U.S. authorities accuse him of stealing IOS source code and of intrusion at NASA facilities A Swedish man was indicted on Tuesday in connection with the alleged 2004 theft of source code for Cisco Systems’ IOS (Internetwork Operating System) software.Philip Gabriel Pettersson, 21, was indicted on one count of intrusion and two counts of misappropriation of trade secrets. He was also indicted on two counts of intrusion involving NASA. The U.S. Department of Justice’s Criminal Division and Joseph Russoniello, attorney for the Northern District of California, announced the indictment after an investigation by the Federal Bureau of Investigation and other agencies.IOS runs Cisco’s routers, which handle most of the routing of packets on the Internet. Versions of the code are also at the heart of Cisco LAN switches and other products. In May 2004, parts of the IOS source code were briefly posted to a Russian Web site. Some observers said then that the theft might threaten the Internet by giving malicious hackers a glimpse into Cisco’s proprietary software.The Justice Department identified Pettersson as “Stakkato,” the name used by a hacker linked to numerous attacks around the same time. It said Pettersson intentionally intruded into Cisco’s network between May 12 and May 13, 2004, and misappropriated IOS code. Cisco has said it believes no customer information, partner information or financial systems were affected. Company officials were not immediately available for comment. Pettersson is also accused of intrusions in 2004 at NASA facilities, including the Ames Research Center and the NASA Advanced Supercomputing Division, which are located in Silicon Valley. Those crimes allegedly took place on May 19, May 20 and Oct. 22 of that year.Each count of intrusion and theft of trade secrets carries a maximum penalty of 10 years in prison, three years of supervised release and a US$250,000 fine. Cisco and NASA cooperated with the investigation, and the Justice Department said it will work with Swedish authorities on the case.In September 2004, British authorities said they had arrested a 20-year-old man in connection with the code theft. Related content news analysis Companies are already feeling the pressure from upcoming US SEC cyber rules New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite By Cynthia Brumfield Sep 28, 2023 6 mins Regulation Data Breach Financial Services Industry news UK data regulator warns that data breaches put abuse victims’ lives at risk The UK Information Commissioner’s Office has reprimanded seven organizations in the past 14 months for data breaches affecting victims of domestic abuse. By Michael Hill Sep 28, 2023 3 mins Electronic Health Records Data Breach Government news EchoMark releases watermarking solution to secure private communications, detect insider threats Enterprise-grade software embeds AI-driven, forensic watermarking in emails and documents to pinpoint potential insider risks By Michael Hill Sep 28, 2023 4 mins Communications Security Threat and Vulnerability Management Security Software news SpecterOps to use in-house approximation to test for global attack variations The new offering uses atomic tests and in-house approximation in purple team assessment to test all known techniques of an attack. By Shweta Sharma Sep 28, 2023 3 mins Penetration Testing Network Security Security Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe