Cisco is investigating a security breach that may have resulted in the theft of the networking giant's router operating system source code..
Last week, attackers broke into Cisco's corporate network and made off with some 800MB of Cisco's IOS 12.3 and 12.3t software, according to a Saturday report on Russian security company SecurityLab. A 2.5MB chunk of code presented to be a sample of the Cisco software was later posted on an Internet Relay Chat channel, according to several independent reports.
Cisco confirmed that an attack had apparently occurred and said it is investigating the incident. "We are aware that a potential compromise of proprietary information occurred and has been reported on a public website," Cisco spokesman David Cook told Techworld. "A Cisco security team is looking into this matter and investigating what happened." Cisco was unable to offer more information, but is planning a briefing for later today, Monday 17 May.
A person using the alias Franz posted two portions of source code, amounting to a total of 2.5MB, on an IRC channel as proof of the successful hack, according to SecurityLab. The company has published the first 100 lines of each sample on its website, one called "ipv6_discovery_test.c", copyrighted 2003 and attributed to Ole Troan, and one called "ipv6_tcp.c", copyrighted 1996 and attributed to Kirk Lougheed. Lougheed led development of the operating system for Cisco's first router, the Advanced Gateway Server, according to Cisco, and Troan also appears to be an employee.
The public exposure of Cisco's source code, a closely-guarded secret, will be highly embarrassing for the company, and could pose a security risk to the Internet, according to industry observers. The source code contains the instructions written by programmers that is later compiled into functioning software. Because it is written in language that is human-readable, source code makes it is easier for outsiders to understand how a piece of software works - and to find security holes. "When you have source code, it becomes easier to find certain types of vulnerabilities," said Secunia CTO Thomas Kristensen.
Theoretically, a major flaw discovered by this method could allow attackers to launch denial-of-service attacks on the networking devices at the backbone of the Internet. Cisco controls 62 percent of the core router market, according to market research firm Dell'Oro Group.
However, possession of source code does not necessarily mean that new flaws will be discovered; they can only be found if Cisco has overlooked them in the first place, Kristensen said. "I don't think they will find a whole lot more vulnerabilities with the source code. If the quality of the code is bad, then maybe," he said.
In February, source code for parts of Microsoft's Windows 2000 and Windows NT appeared on the Internet, and a security researcher said he found a minor Internet Explorer bug by analysing the code. However, the flaw had already been found and patched by Microsoft during an internal source-code audit.
Attacks on networking hardware flaws are less common than on servers or desktops, experts said. Cisco warned of major security issues last July and in March and April, among others, but none have resulted in attacks to date.