Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cisco Confirms Arrest In Theft Of Its Code

Zonk posted more than 9 years ago | from the crackdown-on-black-hats dept.

Security 113

spafbnerf writes "Informationweek is reporting on Cisco Systems' confirmation of an arrest in connection with the theft of its IOS 12.3 source code last year. On Tuesday, The New York Times reported that federal officials and security experts have acknowledged that the theft of the Cisco source code was part of a wider pattern of thousands of attacks on military and research computers perpetrated by an unknown number of individuals." From the article: "The FBI fully recognizes the inherent sophistication and global nature of intrusion investigations...As such, we have worked hard to develop strong partnerships within the international law-enforcement community. In this case, we have been working closely with our international partners to include Sweden, Great Britain, and others. As a result of recent actions, the criminal activity appears to have stopped."

cancel ×

113 comments

Sorry! There are no comments related to the filter you selected.

Montreal? (0, Offtopic)

montreal!hahahaha (880095) | more than 9 years ago | (#12509250)

hahahaha

Re:Montreal? (0, Offtopic)

montreal!hahahahah (880120) | more than 9 years ago | (#12509403)

hahhahhahahah

Re:Montreal? (0)

Anonymous Coward | more than 9 years ago | (#12509637)

What's with the montreal thing? is there a joke here i'm not getting? please explain. thanks

Re:Montreal? (1)

Montreal!!hahahahaha (880138) | more than 9 years ago | (#12509691)

If you have to ask, my young friend, then you will never know...

muhahahahahah

theft? (0)

Anonymous Coward | more than 9 years ago | (#12509254)

Was actaul boxes of backup takes with the source code stolen, or was the source code just leaked?

Re:theft? (1)

Mr Smidge (668120) | more than 9 years ago | (#12511165)


Well, the article says theft, so we better believe it!

I feel so sorry for all the Cisco employees having to write out all that code again because it was stolen.

I can confirm this (3, Funny)

kote-men-do (881870) | more than 9 years ago | (#12509267)

The parents of the teenager in question have taken all his pokémon games.

Re:I can confirm this (0)

Anonymous Coward | more than 9 years ago | (#12509698)

Come on, he (the swedish script-kiddie) is 16. Isn't that too old for him to be playing with pokémon? His parents have obviously found and taken away his porn collection.

Re:I can confirm this (1)

Masami Eiri (617825) | more than 9 years ago | (#12510826)

Actually.. no. I know guys that are hitting 20 that enjoy the Pokemon games.. hell, my uncle, who's in his 30s likes them. The games aren't that bad. Nothing groundbreaking, but not bad.

Re:I can confirm this (0)

Anonymous Coward | more than 9 years ago | (#12512549)

Try playing Phantom Brave. It's very reminiscent of Pokemon, but there's a broader strategy element in who you summon, where, and when (they don't stick around that long). There's some truly bizarre strategies in that game.

Heck, one of the main characters is even named Ash

Re:I can confirm this (0)

takeya (825259) | more than 9 years ago | (#12512905)

Cisco IOS software sucks, for the record.

I have to work with these routers daily, and their command-line interface is inadequate, the documentation is lacking and the source code is probably FULL of holes, which is why its theft got Cisco so mad. Now the holes were obvious and they actually had to work for their customers, to secure ISPs, etc.

do they believe it themselves? (5, Interesting)

nietsch (112711) | more than 9 years ago | (#12509269)

As a result of recent actions, the criminal activity appears to have stopped.


I read that as: "As a result, the criminals have realised they were being watched and have cleaned up their act, and have made sure they are not noticed by 'them' anymore.

Now on to the FA.

Re:do they believe it themselves? (3, Insightful)

DarthVain (724186) | more than 9 years ago | (#12509436)

"As a result of recent actions, the criminal activity appears to have stopped."

I read that as: "As a result, the criminals have already gotten all the code they were looking for, and now have moved on. This is why there doesn't appear to be any more activity."

