Slashdot Mirror
Cisco Confirms Arrest In Theft Of Its Code
spafbnerf writes "Informationweek is reporting on Cisco Systems' confirmation of an arrest in connection with the theft of its IOS 12.3 source code last year. On Tuesday, The New York Times reported that federal officials and security experts have acknowledged that the theft of the Cisco source code was part of a wider pattern of thousands of attacks on military and research computers perpetrated by an unknown number of individuals." From the article: "The FBI fully recognizes the inherent sophistication and global nature of intrusion investigations...As such, we have worked hard to develop strong partnerships within the international law-enforcement community. In this case, we have been working closely with our international partners to include Sweden, Great Britain, and others. As a result of recent actions, the criminal activity appears to have stopped."
Was actaul boxes of backup takes with the source code stolen, or was the source code just leaked?
The parents of the teenager in question have taken all his pokémon games.
I read that as: "As a result, the criminals have realised they were being watched and have cleaned up their act, and have made sure they are not noticed by 'them' anymore.
Now on to the FA.
This space is intentionally staring blankly at you
They. Who ever they are, will be back if indeed it's more than a few people. When it comes down to it nothing is secure. There is always going to be a way for the smart/crafty to cercumvent anything put in place.
Then again we could just write rock solid code. but that apparently is cost prohibitive.
"As a result of recent actions, the criminal activity appears to have stopped."
Thanks to the bear patrol recently put in place in my neighborhood, all bear-related activity appears to have stopped.
lol omfg idiots bought it!!!
Yeah. Stay put for 2 months more. And just in case you have something urgent, tunnel through Luser832, I have planted enough "evidence" on his PC to keep him in prison for 50 years.
45 5F E1 04 22 CA 29 C4 93 3F 95 05 2B 79 2A B2
Maybe the thief could have made IOS more stable and secure. I'm beginning to think anyone could do a better job...
...at least walk out with a 6500 router under your coat that you can flog on Ebay!
Gentoo Linux - another day, another USE flag.
More like "liberation".
Information wants to be free.
"As a result of recent actions, the criminal activity appears to have stopped."
Wow, that statement really made me feel better.
He who knows best knows how little he knows. - Thomas Jefferson
The fact that every report says "since the arrest, the intrusions have stopped" ought to tell us something...
Belief is the currency of delusion.
As such, we have worked hard to develop strong partnerships within the international law-enforcement community.
Had Bush known that this was occurring, he would have stepped in and stopped this attack on US sovereignty.
We all know that the US will always choose the unilateralist role in defeating enemies of the State.
(chill... It is a joke.)
"Rocky Rococo, at your cervix!"
Eurasia is now at peace with Oceania, and the harvests of grain improved 20% compared to last year ;)
Tsunami -- You can't bring a good wave down!
Thank goodness Cisco finally got its source code back! Now the source code is safe and sound, never to be seen again by anyone outside Cisco.
"Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
Anyone got a torrent?
..why the evildoers hire 16-year-olds.
You mean it wasn't Habib Marwan and his terrorist cell that stole the IOS code to reverse engineer it into a software chipset that could be used to simultaneously override a nuclear powerplant and a nuclear warhead! Man I was way off.
News Reporters Make Tasty Polar Bear Treats!
The suspect is a 16 year old boy from Uppsala, Sweden, my hometown. I bet he doesn't feel as clever now as he used to. :-)
I look forward to Maureen O'Gara's next scoop though: "He came from Uppsala, the headquarter of famous open source company mySQL AB! Also the place where Vikings once slaughtered Christians in pagan rituals! All a coincidence? I think not!!"
Being bitter is drinking poison and hoping someone else will die
Since I bitch-slapped a hacker trying to break into my system I have not seen another one trying. All that activity must have stopped as well. Wow...I suddenly feel all is right with the world
I'm not a troll, but I play one on Slashdot.
So now I know what they mean by the "Cisco Self-Defending Network".
can be deceiving...
I hope whoever it was at least left an easter egg behind.
waaaaaaaargoooooooooon teh wizaaard (wargon the wizaaard)
Looks like they could do with a decent firewall to keep out intruders. Can anyone recommend a good one?
Apparently the villain was a 16-year old kid.3 232
http://www.dn.se/DNet/jsp/polopoly.jsp?d=678&a=41
The more and more I hear about these types of hacks, attacks, and thefts, it makes me wonder why many big companies still choose to remain 'online.'
