Cisco Software Apparently Stolen, Giving Hackers Glimpse Into Code
A portion of the Cisco Systems Inc. software that runs most of the networking equipment on the Internet was apparently stolen and published on the Web.
The apparent theft might allow hackers to exploit weaknesses in the code and could embarrass Cisco, which has a growing business helping other companies fend off cyberthreats.
A Russian computer-security Web site published two snippets of software code and said they were a small portion of the 800 megabytes of code that had been stolen. The Web site,
www.securitylab.ru, said it received the excerpts from a pseudonymous hacker. A Cisco spokeswoman said the published excerpts were genuine and confirmed the authors listed in the snippets are company employees.
Security experts said publication of the code wasn't an immediate security threat. Still, they said hackers might study the code for flaws that would allow them to disrupt or disable Cisco routers, which could have a big impact on the Internet. Cisco, of San Jose, Calif., makes the overwhelming majority of machines that direct computer traffic across the Internet. "My first guess is that it's more an embarrassment than a real security flaw" for the Internet, said Gregor Freund, chief executive of the Zone Labs unit of Israel's Check Point Software Technologies Ltd.
The apparent theft of the code could pose a marketing challenge for Cisco, which increasingly has touted its products' security features. For example, Cisco sells products designed to warn of unauthorized attempts to tap into a network. The spokeswoman said she didn't know when or how Cisco learned its code had been stolen.
The incident marked the second time this year that secret software code from a high-technology giant has been posted on the Internet. In February, hackers posted code from Microsoft Corp.'s Windows operating system. There have been no known attempts to exploit weaknesses in that code with viruses or worms. The code apparently stolen from Cisco is a portion of the Internet Operating System that is on every piece of Cisco equipment.
思科系统软件被盗,源代码已被公布
运行于大部分互联网网络设备的思科系统(Cisco Systems Inc., CSCO, 简称:思科)软件有一部分显然已被盗,并已被公布在互联网上。
上述明显的盗窃行为可能将使黑客更容易利用思科软件源代码的弱点进行网络攻击,将以帮助其他公司防范网络攻击为业务增长点的思科公司置于尴尬境地。
一家俄罗斯电脑网络安全网站公布了被盗软件源代码的两个片断,并称这仅是被盗800兆字节源代码中的一小部分。思科系统发言人称,公布的部分源代码属实,并证实源代码片断中所列的作者是思科公司员工。
安全专家称,公开源代码并不会立刻对网络安全造成威胁。但是他们说,黑客可能会研究源代码的缺陷,然后对思科路由器进行攻击,可能造成路由器中断或无法工作,这将对互联网造成巨大影响。绝大多数网络设备都由思科系统生产。
以色列Check Point Software Technologies Ltd.旗下Zone Labs的首席执行长Gregor Freund称,他听到上述消息后的第一感觉是,这将是互联网真正的安全隐患,而不仅仅是尴尬。
源代码被盗事件使思科产品的营销面临巨大挑战,思科一直以公司产品的安全性能而自豪。例如,当有未授权网络访问时,思科的产品就会发出警告。但是,思科发言人称,直到俄罗斯网站公布部分源代码后,公司才知道源代码被盗。
