UK officials announced this week the arrest of a 20-year-old there suspected of stealing Cisco source code last May in a case of software theft involving integral Internet components, such as routers and switches, that rely on Cisco’s Internet Operating System (IOS).
While the Cisco source code — posted to a Russian Web site and other Internet sources for a brief period last May — was not as widely available as an earlier source-code theft of Windows code from Microsoft, it was cause for concern among security experts.
The arrest is likely being followed up with interrogation and investigation to find out whether the individual worked with a group of others, including a possible insider who might have gained access to the code. Other speculation indicates that the source code, as well as Cisco’s internal corporate network, were exposed via the Internet.
The individual arrested in the UK, who has not been identified but was released on bail to face charges in November, is reportedly being accused of violating Great Britain’s Computer Misuse Act of 1990 for accessing the U.S. systems of Cisco, according to a UK police spokesperson.
Ken Dunham, iDefense director of malicious code intelligence, said he was not surprised to see an arrest in the case come out of the UK, which the security expert described as “one of the more popular hacking areas.”
Dunham told TechNewsWorld that the arrest of a single individual and the fact that he is in the UK does not mean the suspect worked alone.
“I would say now they are interrogating this guy to better understand the scope of this and find out who else may have been involved,” said Dunham.
Dunham did indicate the arrest substantiates that there probably was a leak of the source code from the inside.
Although it might have put the basic Internet infrastructure at risk, the Cisco source code that was exposed was not as widely available as the Windows source code that leaked out of Microsoft earlier in the year.
The Microsoft source-code leak last February — during which Windows source code was being made available on Web sites, FTP sites, peer-to-peer (P2P) networks and elsewhere — resulted directly in at least one significant vulnerability in Windows systems.
The Cisco leak, Dunham said, was kept more quiet and did not allow the extent of downloading and discussion that came with the Windows exposure.
Selling Source Code
Dunham said the source code has become an increasingly valuable target to skilled hackers and attackers who can put the software snippets to use in attacking systems.
The maturing of the hacker marketplace — where armies of compromised computers can be rented by the hour or the day — also has introduced a profit motive to source-code theft. However, Dunham said that by attempting to sell source code like a jewel thief sells ill-gotten goods, the Cisco source code perpetrators might have given themselves away.
“That may have been what bit these guys,” Dunham said.