We all know that the internet can be a very dangerous place, so why would any company in their right mind choose to have computers with potentially sensitive source code or database information remaining on a publicly facing network?!
Very few machines in a given development or database office should have Internet access, and these machines should not be directly connected to the rest of the company. The reason you spend all of that cash on networking equipment is for private closed intranets, it's not to get you online!
Plugging into the internet is just like going public, no matter how many basements with feline guards at the doors you have in place, you can never be 100% secure.
Our real thanks should go to OJ Simpson. Without his efforts to find his wife's real killer, more Hollywood wives would keep getting hacked.
sigs, as if you care.
They should have used open source, you don't get arrested for stealing open source code, right?
So... now the bad guys enjoy the code they can read in peace, and look for security holes to their heart's content. They face just a small bunch of overworked developers and very little review.
:p
On the other appendage, a vintage PC in my basement churns packets on its cozy shelf, with an OS that has seen continuous attention of millions of developers...
Face it, the bad guys _will_ have guns. No laws or copyrights can stop them. By obstructing the access you limit the amount of kids but do nothing against determined attackers. But if you let the NRA, er, wait, the Free Software community ensure the public will have guns... hmm, my analogy is kind of shot. You know what I mean
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
What's with the montreal thing? is there a joke here i'm not getting? please explain. thanks
Apparently some dumb moderator thought you were serious and modded you "insightful" even though you specifically SAID it was a joke. Idiots!
I am not afraid.
HAD
To me Cisco seems to be using security by obscurity.
Translation: We don't have time to QA this code, so we'd rather not have anyone do it themselves, either, then hack us with the holes we neglected to look for in the first place.
Ugh. Sometimes I wonder if there ought to be an open-source REQUIREMENT in RFP's to vendors. Hell, code availability has HELPED Linksys (who's also Cisco!) - folks have "hacked" it to make it MORE robust, but you don't see any greater number of "hacks" for Linksys products than you do for anyone else...
Maybe Cisco ought to focus on the security BASICS (it's still easiest to get into some else's network because they never changed the default password than it is to script-kid some mutated hack into working) rather than worrying that "outsiders" might actually harden their products FOR them...
Ah, another police victory in defense of a faceless, helpless anonymous $5.6 Billion global dominator. It's sure good to know that all of us Fortune 25 corporations can count on the swift hand of justice.
Slashdot editors: more human interest stories like this one, please!
NY,NY ...Its the glorifing Times dude.
whatever the readers want, truth is a goood hacker
obviously.. problably can do more than one hack!
Comment removed based on user account deletion
On last week's "24", when the terrorist hackers tried to perform a network attack on the "CTU" headquarters, it was Cisco's network protection system that thwarted them. In fact, when all of the characters stopped what they were doing (chasing down a stolen nuclear device from being detonated on U.S. soil.) and stood around talking about how their Cisco systems were self-defending and how great that was, and those scenes were intercut with screenshots of the Cisco defense system at work saving the day, I was actually kind of lulled into believing that Cisco could protect them, or even themselves, from a nefarious hacker.
Next thing you know, they're going to tell me that the evil terrorists in the world don't actually use Alienware laptops, like in "24", when the lead terrorist was shown for several scenes, bathed in the cool blue glow of his Alienware Area-51, and using it to start the countdown on his nuclear missile.
I don't know what's real, and what's branding anymore!!!
Thanks to the media and public focus on Cisco - an otherwise minor part of this entire case - there are hundreds of site managers resting easier tonight, happy that the limelight has passed by their misfortunes.
May the source be with you....
Eurasia is now at peace with Oceania, and the harvests of grain improved 20% compared to last year ;-)
Eurasia has always been at peace with Oceania. The grain harvest have always been at an all time record high.
Don't you remember, citizen? You seem confused. Are you in good health? Please report immediately for an examination. We'll take care of everything.
--
AC
I look forward to Maureen O'Gara's next scoop though: "He came from Uppsala, the headquarter of famous open source company mySQL AB! Also the place where Vikings once slaughtered Christians in pagan rituals! All a coincidence? I think not!!"
Woohoo! Go Vikings!
Wait, this isn't about sports?...
