Update: Cisco looking into source code leak

Cisco Systems Inc. is investigating the possible theft of proprietary source code that drives its networking hardware, a company representative confirmed Monday.

Russian security site SecurityLab.ru reported Saturday that the operating system code -- used to power a majority of the company's networking devices -- was stolen from Cisco's corporate network, with some leaked onto the Internet. The site estimated that around 800MB were taken.

"Cisco is aware that a potential compromise of proprietary information has occurred and was reported on a public Web site right before the weekend," Cisco spokesman Marc Musgrove said Monday. "The Cisco security team is looking into this matter and investigating what happened."

Musgrove declined to confirm how much of the San Jose, California, company's code may have been stolen.

Chris Paget, senior security advisor at Next Generation Security Software Ltd., said that as the leak has not yet been verified it could turn out to be a hoax, noting that few people could actually identify the code.

However, if the code has been leaked there is a potential for problems since it affects most of Cisco's current, major equipment, Paget said.

The incident would be the second time in recent months that a major vendor's source code has been leaked to the public. In February, code underlying Microsoft Corp.'s Windows NT and Windows 2000 operating systems was made available on the Internet. However, that breach did not lead to any serious security threats.

Cisco has faced a number of potential security threats in recent months, including the release of a wireless hacking tool and hardware vulnerabilities, but experts say that attacks on networking products are relatively uncommon.