Slashdot Mirror
Arrest in Cisco Code Theft
Kozar_The_Malignant writes "The BBC is reporting that an arrest has been made in the case of the stolen Cisco code that was posted to the internet last May. Approximately 800 MB was posted to a Russian security website. No name has been released and details are rather thin."
No name has been released
Just because you have no name, it doesn't automatically mean you're guilty.
to be younger people who get arrested for these kind of acts. I'm reffering to things such as code theft/release, warez, writing worms, viruses, etc. Is it because the the younger ones aren't as bright and therefor don't cover their tracks as well? Or is it because as you get older, the appeal of these kind of things drops? A combination of both? Something else? I would have to assume it's a combination of both, but I have no idea.
WWJD.... for a Klondike bar?
Is that British for "Source Code"? Like torch for flashlight?
Not that I've heard...
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
I've got and have had IOS 11.3 source sitting here for about two years. I kept notes on the dork who gave it to me. I contacted Cisco asset recovery, whom I had worked with before, and they got me to the IP guys. I've been waiting and waiting to be interviewed and nothing happens
I am very easy to get along with, but I don't have time to waste being nice to people who are being stupid. -Theo
You know, sometimes these little "give and takes" that people post on /. are funny. This one was in no way humorous or entertaining.
Thanks!
I've just signed legislation that'll outlaw Russia forever. We'll begin bombing in five minutes.
Yes. It's what one finds under the bonnet of router*
*pronounced 'root-er'
Fancy a scone?
I don't see how this is going to keep people from hacking Cisco products. The only difference here is the code was "published". From what I have been told the code has been available in the "warez" community for years.
From the article:
Soon after the appearance of the code Cisco confirmed that the FBI was investigating how the theft had occurred.
And...
Cisco said that it had not been stolen as a result of loopholes in its software.
So, they need the FBI to determine how the theft occurred, but they're sure it wasn't because their software has security holes?
Either you know how it happened or you don't, guys. Can't be both.
Weaselmancer
rediculous.
It took too long.
Russian officials have identified the suspect as a 75-year-old deranged homeless man named Dmitri. Dmitri has never seen a computer or even heard of computers or the internet, and upon being arrested declared himself to be the reincarnation of Czar Nicholas II. Russian authorities state that Dmitri is the ringleader of every single former Soviet-bloc hacking and IP theft operation, which he was running from a cardboard box under a freeway overpass, and once he's been put to death following a speedy closed-door non-jury trial, which takes place in about twenty minutes, all Russian-based criminal activity on the internet will cease. Officials are hailing the arrest as a triumph for the Russian criminal justice system and the dawning of a new era in East-West internet-based relations. Dmitri's friends, two of whom are imaginary, are protesting by wrapping themselves in some copper wire they found and then trading it for vodka.
You are in error. No-one is screaming. Thank you for your cooperation.
[It always seems] to be younger people who get arrested for these kind of acts [..] Is it because the the younger ones aren't as bright and therefor don't cover their tracks as well? Or is it because as you get older, the appeal of these kind of things drops?
You wouldn't believe how old some of the world's top hackers and crackers are. For example...
The Queen Mother didn't die.
In fact, it is little known that she was an u83r1337 h4x0r whose skills reached terrifying levels during her "lifetime". However, wary of the risk of getting caught, and not exhibiting the carelessness or egotism of youth, she decided the only way to practice these skills to their full extent was to fake her own death.
It is rumored that, post-"death", she is working as a black-hat hacker on behalf of Microsoft, and that her alias is qqqqmutha ("four 'q' mother").
The Queen Mother is 104.
"Slashdot - News and Chat Sites Deviant". (Click "homepage" link above for details).
"Heaven forbid that Cisco actually allow this and join the open source movement...we certainly wouldn't want their stuff to get any better. (*insert sarcasm here*)"
It might interest you to know that cisco is one of the top contributers (of both hardware, and money) to the Open Source Development Labs.
Also even if cisco did release the code for its routers, it's architecture is so specialized that you need quite expensive machinery to even get it compiled, so it wouldn't enjoy the massive development base that linux has.
They caught Simeonoff from Varna Hacking Group! The greatest hackers in the world got arrested?!?
