Arrest made in Cisco source code theft

IDG News Service - Police in the U.K. have arrested a man in connection with the theft of source code from networking equipment maker Cisco Systems Inc. in May, a Scotland Yard spokeswoman confirmed Friday.

The Metropolitan Police Computer Crime Unit searched residences in Manchester and Derbyshire, England, on Sept. 3., confiscated computer equipment and arrested a 20-year-old man suspected of committing "hacking offenses" under that country's Computer Misuse Act of 1990. While authorities couldn't discuss the specifics of the case, the arrest was linked to the Cisco source code, according to Julie Prinsep, a Yard spokeswoman.

The suspect has since been released on bail and is scheduled to appear before authorities at a London police station in November, Prinsep said. Computer equipment seized in the searches is being forensically examined.

In an e-mail statement, a Cisco spokesman said the company is pleased that an arrest was made in the case.

"As we have previously reported, we are continuing to cooperate with law enforcement agencies on this matter. ... We view the arrest as what will likely be one of many steps in this matter. We will take every measure to protect our intellectual property," the spokesman said.

The arrest marks a major breakthrough in the case, which involves the posting of more than 800MB of source code from Cisco's Internetworking Operating System (IOS) to a Russian Web site in May.

IOS is a proprietary operating system that runs on much of the networking hardware that Cisco makes.

Malicious hackers made off with code for Version 12.3 of IOS after the thief compromised a Sun Microsystems Inc. server on Cisco's network, then briefly posted a link to the source code files on a file server belonging to the University of Utrecht in the Netherlands, according to Alexander Antipov, a security expert at Positive Technologies, a security consulting company in Moscow.

Antipov said he downloaded more than 15MB of the stolen code after an individual using the online name "Franz" briefly posted a link to a 3MB compressed version of the files in a private Internet Relay Chat forum on in May (see story).

The link provided was only available for approximately 10 minutes and pointed to a file on a File Transfer Protocol server belonging to the University of Utrecht. The server is open to the public for hosting files of files smaller than 5MB, according to the school's Web page.

Antipov subsequently posted some of that code on a Russian security Web site, www.securitylab.ru to call attention to the reported theft, but hedenied knowing Franz.

At the time, Cisco said it was working with the FBI to pursue the hackers. The FBI wasn't able to comment on the arrest Friday.

The arrest follows other recent successes in cybercrime cases. In June, the FBI announced arrests in the theft of source code for a much-anticipated version of the popular computer game "Half-Life" from the network of Bellevue, Wash.-based game maker Valve Corp.

In May, German police arrested men in connection with creating the Sasser Internet worm and a Trojan horse program called Agobot. On Sept. 9, prosecutors in Verden, Germany, indicted an 18-year-old student in the Sasser worm case.