Cisco Probes Potential Source Code Leak

Cisco Systems is investigating whether part of the source code that powers its networking hardware has been revealed on the Internet — a potentially embarrassing development for a company making a huge push into the network security business.

Reports swept the Web last weekend that the code had been published on the Russian site SecurityLab. However, the equipment giant is still calling the event a “potential” compromise of its proprietary source code.

Various accounts suggested that as much as 800 MB of source code for Cisco’s Internet Operating System versions 12.3 and 12.3t had been stolen in a hacker attack.

Offering Proof

A sample of the code, believed to be about 2.5 MB in size, was released on an Internet Relay Chat (IRC) channel over the weekend, a move intended to prove to doubters that the code was legitimate.

Cisco spokesperson Jim Brady confirmed to the E-Commerce Times that Cisco is aware of the reports of a breach and that its security response team has been investigating since the weekend to determine if they are true.

He referred additional questions, such as whether Cisco will suggest measures for customers to take in the meantime, to another spokesperson who could not be reached before deadline.

Cisco has been actively expanding its presence in the security area. Starting early last year with its purchase of intrusion detection firm Okena, the company has bought several smaller firms that specialize in network security software. As recently as March, it acquired virtual private network security firm Twingo Systems.

Misery Loves Company

Should the code hack prove legitimate, Cisco can take some comfort in knowing it is not alone.

Microsoft acknowledged earlier this year that part of its vigorously guarded Windows source code had been leaked onto the Web. Although the code was not complete and came from two older versions of the operating system, Microsoft still found itself scrambling to respond and was forced to issue patches to address exploits that were developed based on the code, which was widely circulated.

Industry observers are split on the authenticity of the Cisco code and its impact. Although Cisco’s products power much of the Internet backbone as well as corporate networks, the company may benefit from being a less-attractive target to hackers than Microsoft and other software vendors.

In addition, unlike the Windows code, which was soon made available on dozens of Web sites after the leak, the Cisco code appeared to have been removed from the Russian site by Monday morning.

Still Significant

However, Ken Dunham, director of malicious code at iDefense, said the Cisco code leak, if true, would be “very signficant.”

“We’re still seeing exploits come out based on the Windows source that was leaked months ago,” Dunham told the E-Commerce Times, noting that a Trojan exploiting that code was discovered in the wild in the past few days. “In that case, you’re dealing with operating system on a client machine. Here, you’re dealing with gateway-facing devices that could leave entire networks at risk.”

On the other hand, he added that even if the code was stolen by a hack, the incident should not detract from what Cisco has been able to achieve in terms of adding layers of security to networks.

“No one incident really tells you what you need to know about a company’s seurity,” he added. “Cisco is still a great company that builds stable products. I’d look at this as an unfortunate incident for them.”

Bad Timing

The episode comes just days after Cisco turned in one of its strongest financial performances in recent years.

The company beat expectations, reporting US$1.2 billion in earnings on $5.6 billion in sales in its third fiscal quarter, and provided a glimmer of hope for long-suffering tech-sector workers by saying it is poised to add as many as 1,200 jobs during 2004.

Cisco shares tumbled in early trading Monday, falling nearly 2 percent to $20.90, though it was unclear whether the security breach had sparked the selloff or if the company was simply caught up in a falling overall stock market.