Re:do they believe it themselves? (1)

notsoanonymouscoward (102492) | more than 9 years ago | (#12513845)

now Crashoveride and the others can hack the gibson and stop Plague from unleashing the Da Vinci virus!

I can't wait to see some more of AcidBurn's clevage!!!

Appearences (1)

pocketfullofshells (722066) | more than 9 years ago | (#12509512)

can be deceiving...

I hope whoever it was at least left an easter egg behind.

Appears to have stopped - for now! (4, Insightful)

PacketScan (797299) | more than 9 years ago | (#12509271)

They. Who ever they are, will be back if indeed it's more than a few people. When it comes down to it nothing is secure. There is always going to be a way for the smart/crafty to cercumvent anything put in place.
Then again we could just write rock solid code. but that apparently is cost prohibitive.

Re:Appears to have stopped - for now! (1)

KiloByte (825081) | more than 9 years ago | (#12509635)

So... now the bad guys enjoy the code they can read in peace, and look for security holes to their heart's content. They face just a small bunch of overworked developers and very little review.

On the other appendage, a vintage PC in my basement churns packets on its cozy shelf, with an OS that has seen continuous attention of millions of developers...

Face it, the bad guys _will_ have guns. No laws or copyrights can stop them. By obstructing the access you limit the amount of kids but do nothing against determined attackers. But if you let the NRA, er, wait, the Free Software community ensure the public will have guns... hmm, my analogy is kind of shot. You know what I mean :p

Re:Appears to have stopped - for now! (1)

Absolut187 (816431) | more than 9 years ago | (#12510159)

Then again we could just write rock solid code. but that apparently is cost prohibitive.

Plus it would cut into slashdot time.

Over-confident (5, Funny)

dbleoslow (650429) | more than 9 years ago | (#12509280)

"As a result of recent actions, the criminal activity appears to have stopped."

Thanks to the bear patrol recently put in place in my neighborhood, all bear-related activity appears to have stopped.

Re:Over-confident (5, Funny)

NekkidBob (807988) | more than 9 years ago | (#12509358)

I wish to buy your tiger repelling rock...

Re:Over-confident (1, Funny)

Anonymous Coward | more than 9 years ago | (#12509363)

I was wondering if you were interested in purchasing this rock that keeps tigers away?

No more hackers! (1)

RealProgrammer (723725) | more than 9 years ago | (#12509577)

Our real thanks should go to OJ Simpson. Without his efforts to find his wife's real killer, more Hollywood wives would keep getting hacked.

Re:Over-confident (0)

Anonymous Coward | more than 9 years ago | (#12512806)

Thanks to the bare patrol recently put in place in my neighborhood, all bare-related activity appears to have stopped.

sob.

"appears to have stopped"... (3, Funny)

SharpFang (651121) | more than 9 years ago | (#12509289)

lol omfg idiots bought it!!!
Yeah. Stay put for 2 months more. And just in case you have something urgent, tunnel through Luser832, I have planted enough "evidence" on his PC to keep him in prison for 50 years.

Re:"appears to have stopped"... (1)

Polly_Morf (868942) | more than 9 years ago | (#12512239)

Sorry man. Youre going to become HUGELY disappointed. The longest prison sentence in Sweden is about 15 years (for some reason called "lifetime"). A major anti-climax for you.

Re:"appears to have stopped"... (0)

Anonymous Coward | more than 9 years ago | (#12512446)

Why do you think Luser832 lives in Sweden?

Too bad... (2, Funny)

daveschroeder (516195) | more than 9 years ago | (#12509300)

Maybe the thief could have made IOS more stable and secure. I'm beginning to think anyone could do a better job...

Re:Too bad... (3, Funny)

1evilmonkey (837713) | more than 9 years ago | (#12509356)

Thats why I have a Linksys wifi router. It works as good as everything else and has the nifty little cisco brand on it to make it look expensive and impressive.

