My name is phonic. you might have heard of me.
Part I
----------
You might have noticed that recently a file was added called the Cisco
Auditing Tool. This tool was a pretty nice all-in-one Cisco Router
tool
coded by g0ne. I was helping him work on this tool, and I happened
to
have a local copy of it on the machine I admin: Station 25. I might
also
add that this is a state owned box. Well, as we were working on this
tool,
we were getting it ready for release. Working out a few bugs, adding
some
new tools, etc. So I had the latest version of the source in a private
directory on my box. Also, I had a large collection of un-released
source
code.
Part II
----------
About a month or so ago, I was asked by a friend, whose name will remain
confidential, if I would mind hosting www.hack.co.za for gov-boi, aka
rage. Apparently, the previous hoster stopped hosting it for reasons
unknown to me, so the site was down for a while. I, being the kind
and
generous person that I am so well known to be =], said ok. So for the
past
month or so, www.hack.co.za was being hosted here. I helped gov-boi
setup
the dns tables, etc. so that the site would work and everyone would
be
happy.
Part III
----------
Like I said earlier, the pre-release source code for the Cisco Auditing
Tool was on this box. On the night of May 25th 2000, I get a phone
call
from g0ne. Apparently, someone had posted the source code to packet
storm.
Well, this was strange because only 3 people, myself and g0ne included,
had the source. I didn't think anyone on my box would have taken it
since
I thought they were all trustworthy. It turned out I was sadly mistaken.
After careful examination of the box, I learned that gov-boi rooted
the
box, the box I was generous enough to let him use, with a local exploit.
Not hiding his work at all, this was easily found out in the logs.
Part IV
----------
gov-boi decided that in exchange for the generosity that I extended
towards him, with nothing asked for in return, he was going to go behind
my back, and steal tons of source code for his web site. I imagine
he is
going to quickly change the dns tables to unlink this server from
www.hack.co.za once he realizes that I found out that he is a source
code
thief. Now, in my humble opinion, and I could be wrong, I think this
is
really fucked up.
Part V
----------
Finally, tomorrow I have to file a report about the intrusion and hack
on this system by gov-boi.
Oh, did I mention that this is a state owned box?
Thank you for your time.
-phonic