and design documentation
o Napster Source Code Repository
Buying Options:
1) All at once
2) Piece by piece
Buying Instructions:
Email us with our PGP key to tell us how many pieces of which
package you wish to purchase (read FAQ if you are confused). PUT
YOUR PUBLIC PGP KEY INSIDE THE MESSAGE SO WE CAN RESPOND TO YOU.
We will not take orders from anyone not using PGP.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Enterasys info:
Enterasys Dragon IDS is one of the most advanced intrusion defense
systems. Some of the largest Fortune 100 companies rely on Dragon
to monitor their networks. If you would like to learn more about
Dragon, visit www.enterasys.com
Interested?
Any company interested in breaking into the intrusion defense
system market will be pleased to know that we are offering the
official Enterasys Dragon Intrusion Defense System at a very
small price: $16,000 USD. This package includes the entire Dragon
source archive and build scripts, which allow you to build and
test the system. The secrets behind Dragon have built Enterasys
into one of the internet's top security companies.
What will I get in this package you offer?
1) Complete documentation (doc/) on how to build, and manage the
Dragon system
2) Complete source code (programs/ and libraries/)
3) Build scripts (build/) to create Dragon binaries for any OS
and Architecture
Buying Options:
1) All at once:
The size of dragonpackage.full is 58 Megabytes (200 Megabytes
unpacked).
The price of the entire archive is: 16,000 USD
2) Piece by piece:
We are also offering the archive in 16 different pieces at: 1,000
USD per piece. You are allowed to buy multiple pieces at once.
Pieces must be purchased in sequential order.
Each piece (pieces dragonpackage.part1 through
dragonpackage.part16) is roughly 3 Megabytes.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Napster info:
Napster spawned one of the biggest markets in the history of the
internet, were sued by Metallica, went under, and then sold their
assets to Roxio (c) for 5.3 MILLION USD. Roxio outbid a few other
companies, including private.com (one of the biggest porn
companies in Europe). Leading companies in the online music
distribution arena include Apple, MusicNet, Sony, and many others.
Interested?
Any company interested in breaking into the online music industry
will be pleased to know that we are selling the entire Napster
source archive for a very small price. How small? Small enough to
turn a 5.3 million dollar Napster technology archive into an
archive worth 10,000 USD.
What will i get in this package you offer?
1) Complete client source code for Win32 and MacOS (napster/client)
2) Complete server source code (napster/server/napd)
The source code is extremely well documented.
Buying Options:
1) All at once:
The size of napster.full is 80 Megabytes (321 Megabytes unpacked).
The price of the entire archive is 10,000 USD
2) Piece by piece:
We are also offering the archive in 20 different pieces at: 500
USD per piece. You are allowed to buy multiple pieces at once.
Pieces must be purchased in sequential order.
Each piece (pieces napster.part1 through napster.part20) is
roughly 4 Megabytes.
==================================================================
FAQ
===
1) This seems like a risky proposition for your clients. How do you
ensure their security and anonymity?
answer:
Our team is a specialist in internet security and anonymizing
techniques. We take extreme security measures to ensure our clients
safety. All business deals conducted with SCC _MUST_ be encryted.
The PGP encryption ensures that _ONLY_ SCC and the client can read
the email correspondences. We do not require any kind of client
identification other than a PGP public key. This key will uniquely
identify the client and their account number. The PGP key
corresponding to the account number we give you cannot be changed.
We recommend opening a free email account somewhere and contacting
us with our PGP public key.
2) I would like to buy something off you guys, but i dont trust
you. How do you expect me to send you thousands of dollars without
knowing you?
answer:
The SCC team does not expect you to trust us. To address this
problem, we will split up the information into many files and
you may purchase each part for a fraction of the total price. As
your confidence grows with SCC, you may feel compelled to purchase
these parts in bulk. Here is an example:
We are offering you a ~1 gigabyte compressed file for $10,000.
We offer this file in 20 50 megabyte parts at $500 per part
(10,000/20). You send us $500, we send you part 1. You send
another $500, we send part 2. You choose to send $1000 and we
send parts 3 and 4, etc etc. The rate that you purchase pieces is
entirely up to you. As your confidence grows, we know that you
will choose bigger pieces.
We also include detailed instructions on how to decrypt and put
together the peices, it is a simple process that can be done with
any unix computer.
3) How do I send money to SCC?
answer:
All of our transactions are conducted through e-gold (www.e-gold.com).
The account number will only be sent to you encrypted so that only
you and SCC know the account number. After we have given you the
account number to send the money to, you must send the money to the
account via an exchanger.
Possible exchangers include:
www.x-changers.com
www.anygoldnow.com
www.icegold.com
www.paybygold.com
www.goldage.net
www.thebullionexchange.com
There are many other exchangers.
4) How will I receive the data I ordered?
answer:
After receiving the money in our account, we will pgp email you a
secret url to download the ENCRYPTED file you have ordered and also
provide you with a key and excellent instructions on how to decrypt.
5) What if your website and/or email address gets shut down?
answer:
If the website/email ever get shut down, we will simply open a new
email and setup a new website. You can find out where the latest
website is by reading full disclosure mailing list:
http://lists.netsys.com/pipermail/full-disclosure/
We will periodically send out emails to this list, notifying
potential customers of our current location.
IMPORTANT: to verify that it is really SCC, SAVE THE PGP PUBLIC KEY
FROM THE FIRST SCC MAILING, and only trust this key. We will NOT
change this public key under any circumstance. You will use this
public key to do all dealings with SCC. SCC cares about our
customers and would not want you to get scammed by someone posing
as SCC.
6) I don't see any products on your page that I am interested in.
Can I submit a request for a proprietary product?
answer:
Yes, SCC does take requests. If you are requesting something from
a Fortune 100 company, there is a good chance that we might already
have it. If we do not have what you are looking for already, we
will consider getting the said data for you, for a price. This
could take our team up to 2 months to complete.
7) After I send you the funds, when can i expect to receive the
data I ordered?
answer:
We will respond to you within 16 hours on how to receive the
data.
8) Are you guys hiring?
answer:
No, we are not hiring at this time. You may send us a resume if
you choose. We will hold on to it and review it if a position
becomes available.
9) I don't know how to use PGP. Can I order something from you
without using PGP?
answer:
No. Learn how to use PGP.
10) What happens if your site gets shut down?
answer:
Although there is a possibility that our site may go down, it will
only be short-term. SCC is here for the long haul, and will
re-emerge as necesary.
Save the public key from the initial full-disclosure mailing we
sent out to verify our authenticity.
About
=====
Formed in early 2004, SCC was created to fill a void in the corporate
world. Until now, it was nearly impossible for companies to reliably
gather intel on their competitors. SCC can deliver timely and
accurate data to meet your companies' needs.
We at SCC are specialists in internet anonymity. All transactions
carried out between SCC and our customers are guaranteed 100%
confidential. Our employees have over 10 years experience with
encryption and anonymizing techniques. We refuse to conduct business
with any customer that does not use encryption.
We hope that you find what you are looking for at our site, but
if you need a specific request, we urge you to email us or post a
message to usenet with the information from our contact page.
SCC team
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4
iD8DBQFA+LSGot/Fi95oUzYRAkqpAKCfY3TcpilJsyZ845xn8TKdIMqbPwCff7Da
F0eIbdFVNhqxIK9QSCWuHo8=
=bGTt
-----END PGP SIGNATURE-----
|
|