The release of the Cisco IOS sourcecode came only months after someone illegally posted an incomplete version of Microsoft 2000 sourccode on the Internet. While Windows 2000 has been replaced by XP, it still shares some sourcecode with 2000. It’s uncertain what the motive behind either attack might be, but the data may make it easier to exploit vulnerabilities in the software.
Police in the U.K have arrested a 20-yearold man in connection with the case who is suspected of committing “hacking offenses” under the country’s Computer Misuse Act of 1990. The suspect has been released on bail, but computer equipment has been seized to discover forensic evidence. Police have not released further details since the investigation is ongoing.
It’s unclear what the ramifications are regarding the stolen sourecode, and whether a hacker may use it to exploit systems in the future. Normally, networking software can only be manipulated using a management terminal located inside the site. A hacker would likely require considerable knowledge of a network to make use of the sourcecode. It may be more of a PR problem for Cisco, since their current branding slogan describes a Self-Defending Networking and their image could be tarnished by such attacks on their network.
1. What implications are there for Cisco if trade secrets were compromised in the hacker’s release of the sourcecode?
2. How was the hacker able to breach the network defenses at Cisco?
3. Have there been any network attacks using the stolen software since the hacker’s attack in 2004?