Cisco Probes Report Of Source-Code Theft

Cisco Systems says it's investigating a report by SecurityLab, a Russian Web site, that the source code for its primary operating system was stolen last week.

In a statement E-mailed to InformationWeek on Monday, the networking-gear maker said it is "fully aware that a potential compromise of its proprietary information occurred and was reported on a public Web site just prior to the weekend. Cisco is fully investigating what happened."

The code reportedly leaked onto the Internet is Cisco's IOS 12.3, the most recent version of its network operating system which runs many of its routers and the hardware that supports the backbone of the Internet.

Security experts warn that if the report is true and Cisco's proprietary code has been made available on the Internet, hackers could comb through that code in search of potential security flaws. However, earlier this year, some code used in Microsoft's Windows NT and Windows 2000 operating system was leaked to the Internet and no major attacks can be attributed to that incident.

Cisco customers have been placed at risk due to a handful of security issues relating to Cisco's software in recent weeks. In mid-April, the company acknowledged a security flaw with its proprietary Lightweight Extensible Authentication Protocol and released a new version of that protocol which the company said eliminated the threat of attack.Just weeks prior to that incident, a hacker attack tool, dubbed "Cisco Global Exploiter," surfaced on the Internet. The tool makes it possible for hackers to attack nearly a dozen security vulnerabilities found in various Cisco products.