FBI investigating Cisco source code leak
Two sample source code files were posted on a Russian Web site
IDG News Service - The FBI is working with Cisco Systems Inc. to investigate the theft of computer source code from the networking company, said Paul Bresson, an FBI spokesman.
Law enforcement's confirmation of the theft comes amid scant information on the fate of Cisco's code, days after two sample source-code files from the company's Internetworking Operating System (IOS) were posted on a Russian Web site -- a small piece of what was said to be more than 800MB of IOS code (see story).
The FBI couldn't provide further details, beyond confirming that it is working with Cisco, Bresson said.
According to a posting on www.securitylab.ru, malicious hackers made off with code for Version 12.3 of IOS after "breaking the Cisco corporate network." IOS is a proprietary operating system that runs on much of the networking hardware that Cisco makes. Cisco acknowledged the theft yesterday but provided few details about how the source code was obtained.
"Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public Web site just prior to the weekend," the company said in a statement. "Cisco is fully investigating what happened."
The 2.5MB of source code were provided to Securitylab.ru over an Internet Relay Chat (IRC) channel by somebody using the online name "Franz," and is said to be a small part of the stolen code.
The theft parallels a similar crime in February, when thieves made off with source code for Microsoft Corp.'s Windows NT and Windows 2000 operating systems (see story). That code's leak is believed to have led to the discovery of at least one security hole in the company's Internet Explorer 5 Web browser, which could allow an attacker to gain control of a computer by using a specially crafted bitmap file.
The theft of the IOS code could be more serious, because Cisco's products frequently connect directly to the Internet and aren't protected by firewalls and other security products, said Ken Dunham, director of malicious code at iDefense Inc. in Reston, Va.
"With access to the source code, hackers could compile and test it rigorously, just like a developer, and find new vulnerabilities or attack points," he said.
However, the malicious hackers who made off with the IOS code have so far taken a different route than those who stole the Microsoft code, Dunham said. In the Microsoft theft, copies of the leaked code quickly appeared on peer-to-peer file-sharing networks and was being swapped and discussed in online forums such as discussion lists and IRC channels.
With the Cisco code, however, the culprits haven't released all thecode they claim to have stolen, and little information about the stolen code was available on the Internet yesterday.
The lack of information may mean that the criminals behind the theft are more interested in selling the stolen code than in receiving accolades from the malicious hacker community, Dunham said. "It seems like they're making a legitimate attempt to maintain control of the code and maybe try to make some money from it," he said.
- Comprehensive Advanced Threat Defense The hot topic in the information security industry these days is "Advanced Threat Defense" (ATD). This paper describes a comprehensive, network-based approach to...
- Advanced Threat Defense: A Comprehensive Approach In this interview, Peter George, president, General Dynamics Fidelis Cybersecurity Solutions, explains why we need more than anti-malware, and what constitutes a comprehensive...
- 2013 Cyber Risk Report The "Cyber risk report 2013 Executive summary" presents the major findings of HP Security Research's comprehensive dive into today's cyber vulnerability and threat...
- Cybersecurity for Dummies eBook This book provides an in-depth examination of real-world attacks and APTs, the shortcomings of legacy security solutions, the capabilities of next-generation firewalls, and...
- Live Webcast Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- Security Vulnerabilities Associated With Having Local Administrator Privileges Viewfinity will demonstrate how removing admin rights and granularly managing privileges at the application level reduces the attack surface.
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different.... All Cybercrime and Hacking White Papers | Webcasts