Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
Check out the new SourceForge HTML5 internet speed test! No Flash necessary and runs on all devices. ×
Security

Arrest in Cisco Code Theft 147

Kozar_The_Malignant writes "The BBC is reporting that an arrest has been made in the case of the stolen Cisco code that was posted to the internet last May. Approximately 800 MB was posted to a Russian security website. No name has been released and details are rather thin."
This discussion has been archived. No new comments can be posted.

Arrest in Cisco Code Theft

Comments Filter:
  • by Anonymous Coward on Monday September 20, 2004 @04:11PM (#10300923)
    No name has been released

    Just because you have no name, it doesn't automatically mean you're guilty.
  • It always seems... (Score:5, Interesting)

    by flewp ( 458359 ) on Monday September 20, 2004 @04:11PM (#10300924)
    to be younger people who get arrested for these kind of acts. I'm reffering to things such as code theft/release, warez, writing worms, viruses, etc. Is it because the the younger ones aren't as bright and therefor don't cover their tracks as well? Or is it because as you get older, the appeal of these kind of things drops? A combination of both? Something else? I would have to assume it's a combination of both, but I have no idea.
    • by Anonymous Coward on Monday September 20, 2004 @04:13PM (#10300954)
      The old people are in jail from being caught when they were young.
    • by Dogtanian ( 588974 ) on Monday September 20, 2004 @04:24PM (#10301053) Homepage
      [It always seems] to be younger people who get arrested for these kind of acts [..] Is it because the the younger ones aren't as bright and therefor don't cover their tracks as well? Or is it because as you get older, the appeal of these kind of things drops?

      You wouldn't believe how old some of the world's top hackers and crackers are. For example...

      The Queen Mother [66.102.9.104] didn't die.

      In fact, it is little known that she was an u83r1337 h4x0r whose skills reached terrifying levels during her "lifetime". However, wary of the risk of getting caught, and not exhibiting the carelessness or egotism of youth, she decided the only way to practice these skills to their full extent was to fake her own death.

      It is rumored that, post-"death", she is working as a black-hat hacker on behalf of Microsoft, and that her alias is qqqqmutha ("four 'q' mother").

      The Queen Mother is 104.
    • They let the son or younger brother turn up for it by telling him the judge would go easier on him.
    • Perhaps there are a lot of code related crimes out there done by individuals at all ages, but the objectives are different, hence the difficulty of catching those whose main goals are not those of mischief, but of industrial espionage, who I would think will be quite more interested in covering their tracks rather than boasting about their achievements.

    • Most younger people also don't have that much money to spend on software, etc.
    • by irokitt ( 663593 ) <archimandrites-iaur.yahoo@com> on Monday September 20, 2004 @04:48PM (#10301304)
      That's because the older ones have discovered girls.
    • by shawn(at)fsu ( 447153 ) on Monday September 20, 2004 @04:57PM (#10301428) Homepage
      In criminology (my degree) it is called "aging out"

      The older you get the less likely you are to comit a crime. Why it is is not so clear, one theroy says it is because you have more to lose (money, freedom etc) another says you have more reason to stay out of jail (children wife/husband etc), there are other reasons why this might happen but these are the two I remeber.

    • I just actually bought a copy of Microsoft Office 2004 for MacOS X. Granted it was an academic copy, but even at 21 I just lost my ability to sit there for hours waiting for something to download that I could easily buy.

      After a while you also tend to gain an appreciation for paying people for producing software. Granted I probably won't ever buy another copy of Office unless it's the academic version, but what the hell?
    • by vsprintf ( 579676 )

      Is it because the the younger ones aren't as bright and therefor don't cover their tracks as well? Or is it because as you get older, the appeal of these kind of things drops? A combination of both? Something else? I would have to assume it's a combination of both, but I have no idea.

      I doubt that it has to do with intelligence. I'm living proof you don't get any brighter as you get older. :) Why is it usually the younger ones who vandalize cars and graveyards and toilet-paper houses? I'd guess it's a c

    • It's evolution...

