FBI investigating Cisco source code leak

The FBI said it is working with Cisco to investigate the theft of computer source code from the networking company, said Paul Bresson, an FBI spokesman.

The FBI said it is working with Cisco to investigate the theft of computer source code from the networking company, said Paul Bresson, an FBI spokesman.

Confirmation of the theft from law enforcement comes amid scant information on the fate of Cisco’s code, days after two sample source code files from the company’s Internetwork Operating System (IOS) were posted on a Russian Web site, a small piece of what was said to be more than 800 megabytes of IOS code.

The FBI could not provide further details, beyond confirming that it was working with Cisco, Bresson said.

According to a posting on www.securitylab.ru, malicious hackers made off with code for versions 12.3 of IOS after “breaking the Cisco corporate network.” IOS is a proprietary operating system that runs on much of the networking hardware that Cisco makes. Cisco acknowledged the theft on Monday but provided few details about how it was obtained.

“Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public website just prior to the weekend. Cisco is fully investigating what happened,” the company said in a statement.

The 2.5M bytes of source code were provided to securitylab.ru over an Internet Relay Chat (IRC) channel by somebody using the online name “Franz,” and is said to be a small part of the stolen code.

The theft parallels a similar crime from February, when thieves made off with source code for Microsoft’s Windows NT and Windows 2000 operating systems.

That code’s leak is believed to have led to the discovery of at least one security hole in the company’s Internet Explorer 5 Web browser, which could allow an attacker to gain control of a computer by using a specially crafted bitmap file.

The theft of the IOS code could potentially be more serious, because Cisco’s products frequently connect directly to the Internet and are not protected by firewalls and other security products, said Ken Dunham, director of malicious code at iDefense in Reston, Va.

“With access to the source code, hackers could compile and test it rigorously, just like developer, and find new vulnerabilities or attack points,” he said.

However, the malicious hackers who made off with the IOS code have so far taken a different route than those who stole the Microsoft code, Dunham said.

In the Microsoft theft, copies of the leaked code quickly appeared on peer-to-peer file-sharing networks and was being swapped and discussed in online forums such as discussion lists and IRC channels.

With the Cisco code, however, the culprits have not released all the code they claim to have stolen, and little information about the stolen code was available on the Internet Monday.

The lack of information may mean that the criminals behind the theft are more interested in selling the stolen code, rather than receiving accolades from the malicious hacker community, Dunham said.

“It seems like they’re making a legitimate attempt to maintain control of the code and maybe try to make some money from it,” he said.