big push into the corporate security space took a big hit over the weekend when hackers broke into its corporate network and stole chunks of the source code for the popular IOS operating system.
Cisco spokesman Jim Brady confirmed the launch of an investigation into the network breach but declined details on what was stolen. “Cisco is aware that a potential compromise of its proprietary information occurred…Based on preliminary data, we don’t believe any confidential customer information or financial systems were affected,” he told internetnews.com
The Cisco response came after a Russian security Web site reported that hackers broke into the switching and routing giant’s network and stole 800MB of source code for IOS 12.3 and 12.3t. Samples of the code were reportedly posted on an underground IRC channel as proof of the breach.
12.3 operating system powers Cisco’s networking product suite, including routers used in homes, small businesses and the 7000 series that comprise the Internet backbone.
The company declined comment on the specifics of the breach until its security unit completes an investigation. “It appears that this occurrence was not the result of any exploitation or a vulnerability of any product or service offered by Cisco,” Brady said. “[We do not believe] it was the result of any malicious action by any Cisco employee or contractor.”
Asked if news of the breach could put a damper on the company’s well-documented integrated security push, Brady made it clear the network hack was not the result of a software or product flaw.
Still, it comes at a crucial time for the San Jose, Calif.-based firm which dominates the market for network and switching equipment. In recent months, Cisco has been on a shopping
spree for companies in the security business, scoring deals to acquire Riverhead Networks and Twingo Systems.
The company also rolled out a new “self-defending network” strategy that included the launch of security hardware and software.
Now, with portions of its latest IOS source code in the hands of malicious hackers, there is a legitimate fear that exploits could surface to attack Cisco products.
Cisco is not the only big-name software firm that has dealt with leaked source code this year. In February, portions of code for Microsoft’s Windows 2000 and NT operating systems were illegally posted on the Internet.