Well, legally speaking, theft is generally defined as:
:(
"Unauthorised taking or use of someone else's property with the intent to deprive the owner or the person with rightful possession of that property or its use."
If you accidently grab the wrong coat while leaving a party, then you did deprive someone of the item, but the intent to deprive was not there, so it is not theft/stealing.
So if you want to look at the code as an object, then its probably not theft.
HOWEVER.
This code is considered a secret. Once the code was taken by an unauthorized party and realeased, then Cisco no longer had possession of the secret and likely wont be able to use that code without modifying it. So its clear that there was theft of a secret. This is similar to stealing a password, you aren't depriving the owner of the password, but its still theft because it isnt secret anymore.
Besides, didn't your mother ever tell that stealing was taking anything that didn't belong to you but belonged to someone else without their permission?
I am posting this as AC because I just created an account and still no email with my pw.
Thanks,
David
PS: Good summary of theft legally here:
http://www.wordiq.com/definition/Theft
So technically the hacker puts himself into danger to redeem Cisco from being evil?
If you mod this up, your slashdot background will turn into a beautiful sunset!
If you actually read the article, you'll find out that the person arrested was a British.
Caught the "I love smell of napalm joke". But you
see it gets better.
Consider: this closed source code is now *feared*.
The mortals are *uncertain*. and with a little luck
they'll have a whole boat load of *doubt*.
Zeus himself couldn't have delivered a nicer gift
to all of the OSS people. Chuckle. Understand how
much you should *doubt* those people at Cisco.
Gosh. Why would I want to put anything on my machine I can't look at the source of. Hey: Thank you for reminding me why I'd really rather prefer not having some of these products. One day I hope to have a choice. But for now I'm going to stay miserable and do my Marvin impression... (or
at least until I can decide whether hhg2 release II
beats doom3 (big grin)
How much do you think our evil friends at IBM paid
them to do this one?
Conspiracy theories can be fun (so long as you
know how to play the saxophone...).
1) buy a dictionary
2) use it
3)....
Most younger people also don't have that much money to spend on software, etc.
You're just mad he thought of it first! (:
Whoever stated that signature sizes should be limited to one hundred and twenty characters can just go ahead and kiss my
I'm posting this as an AC because the truth does not like to be heard on slashdot, just herd.
No, you're posting as AC because you're a pussy and an idiot. You proved the former by not logging in, and the latter by equating the theft of intellectual property with joyriding in a car. You will further prove this when you respond to me and say, "There's no difference, commie hippy fuckwad."
Words are repurposed every day.
Especially by marketing hacks. "Repurposed"? Jesus.
Whats the difference between manslaughter and murder? Semantics.
Damn good thing you aren't a lawyer. Legally murder is the *deliberate* killing of another human being; manslaughter is the *accidental* killing of another human being. Of course, the fact that you're unable to distinguish between the two is driven home by your completely irrelevent strawman argument.
Yes, theft does not mean someone was deprived of something.
The legal definition of theft means that you actually have to deprive someone of something. And no, you aren't important enough in the grand scheme of things to redefine words as you please and force your definitions on the rest of us. So either you accept *our* definitions or we get to laugh at you for being a solipsistic, arrogant little prick.
There's a difference between theft and copyright violation. But I don't suspect you'll be able to tell the difference, since you can't even see the difference between murder and manslaughter.
Commie hippy fuckwad. I'm posting this as an AC because the truth does not like to be heard on slashdot
No, you're posting this AC because you're a fucking coward who's desperately afraid that he might lose some bogus karma points if he posts under his handle. A spineless, whining, two-bit guttersnipe without the balls to stand behind his words and take what comes.
I laugh at you, little weasel.
Max
My god carries a hammer. Your god died nailed to a tree. Any questions?
You make a good fucking point.
Perhaps if you fucking put it forward better then you might just get a better fucking response.
Only a fucking antisocial troll would ruin a fucking valid and possibly well-fucking-reasoned statement with such a fucking derisive insertion of profanity and fucking insult.
Have a fucking nice fucking day.
FTA:
"About 800 megabytes of Cisco's the Internetwork Operating System was posted on a Russian security website in May this year."
