Investigators believe last year's IOS source code theft from Cisco was part of a much larger attack on thousands of computer systems involving a single intruder or small group in Europe.
Investigators in the United States and Europe told the New York Times they've spent close to a year on the case, which has also involved attacks on computer systems serving the U.S. military, NASA and research laboratories.
The break-ins exploited network security holes that have since been plugged, the Times reported. Authorities said the case shows how easily attackers can break into Internet-connected computers, no matter how sophisticated the corporate and government networks might be. It also shows how difficult it can be to find the perpetrators, they said. The case remains under investigation.
While Cisco offered few details on how much source code was lifted in last year's theft, several Internet sources have since repeated details initially posted on Russian security Web site SecurityLab -- hackers broke into the company's network and lifted 800 MB of source code for IOS 12.3 and 12.3t.
Another news source reported that a 2.5MB sample of what is supposedly IOS code was released on the Internet Relay Chat channel as proof of the theft.
Months after the breach, a group called The Source Code Club announced it was selling the blueprint for an older version of the popular Cisco Systems Pix firewall for $24,000. The group said in an online statement: "This release is significant because Pix is vital to the security of many ultra-secure networks." The group specifically boasted code for the Pix 6.3.1 source code, which was replaced in July with 6.3.4.
It remains unclear if that development was specifically related to last May's source code theft.