A recent theft of Cisco Systems Inc.’s Internet Operating System sourcecode could have far-reaching security implications for the entire Internet, since much of the backbone is formed using Cisco infrastructure. The FBI has been working with Cisco systems to trace the thieves after samples of the sourcecode appeared on a Russian Web site. The thief allegedly compromised a Sun Microsystems server on Cisco’s network, and then posted a link to the sourcecode files at an FTP site in the Netherlands. According to a Russian security firm, 800 MB of sourcecode from Cisco, which included developmental-version software, was stolen and the sample was posted to prove the theft. According to the posting on www.securitylab.ru, malicious hackers made off with code for versions 12.3 of IOS after “breaking the Cisco corporate network.” Internet Operating System (IOS) is a proprietary operating system for routers and similar networking hardware made by Cisco.
The release of the Cisco IOS sourcecode came only months after someone illegally posted an incomplete version of Microsoft 2000 sourcecode on the Internet. While Windows 2000 has been replaced by XP, it still shares some sourcecode with 2000. It’s uncertain what the motive behind either attack might be, but the data may make it easier to exploit vulnerabilities in the software.
Police in the U.K. have arrested a 20-year-old man in connection with the case who is suspected of committing “hacking offenses” under that country’s Computer Misuse Act of 1990. The suspect has been released on bail, but computer equipment has been seized to discover forensic evidence. Police have not released further details since the investigation is ongoing.
It’s unclear what the ramifications are regarding the stolen sourcecode, and whether a hacker may use it to exploit systems in the future. Normally, network software can only be manipulated using a management terminal located inside the site. A hacker would likely require considerable knowledge of a network to make use of the sourcecode. It may be more of a PR problem for Cisco, since their current branding slogan describes a Self-Defending Network and their image could be tarnished by such attacks on their network.
Discuss at least five security implications for Cisco if trade secrets were compromised in the hacker’s release of the source code.