Re:Too bad... (4, Funny)

EvilTwinSkippy (112490) | more than 9 years ago | (#12509474)

I have found Cisco routers to be remarkably stable.

We have a 7100 series that I use as a step-ladder to access stuff on a top shelf. It has never teetered or shifted.

Re:Too bad... (0)

superpulpsicle (533373) | more than 9 years ago | (#12509651)

How can you not be stable when the entire vlan standard is practically locked by cisco. They can QA the hell out of it. It's all their code.

Re:Too bad... (1)

nharmon (97591) | more than 9 years ago | (#12510361)

Cisco's proprietary vlan trunking standard is ISL, which they seem to have abandoned. Newer switches now support 802.1Q, which is an open standard that works with Linux and MS Windows.

Re:Too bad... (1, Informative)

Anonymous Coward | more than 9 years ago | (#12512967)

Link to 802.1Q std [ieee.org] (just in case people thing only the RFC's are available free). Oh - if anyone actually intends reading it, take a *LOT* of V or Red Bull or whatever passes for caffiene in your neighbourhood

Re:Too bad... (1)

natrius (642724) | more than 9 years ago | (#12509995)

We have a 7100 series that I use as a step-ladder to access stuff on a top shelf. It has never teetered or shifted.

And if it does start to teeter one day, you can fix it since you have the source now!

Or something like that.

Re:Too bad... (1)

OnlineAlias (828288) | more than 9 years ago | (#12510205)

Oh dood, those were crap. I have 2 7120's that holding up the end of my table right now, $30k worth of routers...even Cisco can't get them to do what a Linksys can do now....

If you're gonna get "nicked" by Cisco... (2, Funny)

pandrijeczko (588093) | more than 9 years ago | (#12509319)

...at least walk out with a 6500 router under your coat that you can flog on Ebay!

Re:If you're gonna get "nicked" by Cisco... (3, Funny)

CrankyFool (680025) | more than 9 years ago | (#12509602)

That's a horrible idea, and I wish slashdot would stop advocating these sorts of measures.

When was the last time you tried lifting a 6500, let alone walking with it under your coat? Only do this if you manage to drive out with a 6500 router AND Chambers' Porsche*.

*No, I don't know what he drives. Artistic license.

Re:If you're gonna get "nicked" by Cisco... (2, Funny)

pandrijeczko (588093) | more than 9 years ago | (#12509737)

In a penal establishment somewhere...

"Moi name's Slasher, I'm doin' time for armed robbery. This 'ere's Pistols, 'e killed his parents. Whas yer name, sonny, and whachoo in 'ere for?"

"I am being Hans, I am Svedish, I took code from Cisco."

"Well, 'Ans, drop yer trousers, grab yer ankles and let's see where yoov 'idden it then.."

Re:If you're gonna get "nicked" by Cisco... (0)

Anonymous Coward | more than 9 years ago | (#12509944)

from all the "hot swedish love" stories I've heard, he probably has 12000-series up there..

gives new meaning to goat.se :)

Re:If you're gonna get "nicked" by Cisco... (2, Funny)

Des Herriott (6508) | more than 9 years ago | (#12509611)

That'd be an achievement, given that a 6500 is a switch.

Re:If you're gonna get "nicked" by Cisco... (1)

pandrijeczko (588093) | more than 9 years ago | (#12509666)

IANACE (I Am Not A Cisco Expert) but I'm told by a Cisco Expert that a 6500 is a layer 3 switch with routing capabilities - so I'll agree to a stalemate!

However, I'd still stick it on Ebay as a router because nobody tells the truth on Ebay.

Re:If you're gonna get "nicked" by Cisco... (1)

dlZ (798734) | more than 9 years ago | (#12509885)

No, you have to sell it as a "Porn Enabled Router" to get the best sale!

