Wednesday, May 11, 2005

Cisco, Major Networks Repeatedly & Successfully Hacked

The Wall Street Journal, New York Times and other sources reported yesterday that major corporations, universities, military, and government sites have been repeatedly and deeply hacked over the past year. Cisco lost source code to its IOS operating system, the brains of many enterprise and Internet infrastructure routers.

This is seriously bad news, for a number of reasons. Cisco has already faced increasing competition form Huawei, a Chinese router start-up that was sued for having used IOS code in its own routers. The hacker apparently replaced the Unix SSH module used for logins with a Trojan horse, capturing login names and passwords from numerous users, and eventually getting root-level privileges that allow any theft or modification without limit.

How can major corporations, universities, the military, and government agencies leave their networks vulnerable to this kind of hacking? The probability of an Internet-based electronic war against the United States just went up appreciably.

The Wall Street Journal online story follows:

Cisco Confirms Hacker Stole Code
By SCOTT THURM
Staff Reporter of THE WALL STREET JOURNAL
Cisco Systems Inc. said a piece of its software that appeared on a Russian Web site last year was stolen as the result of a "breach" in the company's security policy and that an alleged hacker was briefly detained in Sweden.
The stolen code was a portion of the operating system for Cisco's routers, which direct most of the traffic across the Internet. Cisco said it has been cooperating with law-enforcement agencies since the theft was discovered last May.
The New York Times reported late last night on its Web site that the theft of Cisco's code was part of a broader series of attacks on computers at U.S. universities, research laboratories, the National Aeronautics and Space Administration and the U.S. military. The Times said it wasn't known whether data from those computers were stolen or destroyed.
A Cisco spokeswoman said she couldn't comment on the purported computer break-ins at other institutions. In a statement, she said, "We have learned through the investigation that the code posted on the Internet was the result of a breach in our security policy and not the result of any exploitation or vulnerability in any Cisco product or service."
Cisco, of San Jose, Calif., doesn't know of any use of the stolen code to infiltrate or disrupt its customers' systems, the spokeswoman said. "Cisco believes that the stolen code does not create increased risk to customers' networks," she said.
In September, British police arrested a 20-year-old man in Northern England on suspicion of involvement in the theft. That man was never charged, according to a person familiar with the case.

No comments:

Post a Comment

All comments are moderated.

Note: Only a member of this blog may post a comment.