      Survival of the fittest. Those smart enough not to get caught get to grow old in peace. Those weaker, are caught before they grow old.
  • by puzzled ( 12525 ) on Monday September 20, 2004 @04:14PM (#10300966) Journal


    I've got and have had IOS 11.3 source sitting here for about two years. I kept notes on the dork who gave it to me. I contacted Cisco asset recovery, whom I had worked with before, and they got me to the IP guys. I've been waiting and waiting to be interviewed and nothing happens ... maybe they don't care about old school code or something, but I found the lack of interest somewhat strange.

    • It really is the sensationalism that's the key issue. These people dont get arrested for doing damages or anything like that, its all about the image. There was somewhat of a media frenzy when this first happened, which made cisco look bad. The only way to counter-balance that is to takedown the kid responsible. Arresting some kid in england isn't going to stop future breakins. They prolly get busted into all the time, but when the person you are talking about got 11.3, there wasnt a major story about
    • I've been waiting and waiting to be interviewed and nothing happens ... maybe they don't care about old school code or something, but I found the lack of interest somewhat strange.
      Was there something interesting in the code, though???
  • Aww Poncho! (Score:5, Interesting)

    by samberdoo ( 812366 ) on Monday September 20, 2004 @04:19PM (#10301011)
    I don't see how this is going to keep people from hacking Cisco products. The only difference here is the code was "published". From what I have been told the code has been available in the "warez" community for years.
  • by Weaselmancer ( 533834 ) on Monday September 20, 2004 @04:19PM (#10301012)

    From the article:

    Soon after the appearance of the code Cisco confirmed that the FBI was investigating how the theft had occurred.

    And...

    Cisco said that it had not been stolen as a result of loopholes in its software.

    So, they need the FBI to determine how the theft occurred, but they're sure it wasn't because their software has security holes?

    Either you know how it happened or you don't, guys. Can't be both.

    • So, they need the FBI to determine how the theft occurred, but they're sure it wasn't because their software has security holes?

      You can be sure of ways it DIDN'T happen without actually knowing how it did. I may not know exactly where Cisco is keeping their current source code, but I can be reasonably sure that it's not in my pants, or on the moon.


    • So, they need the FBI to determine how the theft occurred, but they're sure it wasn't because their software has security holes?

      It is very possible that Cisco knows how the theft happened. But keep in mind that we haven't quite realized the futureshock predictions of corporations-as-government. As such, Cisco will not be prosecuting any associated criminal case and will have to rely on the FBI, as an agent of the federal government, to maintian their traditional role. Cisco may provide what eviden

      • Cisco may provide what evidense they have of the intrusion. But the FBI will still be running its own investigation and ultimately coming to their own conclusions - even if they end up matching Cisco's.

        Ah - I see that. Yeah, that could be the case. Good point.

        But - I still think "Cisco said that it had not been stolen as a result of loopholes in its software" is probably a bogus statement. How could anyone possibly know that to be 100% true? That is, unless they have the schmuck on a videocamera s

    • Not so true, you can start to eliminate vectors as you gain more facts.

      lets say you own a business and one day you come in and cash is missing. There are no signs of forced entry (no broken windows no kicked in doors), the only thing disturbed is the cash drawer and the tape from the security camera is missing. You can more or less eliminate a random buglery and focus on people with a working knowledge of your operations such as employess.
  • It took too long.
  • by The I Shing ( 700142 ) * on Monday September 20, 2004 @04:23PM (#10301046) Journal
    Russian officials have identified the suspect as a 75-year-old deranged homeless man named Dmitri. Dmitri has never seen a computer or even heard of computers or the internet, and upon being arrested declared himself to be the reincarnation of Czar Nicholas II. Russian authorities state that Dmitri is the ringleader of every single former Soviet-bloc hacking and IP theft operation, which he was running from a cardboard box under a freeway overpass, and once he's been put to death following a speedy closed-door non-jury trial, which takes place in about twenty minutes, all Russian-based criminal activity on the internet will cease. Officials are hailing the arrest as a triumph for the Russian criminal justice system and the dawning of a new era in East-West internet-based relations. Dmitri's friends, two of whom are imaginary, are protesting by wrapping themselves in some copper wire they found and then trading it for vodka.
  • Oh my god! (Score:1, Interesting)