Re:If you're gonna get "nicked" by Cisco... (1)

OnlineAlias (828288) | more than 9 years ago | (#12510381)

A 6500 was a backplane system, and if it had a RSM in it, it could route too. Just depended on how it was configured....

Theft? (4, Funny)

Anonymous Coward | more than 9 years ago | (#12509331)

More like "liberation".

Information wants to be free.

Re:Theft? (0)

Anonymous Coward | more than 9 years ago | (#12509671)

Well, I guess it know how it feels to want then.

Re:Theft? (0)

Anonymous Coward | more than 9 years ago | (#12509682)

Yeah, I peed in its hands.

Appearances are deceiving (3, Funny)

digitaldc (879047) | more than 9 years ago | (#12509332)

"As a result of recent actions, the criminal activity appears to have stopped."

Wow, that statement really made me feel better.

Light on evidence? (1)

eddy (18759) | more than 9 years ago | (#12509357)

The fact that every report says "since the arrest, the intrusions have stopped" ought to tell us something...

Re:Light on evidence? (2, Insightful)

EvilTwinSkippy (112490) | more than 9 years ago | (#12509452)

The fact that every report says "since the arrest, the intrusions have stopped" ought to tell us something...

Mainly that the folks who are behind the break ins read the same news articles we do.

Re:Light on evidence? (3, Insightful)

Veinor (871770) | more than 9 years ago | (#12509548)

Or maybe they're not really bothering to verify it, but instead quoting each other, since if one of them says it, it must be true!

Someone Better Talk to Bush (2, Insightful)

geomon (78680) | more than 9 years ago | (#12509409)

As such, we have worked hard to develop strong partnerships within the international law-enforcement community.

Had Bush known that this was occurring, he would have stepped in and stopped this attack on US sovereignty.

We all know that the US will always choose the unilateralist role in defeating enemies of the State.

(chill... It is a joke.)

dumb moderator (0)

Anonymous Coward | more than 9 years ago | (#12509639)

Apparently some dumb moderator thought you were serious and modded you "insightful" even though you specifically SAID it was a joke. Idiots!

Re:dumb moderator (1)

geomon (78680) | more than 9 years ago | (#12509771)

Come on FUNNY mods!!

Daddy needs a new karma bump!

Re:dumb moderator (0)

Anonymous Coward | more than 9 years ago | (#12510571)

  • Your original post wasn't funny.
  • Funny moderations don't affect your karma.

Re:dumb moderator (1)

geomon (78680) | more than 9 years ago | (#12510858)

Your original post wasn't funny.

That's what I thought. It was just an offhand remark, not a standup show.

What you think means less to me.

Funny moderations don't affect your karma.

I never said they did. I was commenting on the criticism of the 'dumb moderator' poster.

I guess I should be less oblique so that my comments can reach the education level of folks like yourself.

In other news (2, Funny)

markov_chain (202465) | more than 9 years ago | (#12509417)

Eurasia is now at peace with Oceania, and the harvests of grain improved 20% compared to last year ;)

Re:In other news (1)

EvilTwinSkippy (112490) | more than 9 years ago | (#12509507)

Wait, hasn't Eurasia always at peace with Oceania?

Oh well, that's still double plus good.

Report, citizen! (0)

Anonymous Coward | more than 9 years ago | (#12511976)

Eurasia is now at peace with Oceania, and the harvests of grain improved 20% compared to last year ;-)

Eurasia has always been at peace with Oceania. The grain harvest have always been at an all time record high.

Don't you remember, citizen? You seem confused. Are you in good health? Please report immediately for an examination. We'll take care of everything.
--
AC

Phew! (4, Funny)

Dirtside (91468) | more than 9 years ago | (#12509433)

Thank goodness Cisco finally got its source code back! Now the source code is safe and sound, never to be seen again by anyone outside Cisco.

Re:Phew! (2, Insightful)

noidentity (188756) | more than 9 years ago | (#12511948)

Thank goodness Cisco finally got its source code back! Now the source code is safe and sound, never to be seen again by anyone outside Cisco.

