17 May 2004 Networking giant Cisco has announced that about 800 megabytes of its proprietary source code that drives its networking hardware has appeared on the Internet.
The code was published on Russian security site Securitylabs.ru. The Russian IT security company claim that a hacker stole the code by breaking into Cisco’s corporate network, although it is unclear whether a security breach was the cause of the leak.
A person known as “Franz” then went on to boast about his theft and display 2.5 megabytes of the code on an Internet Relay Chat (IRC) club.
“Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public Web site just prior to the weekend,” said Jim Brady to News.com just prior to the code appearing on the Russian site.
The news comes just three months after Microsoft’s code for parts of Windows 2000 and Windows NT was leaked onto the Internet, raising more questions surrounding the storage of commercial code on online computers.
Despite this, it is still unclear to what extent the leaked source code will affect the security of Cisco hardware. Microsoft’s security was not significantly compromised by the code leak. Moreover, attackers have so far not tended to focus on vulnerabilities in networking hardware.
Cisco told Infoconomy that the company’s information security team is looking into the matter, although at this stage they refused to comment on the leak or any associated risks.
The Russian site posted two files of source code written in the C programming language by two Cisco employees, related to next-generation Internet protocol 6 (IPv6) capabilities. One file was said to be copywritten in 1996, the other in 2003.