FBI investigating Cisco source code leak

IDG News Service - The FBI is working with Cisco Systems Inc. to investigate the theft of computer source code from the networking company, said Paul Bresson, an FBI spokesman.
Law enforcement's confirmation of the theft comes amid scant information on the fate of Cisco's code, days after two sample source-code files from the company's Internetworking Operating System (IOS) were posted on a Russian Web site -- a small piece of what was said to be more than 800MB of IOS code (see story).
The FBI couldn't provide further details, beyond confirming that it is working with Cisco, Bresson said.
According to a posting on www.securitylab.ru, malicious hackers made off with code for Version 12.3 of IOS after "breaking the Cisco corporate network." IOS is a proprietary operating system that runs on much of the networking hardware that Cisco makes. Cisco acknowledged the theft yesterday but provided few details about how the source code was obtained.
"Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public Web site just prior to the weekend," the company said in a statement. "Cisco is fully investigating what happened."
The 2.5MB of source code were provided to Securitylab.ru over an Internet Relay Chat (IRC) channel by somebody using the online name "Franz," and is said to be a small part of the stolen code.
The theft parallels a similar crime in February, when thieves made off with source code for Microsoft Corp.'s Windows NT and Windows 2000 operating systems (see story). That code's leak is believed to have led to the discovery of at least one security hole in the company's Internet Explorer 5 Web browser, which could allow an attacker to gain control of a computer by using a specially crafted bitmap file.
The theft of the IOS code could be more serious, because Cisco's products frequently connect directly to the Internet and aren't protected by firewalls and other security products, said Ken Dunham, director of malicious code at iDefense Inc. in Reston, Va.
"With access to the source code, hackers could compile and test it rigorously, just like a developer, and find new vulnerabilities or attack points," he said.
However, the malicious hackers who made off with the IOS code have so far taken a different route than those who stole the Microsoft code, Dunham said. In the Microsoft theft, copies of the leaked code quickly appeared on peer-to-peer file-sharing networks and was being swapped and discussed in online forums such as discussion lists and IRC channels.
Withthe Cisco code, however, the culprits haven't released all the code they claim to have stolen, and little information about the stolen code was available on the Internet yesterday.
The lack of information may mean that the criminals behind the theft are more interested in selling the stolen code than in receiving accolades from the malicious hacker community, Dunham said. "It seems like they're making a legitimate attempt to maintain control of the code and maybe try to make some money from it," he said.

Reprinted with permission from

IDG.net
Story copyright 2009 International Data Group. All rights reserved.