    by Anonymous Coward
    They caught Simeonoff from Varna Hacking Group! The greatest hackers in the world got arrested?!?
  • I guess the feds got her!
  • Caught the "I love smell of napalm joke". But you
    see it gets better.

    Consider: this closed source code is now *feared*.
    The mortals are *uncertain*. and with a little luck
    they'll have a whole boat load of *doubt*.

    Zeus himself couldn't have delivered a nicer gift
    to all of the OSS people. Chuckle. Understand how
    much you should *doubt* those people at Cisco.

    Gosh. Why would I want to put anything on my machine I can't look at the source of. Hey: Thank you for reminding me why I'd really rather prefer not havin
  • Anyone's got a torrent link ? ;-)
  • According to Reuters [reuters.co.uk]:

    "The spokesman declined to name the target of the hack, but people familiar with the investigation have said authorities suspect the man lifted the source code directly from Cisco's corporate computer network."

    Helevius

    • From ITWorld [itworld.com]:

      Malicious hackers made off with code for versions 12.3 of IOS after the thief compromised a Sun Microsystems Inc. server on Cisco's network, then briefly posted a link to the source code files on a file server belonging to the University of Utrecht in the Netherlands, according to Alexander Antipov, a security expert at Positive Technologies, a security consulting company in Moscow.

    • by afidel ( 530433 ) on Monday September 20, 2004 @06:30PM (#10302444)
      Wouldn't be hard if you had a way to get past the firewall of doom (the nickname for the main gateway firewalls at Cisco). Once internal you basically have your typicall soft centered network. The source code is available via NFSv3 mount points that are protected by simple host authnetication with username/password authentication being bypassable. Only the export restricted stuff is really all that locked down and even that wouldn't be that hard to get to for a determined hacker.

      This knowledge is now 3 years out of date but I really doubt Cisco has taken major leaps to improve internal security.
  • So, IOS stands for "the Internetwork Operating System"?

    I guess "Internet" must always be preceded by "the".
  • by runderwo ( 609077 ) <runderwo@@@mail...win...org> on Monday September 20, 2004 @05:10PM (#10301580)
    So, was the stolen code returned, so Cisco can continue development on it? It must have been terrible for them to have to hold up production on the missing code while the thieves were tracked down.

    • Very good point---it was not stolen but copied. The /. editorial policy should clearly distinguish between copyright infringement and theft, which are two completely different actions.
  • The article makes it seem like this source code is the magic key that holds the whole internet together. Is the press really doing its job by scaring the masses into believing this idea? Is it too much to ask that they have higher standards in writing pieces on comlex subjects?
  • Hopefully they recovered the stolen code so Cisco could have it back. I bet they had to rewrite some of it while the original code was still missing. Oh, wait, they put the code on a website... did someone steal it from that site too? (and did they track down where it went)

    Of course, what I want to know is how much 800MB of source code weighs.
  • I submited that same story half a day ago and got a shiny =rejected=, although I referred to The Register's article [theregister.com]. Whining aside, what I didn't expected to read (not @the reg, at least) was the following ^insightful^ observation: "The theft is a worry for security pros because wider access to Cisco's proprietary source code might make it easier for hackers to develop exploits." I guess I was fooling myself thinking that at least some open source firewall/scurity-related solutions are indeed (as)secure(as

I THINK MAN INVENTED THE CAR by instinct. -- Jack Handley, The New Mexican, 1988.

Working...