Threats to American security from British individuals aren't nearly as risky as threats from Russians. Posting the code on their website violated the Cisco copyright, which protects a lot of assets of that American company. And that kind of crime is very common in Russia, along with a host of other criminal enterprises that damage the American economy. That Russian legal and criminal landscape is the heritage of post-Cold War Russia, the product of American/Russian government participation in the war and its aftermath.
--
make install -not war
*Words are repurposed every day. Whats the difference between manslaughter and murder? Semantics.*
depending on where you live, the difference can be several years or even difference between if you fry or not. that's a bit more than just semantics.
they're legal terms - YOU DON'T REUSE THEM.
world was created 5 seconds before this post as it is.
Anyone's got a torrent link ? ;-)
3.243F6A8885A308D313
"The spokesman declined to name the target of the hack, but people familiar with the investigation have said authorities suspect the man lifted the source code directly from Cisco's corporate computer network."
Helevius
"For instance, if you had a summer home and left a car there so that you could just fly in and go with it, and some fuck wad took it over the winter and then put it back -- ensuring that nothing was damaged, the engine was serviced and the oil was changed and had someone on the inside so that if you were anywhere near a thousand mile fucking radius, they could put it back as good as new (or better) -- would this be theft?"
Well, in the UK at least it wouldn't be theft.
In your scenario, the car is kept as good as new and no criminal damage has ocurred, so the only offence comitted is that of Taking Without Consent (T.W/O.C in Police shorthand, hence the term "Twoccing").
This offense was dreamed up at the back end of the last century, when joyriding became immensely popular with the chavs and pikies that infest the housing projects of this green and pleasant land.
Since the car was invariably abandoned after the fun was over, the prosecutor could not show that there was an intent to permanently deprive the owner of his property, hence , no theft ocurred.
The Twoc law was introduced so that the fun-loving and excitable rascals who joyride could be charged with a more serious crime than merely busting a car door lock.
T&M.
Political language
So, IOS stands for "the Internetwork Operating System"?
I guess "Internet" must always be preceded by "the".
LRC, the best-read libertarian site on the web
Your example of a person borrowing a car without permission does not correlate a bit..
In the case of the car, the value of the car has been reduced due to the additional miles, and wear and tear has reduced its lifespan.. the original *copy* has been effected..
In the case of the copied code, *nothing* was done to the original copy, no wear and tear, no reduction of value or lifespan, due to its use.... Nothing.
It may be a copyright crime ( which should be a civil case, making copyright violations criminal is immoral ), but its not *theft*, and all your colorful words don't change that fact.
---- Booth was a patriot ----
don't worry, that won't stop the mods from not reading the article and then modding you randomly
I've just signed legislation that'll outlaw Russia forever. We'll begin bombing in five minutes.
I just actually bought a copy of Microsoft Office 2004 for MacOS X. Granted it was an academic copy, but even at 21 I just lost my ability to sit there for hours waiting for something to download that I could easily buy.
After a while you also tend to gain an appreciation for paying people for producing software. Granted I probably won't ever buy another copy of Office unless it's the academic version, but what the hell?
Click here or a puppy gets stomped!
Yes indeed, it is. And unauthorized distribution of copyrighted materials is ... Follow this closely, now, it's tricky ... unauthorized distribution of copyrighted materials. It's not theft at all. That's why there's a different law, with a different name.
Whats the difference between taking something that isn't yours and taking something that isn't yours.
The difference is that when it's theft, what the owner had is somehow diminished. When it's unauthorized distribution of copyrighted materials, the only thing which is diminished is the artificial monopoly the owner has been granted for a limited time. I'd say that's a huge, meaningful difference.
When you steal Joe's hamburger, you are better off, Joe is worse off, and the rest of us are unaffected. When you commit unauthorized distribution of Joe's copyrighted materials, Joe may or may not be worse off, you are better off, and so are the rest of us.
Unauthorized distribution of copyrighted materials is not always immoral (though, by definition, it's always illegal). If Joe has somehow violated the social contract which brought him the monopoly, that unauthorized distribution should be done by the government which granted the monopoly in the first place. There's no reason to think that's the case here, with Cisco's stuff, of course.
See what I've been reading.
