[ISN] Cisco Source Code Reportedly Stolen
InfoSec News
isn at c4i.org
Mon May 17 04:44:45 EDT 2004
http://www.eweek.com/article2/0,1759,1593870,00.asp
By Steven J. Vaughan-Nichols
May 16, 2004
Russian security Web site SecurityLab is reporting that the source
code for Cisco Systems Inc.'s main networking device operating system
was stolen on Thursday.
According to the report, criminal hackers broke into Cisco's corporate
network and stole 800MB of source code for IOS 12.3 and 12.3t (an
early deployment version containing features not found in the vanilla
12.3 version). In addition, a 2.5MB sample of what is supposedly IOS
code was released on an Internet Relay Chat channel as proof of the
alleged theft.
IOS 12.3 is the newest main version of San Jose, Calif.-based Cisco's
popular operating system. It's used across the company's networking
line, including in home office routers (the 800 Series); those for
branch offices (the 3700 Series); and those that comprise the Internet
backbone (the 7000 Series). Other routers that use the operating
system include the 1700, 2500, 2600 and 3600 Series.
eWEEK.com was unable to reach Cisco to confirm the break-in and code
theft.
If the report is accurate, this represents a major security threat not
just for Cisco users, but for the entire Internet. According to the
Dell'Oro Group, a market research firm that specializes in the
networking and telecommunications industries, Cisco owns 62 percent of
the core router market.
With the proprietary source code in hand, criminal hackers could, in
theory, create programs that could cause denial-of-service attacks in
Cisco-based networks.
A previous major source code theft of parts of Microsoft's NT 4.0 and
Windows 2000 has not led to any security violations. However the
alleged theft of the Cisco source code, since it's both the most
current edition and all of the code, has the potential to be more
damaging.
More information about the ISN
mailing list