Hackers offer stolen firewall code for sale

Cisco is taking a hard-line stance to the alleged theft and online sale of its source code from PIX 6.3.1. firewall software.

A local spokesperson for the networking giant, Peter Witts, said the company is taking the matter very seriously.

On a note posted to the alt.gaps.international.sales newsgroup last week, Ukranian outfit the Source Code Club (SCC) announced the 37.5MB code was available for just over $30,000.

The group, which earlier this year offered online sales of the source code of the Enterasys Dragon Intrusion Detection System 6.1 for $25,000, is now hawking what is considered to be source code for the most commonly used corporate firewall in Australia.

Current software for Cisco PIX (version 6.3.4.) was released in July this year.

While the stolen PIX code (6.3.1.) was released in March 2003 the SCC is now offering more - code deemed "sensitive" - to anyone willing to pay.

Despite the theft, AusCert (Australian Computer Emergency Response Team) analyst Robert Lowe, said the posting hasn't resulted in new vulnerabilities being created although it is still a concern for Cisco customers.

"Source code is like the floor plans to a house and a floor plan gives you more ability to break in -people using source code to look for vulnerabilities already have a head start and don't have to reverse-engineer software," Lowe said.

"It is definitely a concern for customers but Cisco is capable of handling the incident."

Nick Verykios, marketing director of Melbourne-based Firewall Systems, said it is serious for customers because the code is now in the wild and open for anyone to use.

"It is like a bank losing every single user ID and personal password - it is exposed to the world and once the coding is open - whether or not theft has been factored in the design is irrelevant," Verykios said.

"The key thing now is that those firewalls are vulnerable - an IT manager can sit and worry until the cows come home but the damage has been done and the reality is you might have a vulnerable network.

"The saving grace is if IT managers have proper security policies in place, but they should already be outsourcing to security companies."

In September this year a 20-year-old British man was arrested for stealing, and posting more than 800MB of source code from Cisco's Internetwork Operating System in May to a Russian Web site.

Join the newsletter!

Error: Please check your email address.

More about AusCertAustralian Computer Emergency Response TeamCiscoComputer Emergency Response TeamFirewall Systems

Show Comments

Market Place