From TFA: "The stolen code was a portion of Cisco's Internetworking Operating System version 12.3. The incident has been a matter of concern because malicious hackers might find flaws in the code that could be exploited to impair the functioning of Cisco's routers."
Translation: We don't have time to QA this code, so we'd rather not have anyone do it themselves, either, then hack us with the holes we neglected to look for in the first place.
Well, if security isn't a concern in our daily lives; why should computers be somehow different?
If someone steals a master key from GM, he goes to jail; he isn't charge just with petty theft, even if he doesn't attempt to use the key himself. The authorities (police and lawmakers) don't want that kind of information (how to make a master key) getting out. They don't blame GM for having a common exploit available in a large range of vehicles: they blame the guy who tried to obtain the forbidden knowledge.
Similarly, they arrested a boy who gained forbidden knowledge that could be used to damage Cisco routers, if those routers aren't secure. Cisco is not held liable for any insecurities in their routers: and this is consistant with legal tradition.
The fact is, cars are not secure, and GM isn't expected to accept liability for that. They're stolen every day, and the existance of master keys doesn't help much. Even without that, there are many are well-known classes of attacks by which thieves can compromise vehicle security.
There's the "smashed windshield" attack, the "lockpick" attack, the "hotwire the engine" attack and many others. Tactics range from "social engineering" tricks (like lying to the valet to get the keys) to sheer brute force methods (such as clubbing the driver over the head, and stealing his car).
The automotive industry hasn't dealt with this problem by manufacturing significantly more secure vehicles. Instead, it relies upon the police to enforce the laws against people who would take advantage of these exploits.
Similar attitudes are seen in the housing industries (most windows aren't made of bulletproof glass), and in fact, in most industries where security is a concern. Security is expensive: and we're already paying for a police force to ensure that criminals aren't lurking about. [1]
Within the computer industry, some programmers seem shocked that security is a low concern: and yet, they go home to places with breakable glass in the windows. There's an exploit for that, too: it's called a "flying brick attack", and it's nastier than your average DDOS...
In short, they arrested the boy, because it's consistant with what the laws say, and with what the police do. If you want to change that, talk to your local politicans...
--
AC
[1] I didn't say it was working... just that the concept was there...
By definition, no company in their right mind would do such a thing.
I applied for a system administration job at a local hospital. During the interview, my would-be boss showed me their network diagram which looked something like:
After I picked my jaw back up off the floor, I asked what the vertical line represented. "That's our firewall!," he beamed. And what kind? "It's Gauntlet running on Windows NT."
I didn't get the job, fortunately. I really don't wanna be around when HIPAA decides to claim IT department heads (as in "decapitated craniums", not as in "leaders").
Dewey, what part of this looks like authorities should be involved?
According to the local newspaper in Uppsala - UNT, the 16-year old boy is not taken in to custody, he has not even been charged with this... He is however charged and have been questioned for another hacking - of Uppsala universitys servers and his computers have been sent to a crimelab for investigation. /Stafis
"Or maybe the code wasn't stolen, rather copied."
Stolen? Copied? Damage still can be done.
"I feel so sorry for all the Cisco employees having to write out all that code again because it was stolen."
From the standpoint of getting punished. It doesn't matter what you call it.
They got the original router code from Stanford University in the first place, and now they complain so bitterly! Check this
It's a sad truth, but I believe in the intelligence of terrorists.
I asume that they are at least intelligent enough to not waste incredible amounts of time, enery, and manpower to hack / break into Cisco so they can perform a very high level analysis of the source code for security holes, so they can hack into backbone routers and misconfigure / shutdown them.
Instead of say, the dumb way of running into the telephone pole brining down the power lines outside or blowing up a critical resource.
Most people aren't terrorized by routing problems, credit card theft, or failure to get to thier favorite website (Google included). It's an inconveince, a crime, and possibly very distressing, but it's not like they are having trouble sleeping with the looming threat that these things can happen.
Today, if you're dressed badly and jaywalking, it's probably going to be seen as terroristic activity.
Is it really worth arresting some kid over this? Chances are it was to prove that it could be done and not to steal the code to create a competing router. I guess lucent, motorola Bay networks or whome ever else could take a peak and see what makes cisco run, but they would only improve their products rather than use stolen code in their own products.
----
CCIE Guy
www.ipexpert.com
www.proctorlabs.com