24 May 2004 The theft and publication of Cisco’s proprietary operating system code on the Internet has not caused an increased security risk, claims the networking giant in a statement.
Cisco, the world’s largest maker of network routers and switches that power the Internet, assured users that the “improper publication of this information does not create increased risk to Cisco equipment”.
Furthermore, the leak was not a result of vulnerabilities in the company’s hardware of software, nor the result of any malicious activity by an employee or contractor, the company added.
On May 17, Cisco announced that 800 megabytes of its proprietary source code that drives its networking hardware had appeared on Russian security site SecurityLabs.ru. The Russian IT security company claimed that a hacker stole the code by breaking into Cisco’s corporate network.
The code has now been removed from the foreign Web site, the company said, and in a press release added: “As a matter of policy, Cisco Systems takes security very seriously and will continue to take active measures to protect all partner and customer-facing information”.
However, the company failed to elaborate on how a possible breach in its own security may have occurred.
Analysts and experts say it is possible that the source code could be used by hackers to find and exploit vulnerabilities in the software. So far, no such hacks have been reported.
The FBI is continuing to investigate the leak, although company sources refused to give details of the specifics of the investigation. In the meantime, however, the company has confirmed that there are no immediate customer issues to address.
News of the leak comes just three months after Microsoft’s code for parts of Windows 2000 and Windows NT was leaked onto the Internet, raising more questions surrounding the storage of commercial code on online computers.