At least they can continue development on it. It must have been costly to have to put development on hold while the source code was missing.

Or maybe the code wasn't stolen, rather copied.

torrent? (2, Funny)

Anonymous Coward | more than 9 years ago | (#12509443)

Anyone got a torrent?

now you know.. (0)

Anonymous Coward | more than 9 years ago | (#12509446)

..why the evildoers hire 16-year-olds.

Damn I was wrong! (2, Funny)

Evil W1zard (832703) | more than 9 years ago | (#12509448)

You mean it wasn't Habib Marwan and his terrorist cell that stole the IOS code to reverse engineer it into a software chipset that could be used to simultaneously override a nuclear powerplant and a nuclear warhead! Man I was way off.

WAAAAARGOOOOOON TEHHH WIZAAAAAARD (0)

Anonymous Coward | more than 9 years ago | (#12509515)

waaaaaaaargoooooooooon teh wizaaard (wargon the wizaaard)

The suspect (4, Funny)

LarsWestergren (9033) | more than 9 years ago | (#12509488)

The suspect is a 16 year old boy from Uppsala, Sweden, my hometown. I bet he doesn't feel as clever now as he used to. :-)

I look forward to Maureen O'Gara's next scoop though: "He came from Uppsala, the headquarter of famous open source company mySQL AB! Also the place where Vikings once slaughtered Christians in pagan rituals! All a coincidence? I think not!!"

Re:The suspect (0)

Anonymous Coward | more than 9 years ago | (#12509670)

"The suspect is a 16 year old boy from Uppsala, Sweden, my hometown. I bet he doesn't feel as clever now as he used to. :-)"

Why shouldn't he? When was the last time exactly we were at the focus of internatinal government cooperation and made a big article in the New York Times and the Front Page of /.?

Re:The suspect (1)

LarsWestergren (9033) | more than 9 years ago | (#12510257)

Why shouldn't he? When was the last time exactly we were at the focus of internatinal government cooperation and made a big article in the New York Times and the Front Page of /.?

Yes, but on the other hand he got famous for being stupid enough to get caught.

A nice paradox summed up in the movie Young Poisoner's Handbook. Our anti-hero has decided to become the world's greatest poisoner. But the greatest poisoner can't get caught, so how is he going to get famous?

Go, team, go! (0)

Anonymous Coward | more than 9 years ago | (#12511993)

I look forward to Maureen O'Gara's next scoop though: "He came from Uppsala, the headquarter of famous open source company mySQL AB! Also the place where Vikings once slaughtered Christians in pagan rituals! All a coincidence? I think not!!"

Woohoo! Go Vikings!

Wait, this isn't about sports?...

Must be nice to have such confidence (3, Funny)

PenguinBoyDave (806137) | more than 9 years ago | (#12509491)

Since I bitch-slapped a hacker trying to break into my system I have not seen another one trying. All that activity must have stopped as well. Wow...I suddenly feel all is right with the world

Re:Must be nice to have such confidence (4, Funny)

EvilTwinSkippy (112490) | more than 9 years ago | (#12509536)

RFC37337 - Corporal Punishment over UDP

Re:Must be nice to have such confidence (1)

Kosi (589267) | more than 9 years ago | (#12509766)

Does this mean that my whish for the Remote Strangulation Protocol can finally be fulfilled?

Wow. (0)

Anonymous Coward | more than 9 years ago | (#12509498)

So now I know what they mean by the "Cisco Self-Defending Network".

Firewall? (5, Funny)

nogginthenog (582552) | more than 9 years ago | (#12509522)

Looks like they could do with a decent firewall to keep out intruders. Can anyone recommend a good one?

Re:Firewall? (0)

Anonymous Coward | more than 9 years ago | (#12509596)

pf

Re:Firewall? (2, Funny)

Anonymous Coward | more than 9 years ago | (#12509608)

I hear Cisco is pretty good....

