Officials: Cisco theft was part of a much bigger attack

Last year's IOS source code theft from Cisco was huge in itself, but authorities now believe it was one element of a much larger cyberheist.

Investigators believe last year's IOS source code theft from Cisco was part of a much larger attack on thousands of computer systems involving a single intruder or small group in Europe.

Investigators in the United States and Europe told the New York Times they've spent close to a year on the case, which has also involved attacks on computer systems serving the U.S. military, NASA and research laboratories.

The break-ins exploited network security holes that have since been plugged, the Times reported. Authorities said the case shows how easily attackers can break into Internet-connected computers, no matter how sophisticated the corporate and government networks might be. It also shows how difficult it can be to find the perpetrators, they said. The case remains under investigation.

For more information

For the latest IT security-related news, visit SearchSecurity.com.
Attention is now focused on a 16-year-old in Uppsala, Sweden, who was charged in March with breaking into university computers in his hometown. The Times reported that investigators in the American break-ins ultimately traced the intrusions back to the Uppsala university network.

While Cisco offered few details on how much source code was lifted in last year's theft, several Internet sources have since repeated details initially posted on Russian security Web site SecurityLab -- hackers broke into the company's network and lifted 800 MB of source code for IOS 12.3 and 12.3t.

Another news source reported that a 2.5MB sample of what is supposedly IOS code was released on the Internet Relay Chat channel as proof of the theft.

Months after the breach, a group called The Source Code Club announced it was selling the blueprint for an older version of the popular Cisco Systems Pix firewall for $24,000. The group said in an online statement: "This release is significant because Pix is vital to the security of many ultra-secure networks." The group specifically boasted code for the Pix 6.3.1 source code, which was replaced in July with 6.3.4.

It remains unclear if that development was specifically related to last May's source code theft.

Dig deeper on Network Security Monitoring and Analysis

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close