Words are repurposed every day. Whats the difference between manslaughter and murder? Semantics.
No, the difference is intent .
Also even if cisco did release the code for its routers, it's architecture is so specialized that you need quite expensive machinery to even get it compiled, so it wouldn't enjoy the massive development base that linux has.
This only applies to actual packet forwarding. Other interesting IOS parts are routing protocol implementations (particularly EIGRP, but another industry-strength BGP implementation won't hurt, either), scalable tunneling support (in particular mass-termination of PPP and L2TP links), and fast forwarding decisions in software (mostly CEF).
Even Cisco can't afford to build everything from scratch. Some software routing architectures are pretty standard designs with a PCI bus and a regular MIPS CPU (maybe a bit underclocked, but nothing really special). No, I'm not talking about Linksys. 8-)
Also even if cisco did release the code for its routers, it's architecture is so specialized that you need quite expensive machinery to even get it compiled, so it wouldn't enjoy the massive development base that linux has.
The IOS is not compiled on some fancy machine, it is compiled on FreeBSD servers using plain ol gcc w/ cross compiler functions (Correct me if I am wrong, but a few of my buddies are Cisco employees, and that's the proces they told me.) They don't build an ubber router and retrofit it with compilers to build their software.
Can I get an eye poke?
Dog House Forum
The article makes it seem like this source code is the magic key that holds the whole internet together. Is the press really doing its job by scaring the masses into believing this idea? Is it too much to ask that they have higher standards in writing pieces on comlex subjects?
Ummm, dude, even if you steal something and give it back, it's still theft because (even whether the personal stolen from realizes it or not) for a period of time that person did not have possession of said object.
If I take your car, drive it around, and return it, you've still been deprived of your car for a period of time. In fact, your never get the same car you had back, since now I've added milage, etc.
However, if I were to copy your CD, you were never deprived of your material (unless I took it away to copy it), it's still there, you always had the opportunity to use it just as before, and it's not any different physically from before it was copied.
So you, Mr. Anonymous Coward, are the moron, as even if the car was stolen and return, it was still stolen because *wow* the owner was still deprived of property whether he realized it or not. Realization of loss is not part of theft.
That is exactly why there have been different legal definitions for copyright infringement, theft, etc.
And before you call me a thief, which is inevitable, keep in mind that I don't copy CD's. I've bought the only 2 discs that actually sounded decent to me in the last year, and generally pay for my software (unless there's a viable OSS alternative).
I am posting this as AC because I just created an account and still no email with my pw. :(
I had the same problem when I created this account recently. I clicked on "have your password mailed to you" and got one right away. The one that was supposed to come with the account has yet to arrive.
Press? Journalism?
Mass hysteria is their game. These "reporters" have children to feed. no one can eat "higher standards".
What's an "ubber router"? I think you misspelled "rubber outer".
The higher the technology, the sharper that two-edged sword.
Wouldn't be hard if you had a way to get past the firewall of doom (the nickname for the main gateway firewalls at Cisco). Once internal you basically have your typicall soft centered network. The source code is available via NFSv3 mount points that are protected by simple host authnetication with username/password authentication being bypassable. Only the export restricted stuff is really all that locked down and even that wouldn't be that hard to get to for a determined hacker.
This knowledge is now 3 years out of date but I really doubt Cisco has taken major leaps to improve internal security.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
Actually, an intelligent coder (or businessman) realizes that the only true security, if there is any, lies in continuing to create. Trying to hold on to what one has is a worthless endeavor in a world of change. Face it, "intellectual property", software patents and similar artifical constructs attempt to grant intangibles the same status as actual property, in much the same manner that corporate law grants such organizations many of the legal powers and protections afforded to actual people. In both cases problems have ensued.
The higher the technology, the sharper that two-edged sword.
Um, last time I worked on it IOS was built using the Sun compiler chain on Solaris servers. Our local IOS repository was a 16 way SunFire running Rational Clear Case and the compile machine was a 4 way SunFire with faster CPU's running a glued together compile chain. They were working towards supporting GNU toolchain two years ago but it was slow going since the IOS toolchain had always been Solaris based.
There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
...it is hard to make a quick getaway in your wheelchair.
Words are repurposed every day.
