[ISN] E-gold Tracks Cisco Code Thief

InfoSec News isn at c4i.org
Mon Nov 8 05:32:34 EST 2004


By Michael Myser 
November 5, 2004  

The electronic currency site that the Source Code Club said it will
use to accept payment for Cisco Systems Inc.'s firewall source code is
confident it can track down the perpetrators.

Dr. Douglas Jackson, chairman of E-gold Ltd., which runs
www.e-gold.com, said the company is already monitoring accounts it
believes belong to the Source Code Club, and there has been no
activity to date.
"We've got a pretty good shot at getting them in our system," said
Jackson, adding that the company formally investigates 70 to 80
criminal activities a year and has been able to determine the true
identity of users in every case.

On Monday, a member of the Source Code Club posted on a Usenet group
that the group is selling the PIX 6.3.1 firewall firmware for $24,000,
and buyers can purchase anonymously using e-mail, PGP keys and
e-gold.com, which doesn't confirm identities of its users.

"Bad guys think they can cover their tracks in our system, but they
discover otherwise when it comes to an actual investigation," said

The purpose of the e-gold system, which is based on 1.86 metric tons
of gold worth the equivalent of roughly $25 million, is to guarantee
immediate payment, avoid market fluctuations and defaults, and ease
transactions across borders and currencies. There is no credit line,
and payments can only be made if covered by the amount in the account.  
Like the Federal Reserve, there is a finite value in the system. There
are currently 1.5 million accounts at e-gold.com, 175,000 of those
Jackson considers "active."

To have value, or e-gold, in an account, users must receive a payment
in e-gold. Often, new account holders will pay cash to existing
account holders in return for e-gold. Or, in the case of SCC, they
will receive payment for a service.

The only way to cash out of the system is to pay another party for a
service or cash trade, which Jackson said creates an increasingly
traceable web of activity.

He did offer a caveat, however: "There is always the risk that they
are clever enough to figure out an angle for offloading their e-gold
in a way that leads to a dead end, but that tends to be much more
difficult than most bad guys think."

This is all assuming the SCC actually receives a payment, or even has
the source code in the first place.

It's the ultimate buyer beware—the code could be made up, tampered
with or may not exist. And because the transaction through e-gold is
instantaneous and guaranteed, there is no way for the buyer to back

Dave Hawkins, technical support engineer with Radware Inc. in Mahwah,
N.J., believes SCC is merely executing a publicity stunt.

"If they had such real code, it's more likely they would have sold it
in underground forums to legitimate hackers rather than broadcasting
the sale on Usenet," he said. "Anyone who did have the actual code
would probably keep it secret, examining it to build private exploits.  
By selling it, it could find its way into the public, and all those
juicy vulnerabilities [would] vanish in the next version."

"There's really no way to tell if this is legitimate," said Russ
Cooper, senior scientist with security firm TruSecure Corp. of
Herndon, Va. Cooper, however, believes there may be a market for it
nonetheless. By posting publicly, SCC is able to get the attention of
criminal entities they otherwise might not reach.

"It's advertising from one extortion team to another extortion team,"  
he said. "These DDOS [distributed denial of service] extortionists,
who are trying to get betting sites no doubt would like to have more
ways to do that."

More information about the ISN mailing list