Almost a year after the theft and distribution of Cisco source code integral to much of the Internet’s infrastructure, a Swedish teenager is suspected of stealing the software and using university computers to crack U.S. government systems and Web sites. The individual’s attacks are said to have included numerous other online properties as well that may number in the thousands.
The reported arrest of a 16-year-old in Uppsala, Sweden in connection with the attacks comes after authorities across the globe investigated the breach of Cisco IOS operating system source code, which exposed the program powering standard Internet routers and switches. Another individual, age 20, was arrested in the United Kingdom last September over suspicions he was involved in the theft, which resulted in the availability of the proprietary code on the Internet.
Security experts said it was too soon to analyze exactly how the code was exposed and the nature of the attacks, which include U.S. military and NASA sites. However, some indicated the fact that one person found access to the code means that others, possibly with more malicious motives, may also be taking advantage of Cisco’s vulnerability.
Swiping the Source
Since Cisco first admitted that it was investigating exposure of its widely-used IOS source code, there have been few details about the breach. However, the theft, which occurred after an even larger source code exposure for Microsoft last year, has been a cause for concern among security experts and CIOs.
Some argued the code that was exposed — reportedly 800 megabytes of source code — might not prove itself particularly useful to attackers. But there were concerns that based on the prevalence of the software among integral Internet routers and switches, the impact could stretch beyond Cisco to the larger Internet.
Cisco most recently indicated it was unaware of any use of the stolen source code to attack or crack users of its IOS products, adding that it does not believe the stolen code creates increased risk to customer networks.
Where There’s One…
SANS Institute Director of Research Alan Paller, whose computer security organization recently released its list of the most common and concerning vulnerabilities, told TechNewsWorld the source code exposure highlights how today’s attacks tend to span over time.
“That a kid got in means other people are already in,” Paller said. “Once they get in, they embed themselves so many places. The point is, it’s a long-term infestation. It’s like asbestos — it’s in there and you don’t know for years what it’s doing to you. What (the recent arrest) means to me is, beyond a reasonable doubt, that other people are in.”
The security expert added that the longer-term attacks are more difficult to clean up, mainly because attackers are increasingly skilled at keeping their breaches quiet.
Paller also said the fact that a teenager has been arrested in connection with the source code exposure and attacks indicated more highly skilled attackers — those with profit, political or other malicious motives — may also be leveraging the vulnerability of the Cisco code exposure.
“He is an example of a person with good skills getting in,” he said. “Most of the organized crime people and nation states have greater skill.”