Common English, yes. You're talking about a legal term.
Whats the difference between manslaughter and murder? Semantics.
If you ever hit someone with your car, I'll bet you hope that your lawyer doesn't feel the same way.
For instance, if you had a summer home and left a car there so that you could just fly in and go with it, and some fuck wad took it over the winter and then put it back -- ensuring that nothing was damaged, the engine was serviced and the oil was changed and had someone on the inside so that if you were anywhere near a thousand mile fucking radius, they could put it back as good as new (or better) -- would this be theft?
Yes. You were still deprived of it.
In the virtual world, you are deprived of the benefits of being its sole owner and all the perks that come with it.
You don't own the right to get money from someone. You haven't been deprived of anything legally defined to be your property.
I'd like to ask the counter-question. Those people who argue for the use of the term "copyright infringement" are asking people to be objective and legally correct. The only reason that I can see to argue for use of "theft" is because you want to attach overly negative connotations to the infringing of someone's copyright. And someone that attempts to get me to make irrational decisions and judgements is not acting in my best interest. If "copyright infringement" is bad to degree N, it can damn well stand on its own merits as being bad to degree N. There's no reason to try to manipulate someone's emotions.
You know what? People *don't* generally get as upset when faced with the word "copyright infringement" as "theft". You know why? Because they *don't* happen to feel that "copyright infringement" is as bad as theft. That's the judgement that they've made. You attempting to associate "theft" with "copyright infringement" is simply attempting to get people to be irrational.
May we never see th
It's evolution...
Survival of the fittest. Those smart enough not to get caught get to grow old in peace. Those weaker, are caught before they grow old.
Hopefully they recovered the stolen code so Cisco could have it back. I bet they had to rewrite some of it while the original code was still missing. Oh, wait, they put the code on a website... did someone steal it from that site too? (and did they track down where it went)
Of course, what I want to know is how much 800MB of source code weighs.
I submited that same story half a day ago and got a shiny =rejected=, although I referred to The Register's article. Whining aside, what I didn't expected to read (not @the reg, at least) was the following ^insightful^ observation: "The theft is a worry for security pros because wider access to Cisco's proprietary source code might make it easier for hackers to develop exploits." I guess I was fooling myself thinking that at least some open source firewall/scurity-related solutions are indeed (as)secure(as some piece of software can be). Now I get to "know" that all of them are inherently not, cuz their source is out there for any(evil)one to see! Goosebumps, anyone? ;) Ok, ok, buffer overruns are much harder to find when you don't have the source, but is it that buffer overruns are really unavoidable? What else is there for Cisco to worry about? Better compliance with cheap chinese knock-offs?
The atheist,by merely being in touch with reality,appears shamefully out of touch with the fantasy life of his neighbors
"The man has not been identified or charged and has been bailed pending an appearance in court in November."
It wasn't incredibly funny, but it had a good point. Really... they already have a court date set for the guy and they haven't even formally charged him or gotten his name? That's very, very hard to believe. Even if he's guilty, this is a very fishy way to go about bringing him to court.
Note the subject line: It seems that the accepted spelling uses "ck", rather than double "c". I'd only heard the term verbally before I started rooting around.
Regarding sentencing: It's complicated by the fact that taking without consent is a young person's crime, so the format of the trial and the outcome are heavily dependent on the age of those convicted.
As best I can make out, simple taking without consent carries a six month maximum, while aggravated taking without consent (in which injury, endangerment or damage are caused) carries a 2 year maximum. However, those under 14 are not (generally) subject to custodial sentences, and 15-17 year olds may be detained for a maximum of one year.
Take all this with a pinch of salt, (IANAL etc), but that's the best I could turn up.
Interestingly on one of the legal pages I found, a writer likened "twocking" to a kind of physical copyright infringement! Best keep this nugget hidden at the dead end of an obscure thread, or the usual
T&K.
Political language
You do realize that -- and here's a wiki article to back it up -- 2nd-degree murder is roughly synonymous with voluntary manslaughter and 3rd-degree murder is roughly synonymous with involuntary manslaughter? You're undermining your entire argument.
"Come on, guys, get with the times. Cisco never was deprived of it's code, so it cannot be theft. It was copyright infingement, all right, but certainly not code theft."