Oh Wait...

Re:Firewall? (1)

_Sprocket_ (42527) | more than 9 years ago | (#12510317)

Dude. Don't you know they just route the firewall and then hack your proxy? A firewall isn't gonna do anything for you. It's the self-defending network you gotta have.

Re:Firewall? (0)

Anonymous Coward | more than 9 years ago | (#12510390)

I guess Cisco's self defending networks dont...

Re:Firewall? (1)

KenFury (55827) | more than 9 years ago | (#12510741)

Just dont use that abortiong of hardware called a PIX. A bigger peice of shit I have not seen in a while.

Re:Firewall? (0)

Anonymous Coward | more than 9 years ago | (#12512750)

Why is the cisco PIX such trash?

And what would you suggest for people to use?

Swedish reporting: (1, Informative)

Anonymous Coward | more than 9 years ago | (#12509544)

Apparently the villain was a 16-year old kid.
http://www.dn.se/DNet/jsp/polopoly.jsp?d=678&a=413 232 [www.dn.se]

Decentralized Networking... (4, Insightful)

Anonymous Coward | more than 9 years ago | (#12509558)

The more and more I hear about these types of hacks, attacks, and thefts, it makes me wonder why many big companies still choose to remain 'online.'

We all know that the internet can be a very dangerous place, so why would any company in their right mind choose to have computers with potentially sensitive source code or database information remaining on a publicly facing network?!

Very few machines in a given development or database office should have Internet access, and these machines should not be directly connected to the rest of the company. The reason you spend all of that cash on networking equipment is for private closed intranets, it's not to get you online!

Plugging into the internet is just like going public, no matter how many basements with feline guards at the doors you have in place, you can never be 100% secure.

Re:Decentralized Networking... (1)

twiddlingbits (707452) | more than 9 years ago | (#12511211)

Cisco likes to test it's equipment within Cisco in real business world scenarios, unfourtunately if it breaks then it's Cisco that has it own stuff stolen which means other Cisco systems could be compromised. It's brilliant in concept but it can be very lacking in execution.

They don't. (1)

Just Some Guy (3352) | more than 9 years ago | (#12512582)

why would any company in their right mind

By definition, no company in their right mind would do such a thing.

I applied for a system administration job at a local hospital. During the interview, my would-be boss showed me their network diagram which looked something like:

Internet | patient data

After I picked my jaw back up off the floor, I asked what the vertical line represented. "That's our firewall!," he beamed. And what kind? "It's Gauntlet running on Windows NT."

I didn't get the job, fortunately. I really don't wanna be around when HIPAA decides to claim IT department heads (as in "decapitated craniums", not as in "leaders").

Use the source, luke. (1, Funny)

zoftie (195518) | more than 9 years ago | (#12509587)

They should have used open source, you don't get arrested for stealing open source code, right?

I am not afraid. (0, Offtopic)

rafael_es_son (669255) | more than 9 years ago | (#12509667)

I am not afraid.

Re:I am not afraid. (0)

Anonymous Coward | more than 9 years ago | (#12509887)

"you will be... you WILL BE" -yoda

Security by Obscurity? (0)

Anonymous Coward | more than 9 years ago | (#12509677)

To me Cisco seems to be using security by obscurity.

Re:Security by Obscurity? (0)

Anonymous Coward | more than 9 years ago | (#12512289)

I know you're trolling, but please don't encourage the armchair security experts round here who spew out that phrase to critisize anything other than Linux.

Don't they WANT it secure? (5, Interesting)

mreed911 (794582) | more than 9 years ago | (#12509718)

From TFA: "The stolen code was a portion of Cisco's Internetworking Operating System version 12.3. The incident has been a matter of concern because malicious hackers might find flaws in the code that could be exploited to impair the functioning of Cisco's routers."

Translation: We don't have time to QA this code, so we'd rather not have anyone do it themselves, either, then hack us with the holes we neglected to look for in the first place.

