Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cisco Confirms Arrest In Theft Of Its Code

Posted by Zonk on from the crackdown-on-black-hats dept.

spafbnerf writes "Informationweek is reporting on Cisco Systems' confirmation of an arrest in connection with the theft of its IOS 12.3 source code last year. On Tuesday, The New York Times reported that federal officials and security experts have acknowledged that the theft of the Cisco source code was part of a wider pattern of thousands of attacks on military and research computers perpetrated by an unknown number of individuals." From the article: "The FBI fully recognizes the inherent sophistication and global nature of intrusion investigations...As such, we have worked hard to develop strong partnerships within the international law-enforcement community. In this case, we have been working closely with our international partners to include Sweden, Great Britain, and others. As a result of recent actions, the criminal activity appears to have stopped."

12 of 113 comments (clear)

  1. do they believe it themselves? by nietsch · · Score: 5, Interesting
    As a result of recent actions, the criminal activity appears to have stopped.


    I read that as: "As a result, the criminals have realised they were being watched and have cleaned up their act, and have made sure they are not noticed by 'them' anymore.

    Now on to the FA.
    --
    This space is intentionally staring blankly at you
  2. Appears to have stopped - for now! by PacketScan · · Score: 4, Insightful

    They. Who ever they are, will be back if indeed it's more than a few people. When it comes down to it nothing is secure. There is always going to be a way for the smart/crafty to cercumvent anything put in place.
    Then again we could just write rock solid code. but that apparently is cost prohibitive.

  3. Over-confident by dbleoslow · · Score: 5, Funny

    "As a result of recent actions, the criminal activity appears to have stopped."

    Thanks to the bear patrol recently put in place in my neighborhood, all bear-related activity appears to have stopped.

    1. Re:Over-confident by NekkidBob · · Score: 5, Funny

      I wish to buy your tiger repelling rock...

  4. Theft? by Anonymous Coward · · Score: 4, Funny

    More like "liberation".

    Information wants to be free.

  5. Phew! by Dirtside · · Score: 4, Funny

    Thank goodness Cisco finally got its source code back! Now the source code is safe and sound, never to be seen again by anyone outside Cisco.

    --
    "Destroy science and religion. Science would re-emerge exactly the same; but not religion." - Penn Jillette, paraphrased
  6. Re:Too bad... by EvilTwinSkippy · · Score: 4, Funny
    I have found Cisco routers to be remarkably stable.

    We have a 7100 series that I use as a step-ladder to access stuff on a top shelf. It has never teetered or shifted.

    --
    "Learning is not compulsory... neither is survival."
    --Dr.W.Edwards Deming
  7. The suspect by LarsWestergren · · Score: 4, Funny

    The suspect is a 16 year old boy from Uppsala, Sweden, my hometown. I bet he doesn't feel as clever now as he used to. :-)

    I look forward to Maureen O'Gara's next scoop though: "He came from Uppsala, the headquarter of famous open source company mySQL AB! Also the place where Vikings once slaughtered Christians in pagan rituals! All a coincidence? I think not!!"

    --

    Being bitter is drinking poison and hoping someone else will die

  8. Firewall? by nogginthenog · · Score: 5, Funny

    Looks like they could do with a decent firewall to keep out intruders. Can anyone recommend a good one?

  9. Re:Must be nice to have such confidence by EvilTwinSkippy · · Score: 4, Funny

    RFC37337 - Corporal Punishment over UDP

    --
    "Learning is not compulsory... neither is survival."
    --Dr.W.Edwards Deming
  10. Decentralized Networking... by Anonymous Coward · · Score: 4, Insightful

    The more and more I hear about these types of hacks, attacks, and thefts, it makes me wonder why many big companies still choose to remain 'online.'

    We all know that the internet can be a very dangerous place, so why would any company in their right mind choose to have computers with potentially sensitive source code or database information remaining on a publicly facing network?!

    Very few machines in a given development or database office should have Internet access, and these machines should not be directly connected to the rest of the company. The reason you spend all of that cash on networking equipment is for private closed intranets, it's not to get you online!

    Plugging into the internet is just like going public, no matter how many basements with feline guards at the doors you have in place, you can never be 100% secure.

  11. Don't they WANT it secure? by mreed911 · · Score: 5, Interesting
    From TFA: "The stolen code was a portion of Cisco's Internetworking Operating System version 12.3. The incident has been a matter of concern because malicious hackers might find flaws in the code that could be exploited to impair the functioning of Cisco's routers."

    Translation: We don't have time to QA this code, so we'd rather not have anyone do it themselves, either, then hack us with the holes we neglected to look for in the first place.

    Ugh. Sometimes I wonder if there ought to be an open-source REQUIREMENT in RFP's to vendors. Hell, code availability has HELPED Linksys (who's also Cisco!) - folks have "hacked" it to make it MORE robust, but you don't see any greater number of "hacks" for Linksys products than you do for anyone else...

    Maybe Cisco ought to focus on the security BASICS (it's still easiest to get into some else's network because they never changed the default password than it is to script-kid some mutated hack into working) rather than worrying that "outsiders" might actually harden their products FOR them...