A recent hacker attack that compromised some of the crucial equipment powering the Internet has sparked a debate on whether the stolen Cisco Systems code used to penetrate the complex systems still poses a threat to the web.
Experts have argued for years whether software that has its source code freely distributed is more, or less, secure than proprietary applications. Code for the open-source Linux operating system, for example, is available to anyone, and many experts argue that makes it more secure than Microsoft's proprietary Windows.
"The availability of source code is a long discussed, unanswered question," said Art Manion, Internet security analyst at the CERT Coordination Center at Carnegie Mellon University, which provides incident response services to sites that have been attacked. "There are arguments for having source code available that, whether intentionally or by misappropriation, may allow someone to break into a system, or it could allow the good guys to find problems and fix them."
The debate was rekindled last week when The New York Times reported the arrest of a Swedish teenager suspected of boring into the critical aerospace and academic systems at NASA's Jet Propulsion Laboratory, the Patuxent River Naval Air Station, the White Sands Missile Range, the University of Minnesota, University of California at Berkeley, and other facilities.
The teenager allegedly used stolen source code from the operating system of Cisco routers to reach into the supercomputing network known as the TeraGrid. Once there, the suspect allegedly gained access to at least 50 systems throughout the Internet. The teen was arrested by the FBI and Swedish police, and later released to his parents.