Cisco's IOS Code 'Compromised'

Hackers have obtained source code for Cisco Systems Inc.'s (Nasdaq: CSCO) Internetwork Operating System (IOS) 12.3 Operating System, according to a report released over the weekend.

The significance is hard to determine, but it could help hackers identify security vulnerabilities that would enable them to disable routers and take down parts of the Internet.

The risk of this happening depends on how many security vulnerabilities exist in the code and what exactly has been stolen. Different versions of IOS Release 12.3 are used in a wide variety of Cisco equipment, including its 7000 series routers and Catalyst 6000 switches (see Cisco's Release Notes).

Cisco issued the following statement this morning: "Cisco is aware that a potential compromise of its proprietary information occurred and was reported on a public website just prior to the weekend. The Cisco Information Security team is looking into this matter and investigating what happened."

Russian Website SecurityLab.ru broke the news of the IOS theft. One of the parties claiming responsibility fed snippets of code to the site's administrators as proof of the deed; the snippets are posted at http://www.securitylab.ru/45222.html and http://www.securitylab.ru/45223.html.

To the extent that Web translations can be trusted, the site appears to be saying Cisco's network was hacked, leading to 800 Mbytes of source code being taken.

There's a chance it's the real thing. Routing expert and former Cisco employee Tony Li posted to a mailing list for the North American Network Operators' Group (NANOG) saying the code appears "(approximately) genuine" and includes "normal calls to IOS infrastructure routines." Comments in the posted code indicate it was written in June 1996 by Kirk Lougheed.

On the plus side, router code is more complex than Microsoft Corp. (Nasdaq: MSFT) code. Routing expertise isn't as widespread as PC operating system knowledge. And to do any damage, a hacker probably would have to determine how the modules link to each other and find vulnerabilities in those links, says Frank Dzubeck, president of consulting firm Communications Network Architects.

Another factor is the age of the compromised code. Newer elements of IOS haven't been implemented yet or, in the case of IPv6, may apply primarily to Asia but not to Cisco's entire customer base, making any damage less apocalyptic. On the other hand, certain aspects of routing code trace back to IOS's beginnings; should that code fall in the wrong hands, it could force Cisco to issue patches applying to every prior release, a case worse than what Microsoft faces with its patches, Dzubeck says.

"There are people running [Cisco code] six or eight releases back," he says. "The average guy running a small router never changes code. And then, AT&T and some of these big guys are running several different instances of code."

Possibly worst of all, though, are the implications to Cisco's business should the code become public domain. "Now you have no problems with any vendor being compatible with Cisco. You suddenly reduce the hardware to a commodity," Dzubeck says. "It would disenfranchise Cisco, because if you ask what Cisco is as a company, it's IOS."

Of course, Cisco could try to litigate or use the criminal justice system to track down the thieves, if in fact their were any -- but even then it will be hard to undo any damage.

That -- along with the possibility that Cisco's own network was breached, bringing its security features under question -- makes Cisco's explanation of the weekend's events crucial. "This week, a whole lot of information has to come out of Cisco," Dzubeck says. "If they stonewall, there are going to be a lot of problems."

— Craig Matsumoto, Senior Editor, Light Reading

Page 1 / 3   >   >>
bobcat 12/5/2012 | 1:46:54 AM
re: Cisco's IOS Code 'Compromised' So much for the "self defending network"...
Or maybe IT needs a few more CCNA/CCNP people...

netfulcrum 12/5/2012 | 1:46:52 AM
re: Cisco's IOS Code 'Compromised' Maybe the little girl in the commercials figured out that "Self Defending Networks" is yet another over-hyped, over-promised market-ecture which Cisco has not/ will not deliver on... maybe they have TOO MANY CCNA/CCNP's on their IT security staff ;-)
The irony is just delicious...
DocGonzo 12/5/2012 | 1:46:48 AM
re: Cisco's IOS Code 'Compromised' The fact that Cisco was hacked is no surprise; no doubt they have countless daily attempts. That boastful style of marketing they (and a few others)adopted is a double edged sword. It certainly calls a lot of attention to you; some good, some not so good. Nothing like daring the world to disprove your claim of "self-defending networks".

The real mischief could be yet to come if the IOS source code lands in the hands of some smart people with devious intentions.

I can already hear a great whirring of the spin machine coming from the direction of San Jose...

stephenpcooke 12/5/2012 | 1:46:47 AM
re: Cisco's IOS Code 'Compromised' The question that most people do not consider is that the code was not just 'looked at' but that it may have been altered in some fashion (eg: a 'back door' added, etc.). If those who were able to hack through the PIX firewalls, code access protections and knew what code to 'look at', I'm quite certain that they could have made some unobsequious changes that will be hard to detect given the size of the OS, the potential amount of churn and the number of designers that are making updates. If a change was made and not detected (and removed) it would ripple through all following versions.
bobcat 12/5/2012 | 1:46:45 AM
re: Cisco's IOS Code 'Compromised' True enough there are serious reprecussions should it be true. Still.., I doubt that anything, other than some future additional patches rolled up into a (Microsoft coined phrase), "Service Pack" (actually a minor release) is all it will come to (maybe often). The marketing spin to gain or keep customers is what will be interesting. A some roadtrips, and Buyer beware.

coreghost 12/5/2012 | 1:46:44 AM
re: Cisco's IOS Code 'Compromised' Nobody should fool themselves about events like
this. The smart people with devious intentions
aready have the IOS source code along with the
windows source code and practically anything
else they want. Keeping source code secret
to hide security flaws almost inevitably does
nothing to stop the bad people. All it does
is create a false sense of security and let
the internal owners of the software sweep problems
under the rug.

sevenbrooks 12/5/2012 | 1:46:39 AM
re: Cisco's IOS Code 'Compromised'
This can have been done is a MUCH lower tech way than actually hacking the network. I am sure that programmers, put source code in the garbage on occasion......

mr zippy 12/5/2012 | 1:46:34 AM
re: Cisco's IOS Code 'Compromised' I am sure that programmers, put source code in the garbage on occasion......

Programmers may also take copies of source code home, so they have either a personal archive of work they are proud of, or so they can keep a personal archive of techniques they have used in the past for future reference.
zher 12/5/2012 | 1:46:32 AM
re: Cisco's IOS Code 'Compromised' when reading this story, plz see the advertisement, which is Juniper...

If the hacker got the IOS code by hacking the Cisco's enterprise firewall, which should be PIX probably, Juniper must be laughing at Cisco along with Netscreen...

Just kidding....
Indy_lite 12/5/2012 | 1:46:32 AM
re: Cisco's IOS Code 'Compromised' When will Juniper code be available in a
similar way, on Russian web site ?
Page 1 / 3   >   >>
Sign In