Ugh. Sometimes I wonder if there ought to be an open-source REQUIREMENT in RFP's to vendors. Hell, code availability has HELPED Linksys (who's also Cisco!) - folks have "hacked" it to make it MORE robust, but you don't see any greater number of "hacks" for Linksys products than you do for anyone else...

Maybe Cisco ought to focus on the security BASICS (it's still easiest to get into some else's network because they never changed the default password than it is to script-kid some mutated hack into working) rather than worrying that "outsiders" might actually harden their products FOR them...

Re:Don't they WANT it secure? (0)

Anonymous Coward | more than 9 years ago | (#12509936)

Mod parent up! How telling, and how slash-juicy.

Re:Don't they WANT it secure? (1)

_Sprocket_ (42527) | more than 9 years ago | (#12510536)

Cisco has to be finding itself in a rather uncomfortable situation. After all, Open Source is insecure by nature due to the availablity of code to malicious eyes... right? It is according to the Alexis de Tocqueville Institution. Couple that claim without the counter "many eyes" claim... and it wouldn't be suprising if Cisco's been flooded with anxious calls from various IT managers.

Whether the concern is legitimate or not is a different issue.

Re:Don't they WANT it secure? (2, Interesting)

Anonymous Coward | more than 9 years ago | (#12510883)

Do you have any idea what it's like to maintain a codebase for something as enormous and complex as IOS?

I'm really growing tired of people blindly presenting the position that EVERYTHING would be better open-source.

Look at the number of security vulnerabilities over the last 5 years for the Linux kernel. Now look at the vulnerabilities over the same 5 years for Cisco IOS.

Simply having something opensource does not imply that the end result will be more secure. And the prospect of having something like IOS being audited by criminals (at least intelligent ones) is almost a guarantee that at some point large chunks of the Internet will go down. That's not a chicken little attitude - it's just reality.

Also for what it's worth, as someone who worked on this particular case, it *is* a huge relief that "the criminal activity has stopped". In case you didn't know, this particular 'kid' and his friends had upwards of 100,000 accounts across every major university, government lab, company, and military branch you can think of. A certain super-computing facility was one of the earliest compromised networks and password collectors ensured that these attackers got accounts all over the world.

And for the love of God, don't even think of playing the "well they deserved it because they weren't secure" card. That's one of the biggest screwball concepts I've ever heard of, and my typical response is that with that logic it would be fine that if you just *once* forgot to lock the door to your home, that I would then have every 'right' to go into your home, trash it, and burn it to the ground. Or even better - you *do* lock your doors, but some clever thief got his hands on the plans for your particular Schlage lock and picks it. Does that make you or Schlage incompetent idiots? No.

It's an arms race, people. Nobody is going to win, but don't belittle the people who put their life's work into trying to at least slow down the bad guys just so you can have an Internet around to read slashdot and post what you perceive to be extremely cogent arguments on something you don't know the first thing about.

Yes: and that's why they arrested the boy (2, Interesting)

Anonymous Coward | more than 9 years ago | (#12512343)

From TFA: "The stolen code was a portion of Cisco's Internetworking Operating System version 12.3. The incident has been a matter of concern because malicious hackers might find flaws in the code that could be exploited to impair the functioning of Cisco's routers."

Translation: We don't have time to QA this code, so we'd rather not have anyone do it themselves, either, then hack us with the holes we neglected to look for in the first place.


Well, if security isn't a concern in our daily lives; why should computers be somehow different?

If someone steals a master key from GM, he goes to jail; he isn't charge just with petty theft, even if he doesn't attempt to use the key himself. The authorities (police and lawmakers) don't want that kind of information (how to make a master key) getting out. They don't blame GM for having a common exploit available in a large range of vehicles: they blame the guy who tried to obtain the forbidden knowledge.

