May 17, 2004 1:35 AM PDT

Cisco investigates source code leak

An unspecified amount of the proprietary source code that drives Cisco Systems' networking hardware has appeared on the Internet, the technology giant acknowledged early Monday.

A representative could not confirm, however, that network intruders made off with 800MB of code, as reported by a Russian security group over the weekend.

News.context

What's new:
Some of the proprietary source code that drives Cisco's networking hardware has appeared on the Internet.

Bottom line:
It's uncertain to what degree the leaked code will affect Cisco security. In a comparable case, Windows security has not significantly suffered from a leak of Microsoft's code in February.

More stories on this topic

"Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public Web site just prior to the weekend," said Jim Brady, a spokesman for the company. "The Cisco information security team is looking into this matter and investigating what happened."

Brady could give no further details on the matter.

This is the second time this year that a major technology company's product source code has been made public without authorization. In February, source code for parts of Microsoft's Windows 2000 and Windows NT were leaked to the Internet. One security researcher claimed that he had discovered a minor Internet Explorer flaw by analyzing that source code.

It's uncertain to what degree the leaked code will affect Cisco security. The security of Microsoft's operating systems has not significantly suffered from the leak of its code. Moreover, attackers tend not to focus on vulnerabilities in networking hardware. A major flaw that Cisco warned customers about in July never materialized as a threat.

News of the latest source code leak appeared on a Russian security site, SecurityLab.ru, on Saturday, two days after its administrators received the leaked source code. The site posted two files of source code written in the C programming language, which apparently enables some next-generation Internet Protocol version 6 functionality. One file was copyrighted in 1996 and the other in 2003.

According to SecurityLab.ru, online vandals had compromised Cisco's corporate network and stolen about 800MB of source code. A person with the alias "Franz" bragged about the intrusion and posted about 2.5MB of code on the Internet relay chat (IRC) system not long after the alleged break-in.


Get Up to Speed on...
Enterprise security
Get the latest headlines and
company-specific news in our
expanded GUTS section.


By Sunday evening, however, the full source code could not be located by CNET News.com, and members of the IRC channel were speculating about the authenticity of the two brief excerpts posted on the Russian site.

One participant suggested that they might be a hoax, because "Cisco" was not capitalized in the source code. Others apparently grew tired of the discussion, changing the channel's title temporarily to "do not keep commercial code on online computers...when are people gonna learn."

The excerpts posted by SecurityLab.ru named Ole Troan and Kirk Lougheed as the authors of the code. Both programmers appear to be Cisco employees.

CNET News.com's Declan McCullagh contributed to this report.

1 comment

Join the conversation!
Add your comment
It's not supposed to be capitalized.
Inside cisco Systems, the 'cisco' is rarely capitalized as it's shott fot San Francisco. Only once it was decided that captializing it would make the products easierf to market did "cisco" ever get written as "Cisco".

The fact that "cisco" appears in all lowercase in the code doesn't make it any less likely that it was written at cisco Systems.
Posted by (1 comment )
Reply Link Flag
 

Join the conversation

Add your comment

The posting of advertisements, profanity, or personal attacks is prohibited. Click here to review our Terms of Use.

What's Hot

Discussions

Shared

RSS Feeds

Add headlines from CNET News to your homepage or feedreader.