It's still not commenting on a report on a Russian Web site that a sizeable portion of the code for its Internetwork Operating System has been stolen and is circulating on the Internet.
Cisco Systems is still remaining quiet five days after the news broke on a Russian security firm's Web site purporting that a sizable portion of the company's Internetwork Operating System has been stolen and is circulating on the Internet.
IOS is the software that runs much of Cisco's networking gear, which many of the world's businesses and governments use to run their critical IT networks.
Research firm Gartner issued a brief analysis of the purported source-code theft late Wednesday and warned Cisco customers that the theft creates "a potentially serious security problem." However, Gartner security analyst John Pescatore says he believes it's unlikely that a worm or a sizable uptick in hacker attacks is likely to result from the availability of the IOS source code.
Pescatore says the Cisco theft closely resembles the situation Microsoft found itself in February, when portions of its Windows operating-system source code leaked onto the Internet. "We're not finding new vulnerabilities from Microsoft's source code having been leaked," he says. "Typically, with a mature software product like IOS, the skills needed to find the big flaws require a pretty experienced security professional."
Stuart McClure, president and chief technology officer at information security firm Foundstone Inc., said Thursday that the level of security risk for companies running Cisco gear largely depends on how much, and what type of, IOS source code was actually pilfered. "If it's complete modules or large chunks of code, the risk is substantially higher," McClure said.
However, if an exploit--a tool hackers can use to more easily attack software vulnerabilities--or a worm were to surface, McClure predicted a rough ride for security professionals and network administrators. An attacker "could craft more vicious worms or complicated attacks as a result of having the source code," he said. "Source-code attack vectors can be more difficult to fix and patch."
Pescatore warns of a potentially more troublesome attack, depending on how much of Cisco's source code is available to hackers. He says attackers potentially could modify Cisco's licensing and registration mechanisms, meaning that businesses could be exposed to illegally modified copies of Cisco's software--which might, for example, contain some type of backdoor or Trojan-horse application that attackers could use to gain entry into systems. "Something like that is a bigger concern than a worm," Pescatore says.
Companies may not know how much risk their IT systems actually face until more details surrounding the theft surface.
As of Thursday morning, Cisco wouldn't say anything more than it had said when the claims became public earlier this week: It's "aware that a potential compromise of its proprietary information occurred," and the company is fully investigating what may have happened.
The FBI acknowledged Tuesday that it's looking into the case. A spokesman in the FBI press office told InformationWeek, "We are assisting Cisco in the investigation of a possible theft of proprietary data."
How Enterprises Are Attacking the IT Security EnterpriseTo learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
IT Strategies to Conquer the CloudChances are your organization is adopting cloud computing in one way or another -- or in multiple ways. Understanding the skills you need and how cloud affects IT operations and networking will help you adapt.