Similarly, they arrested a boy who gained forbidden knowledge that could be used to damage Cisco routers, if those routers aren't secure. Cisco is not held liable for any insecurities in their routers: and this is consistant with legal tradition.

The fact is, cars are not secure, and GM isn't expected to accept liability for that. They're stolen every day, and the existance of master keys doesn't help much. Even without that, there are many are well-known classes of attacks by which thieves can compromise vehicle security.

There's the "smashed windshield" attack, the "lockpick" attack, the "hotwire the engine" attack and many others. Tactics range from "social engineering" tricks (like lying to the valet to get the keys) to sheer brute force methods (such as clubbing the driver over the head, and stealing his car).

The automotive industry hasn't dealt with this problem by manufacturing significantly more secure vehicles. Instead, it relies upon the police to enforce the laws against people who would take advantage of these exploits.

Similar attitudes are seen in the housing industries (most windows aren't made of bulletproof glass), and in fact, in most industries where security is a concern. Security is expensive: and we're already paying for a police force to ensure that criminals aren't lurking about. [1]

Within the computer industry, some programmers seem shocked that security is a low concern: and yet, they go home to places with breakable glass in the windows. There's an exploit for that, too: it's called a "flying brick attack", and it's nastier than your average DDOS...

In short, they arrested the boy, because it's consistant with what the laws say, and with what the police do. If you want to change that, talk to your local politicans...
--
AC

[1] I didn't say it was working... just that the concept was there...

God Bless Amerika (0, Insightful)

Anonymous Coward | more than 9 years ago | (#12509878)

Ah, another police victory in defense of a faceless, helpless anonymous $5.6 Billion global dominator. It's sure good to know that all of us Fortune 25 corporations can count on the swift hand of justice.

Slashdot editors: more human interest stories like this one, please!

Thanks Slashdot (-1, Offtopic)

Anonymous Coward | more than 9 years ago | (#12509939)

... for propagating the meme that "copyright violation" == "theft". I'm sure your {RI,MP}AA overlords are very pleased with you.
The 'thief' did not take all the drives with their code on, merely copied it.

Freedom Downtime (0)

Anonymous Coward | more than 9 years ago | (#12510035)

NY,NY ...Its the glorifing Times dude.
whatever the readers want, truth is a goood hacker
obviously.. problably can do more than one hack!

The Terrorists on Fox's "24" couldn't hack Cisco (1)

searchr (564109) | more than 9 years ago | (#12511034)

On last week's "24", when the terrorist hackers tried to perform a network attack on the "CTU" headquarters, it was Cisco's network protection system that thwarted them. In fact, when all of the characters stopped what they were doing (chasing down a stolen nuclear device from being detonated on U.S. soil.) and stood around talking about how their Cisco systems were self-defending and how great that was, and those scenes were intercut with screenshots of the Cisco defense system at work saving the day, I was actually kind of lulled into believing that Cisco could protect them, or even themselves, from a nefarious hacker.

Next thing you know, they're going to tell me that the evil terrorists in the world don't actually use Alienware laptops, like in "24", when the lead terrorist was shown for several scenes, bathed in the cool blue glow of his Alienware Area-51, and using it to start the countdown on his nuclear missile.

I don't know what's real, and what's branding anymore!!!

Thanks, Cisco! (0)

Anonymous Coward | more than 9 years ago | (#12511835)

Thanks to the media and public focus on Cisco - an otherwise minor part of this entire case - there are hundreds of site managers resting easier tonight, happy that the limelight has passed by their misfortunes.

Starwars (1)

taloner (813665) | more than 9 years ago | (#12511888)

May the source be with you....

He is not arrested. (0)

Anonymous Coward | more than 9 years ago | (#12512585)

According to [www2.unt.se] the local newspaper in Uppsala - UNT, the 16-year old boy is not taken in to custody, he has not even been charged with this... He is however charged and have been questioned for another hacking - of Uppsala universitys servers and his computers have been sent to a crimelab for investigation. /Stafis
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>