I'm replying to this simply because the original is currently at -1, Troll, and thus will go unread by most.
The irony here, naturally, is that when somebody dares to use the word "theft" for other unauthorized distribution of copyrighted material -- namely films and music, of course -- Slashdotters will jump all over them like they're the last chopper out of Saigon.
This poor guy has made the mistake of applying the same reasoning to a type of intellectual property from which many Slashdotters derive their income. This is, of course, because many Slashdotters are typically producers of code, and consumers of music and films.
I think the next exercise will be to discuss why coders intrinsically deserve more respect than do producers of other forms of intellectual property -- financial self-interest aside. Is it because it's harder to write code than it is to produce a film or write a song? Are coders just better people?
Sitting in my day care, the art is decopainted.
I think the next exercise will be to discuss why coders intrinsically deserve more respect than do producers of other forms of intellectual property -- financial self-interest aside.
Well, when you can understand the argument, then you can join in. When someone releases something into the public domain, then, while it is freely distributed, someone makes one unauthorized copy, that is a completely different situation. This was unreleased trade secrets. Someone targeted a device, violated laws just to access it (without counting the copying), took proprietary, private, trade secrets, and published them.
Since you claim you are unable to see a distinction between the two, I'll just point out that there is and leave it up to the reader to determine what it is.
Learn to love Alaska
What you really means is: First "you can't really steal code because you haven't deprived anyone of the use of it" post.
But I see you've already been modded Troll, which is exactly what that tired old argument ammounts to in my book.
For all intensive purposes, "whom" is no longer a word. That begs the question, "who cares"?
There's no difference, commie hippie fuckwad.
Note:That wasnt't really me who posted AC up there. I just couldn't resist.
Before you mod me funny, think, perhaps I was insightfully funny?
"BSD: Free as in speech. Linux: Free as in beer. Windows 10: Free as in herpes." --Man On Pink Corner in #52607549.
Yes, but truely great ideas only come every so often.
Creativity isn't manual labor, regardless of what Warhol et al thought it could be.
You cannot have one creative person and think to yourself, if I had 11 more folks working directly for him, I'd have a dozen creative folks.
It just doesn't work that way.
As such, the truely creative need to be protected in some small way and secured. I think copyright laws need reformed. Other IP? Patents only have 7 years...some would argue thats too long for computer based works. I've had projects of mine that were theorized 7 years ago and just now seeing the light of day. I don't have the manpower that can understand what I'm doing to actually get the stuff done, so most of the theoretical stuff I work on is a one man project -- I let others clean it up and make it presentable though. If I had patented the stuff -- and the university has tried before -- I would have lost all protection before I had a product to market.
The folks that create creative works need protection. Code monkeys will never understand, because most programmers think programming is what happens when your fingers hit the keys. Programming is dead simple. Just like writting music is dead simple. Writting something that is useful to your target audience is hard...otherwise, with all the technical advancements Linux has, everyone would be using this. Why else would OSX have become the #1 unix like OS in less than a few years selling more copies than any other unix ever (cripes...I know I'm going to have some fucking slashdotter argue over that...read the words over before responding to that statement).
Regardless, if we claim intangibles are artifically protected, we need to start saying all property needs not be protected. Why give special status to that car? Its for the good of the village that everyone be able to drive it. If everyone that owned a car suddenly had to put into the domain of the public good, these would immediately be used by everyone and even the guy that gave his up would have access to a vehicle whenever he needed one so it wouldn't really matter.
Knowledge, just because it takes no mass, is property just as anything else. Either we state that we are all commie hippies and we must give away all things private for the public good, or we state there has to be ownership by the individual -- who can state if he wants to give something to the common good or not.
The fact is, this whole IP revolution slashdotters have is just killing themselves. Unless of course, this is just a site full of manual laborers that do nothing for the world except tweek a few lines of code and pop it back in the system. Personally, I'd be happier with actual items containing mass becoming public property and pushing that as the way of the future before I did information.
Cars want to be free. Carjackers of the world unit. You are the first line of defence against the Physical Property Nazis!!!
You were right. I gave up waiting for the initial mail and did the same thing. I got the second mail instantly though.
-David