back to article Scumbag puts 'stolen' Nokia source code, SSH and RSA keys, more up for sale

IntelBroker, a notorious peddler of stolen data, claims to have pilfered source code, private keys, and other sensitive materials belonging to Nokia. In a post on cyber crime message board Breachforums this week, IntelBroker put up for sale what's claimed to be the Finnish network equipment maker's source code, SSH keys, RSA …

  1. Richard 12 Silver badge

    Contracting out is dangerous

    It's a lot of work to sanitise a codebase so the contractor only sees what they actually need to see. Setting up a limited mirror with cropped history, making sure the part they can see actually compiles etc.

    It's much easier to just give them access to everything.

    Guess which one usually happens.

    1. Caver_Dave Silver badge

      Re: Contracting out is dangerous

      Option 1 was much easier when the file history was stored in the file, no so easy when it is all in git (or similar) which seems to be the recent flavour of the month/year/decade.

      1. Richard 12 Silver badge

        Re: Contracting out is dangerous

        Cropping a git history is actually really easy.

        At the trivial end, delete the .git folder and make a new repo.

        There are smarter ways that have some advantages when merging internal and external history in the future, but essentially it's pretty simple.

        It's everything else that's hard, and that has to be done no matter which source control system you use.

    2. tmTM

      Re: Contracting out is dangerous

      What's the betting they used to employ someone with the same skills as this contractor, but some idiot bean counter thought it prudent to bin them off and re-employ as a contractor as and when they needed.

  2. ICL1900-G3 Silver badge

    Credentialized!

    Jesus wept!

  3. gryff
    Holmes

    Theft is wrong, but was sometimes audacious..

    15 or so years ago, someone stole the secret code signing keys to the Nokia smartphone o/s. Got away with €720,000 in €50 notes.

    The key was stored in three separate pieces to prevent theft. The thief had Nokia make a charitable donation to prove their sincerity in negotiating. Then set up a dead drop for the cash handover.

    I've always wondered who it was and why €720,000? Why not €750,000 or €700,000? What happened to them and how do you launder and spend €720,000 of marked bank notes with recorded, flagged serial numbers?

    That was audacious crime.

    This? Copy paste from a git repo?

    One source:

    https://www.csoonline.com/article/547520/symbian-signing-key-reportedly-stolen-from-nokia-could-have-enabled-powerful-malware.html

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like