Copyright infringement is one of the major problems that corporations are faced with today – be it software piracy, multimedia swapping, cracks, serial number availability and the lesser known, source code leaking.

Recently the codes for several popular applications escaped through some high security development hubs and appeared online. As relatively low attention was paid to this breach of security by the general public it did not raise the same hue and cry that other copyright material leaks have done in the past. Take for example, the leak of Windows NT and Windows 2000 SP1’s source codes which found their way onto the internet last year, possibly obtained through a network attack at Microsoft (MS) in early 2000.

The Windows code was in the form of a gigantic 125,000 plus files in zip format and was made available on several file swapping networks. It contained valuable insight into how developers at MS and allied companies work and how some of the obscure operating system (OS) functionalities are designed. With about 15 per cent of Windows 2000 code possibly in the wrong hands, including network code, shell code, event log, default screen savers, scripts, text files, libraries and memory dump files, this was more than enough to send shockwaves through MS and security firms alike. One of the core files generated by a Unix PC crash with a Windows code, pointed towards the possible involvement of Mainsoft, as an emploee name, San Jose, appeared in the line of code but there was little evidence to support these suspicions. Investigators said that a remote attack or a PC sold off without data wipe could be to blame. Russ Cooper, popularly known as ‘Surgeon General’ at TruSecure, a computing security company recently stated that although not in full public view but code leaks have been widespread and easily accessible. Since it has always been argued that propriety code is more prone to attacks as compared to peer-reviewed open source OS code, code theft seems to have a profound impact on open source adoption.

So what exactly can somebody do with a part of a source code? That depends a great deal upon who is looking at it. Shrewd developers that employ illegal means and black hat knowledge to discover system vulnerabilities could do immense damage with the actual source codes in their hands. This is what Senior MS Vice-President Jim Allchin feared as he spoke at a trial where propriety status of IE’s source code was being questioned, “Opening up the company’s source code could be devastating for the operating system’s security”. The biggest worry is that such a leak could potentially allow creators of viruses to look more closely at ways to infect operating systems, while worm writers could obtain built-in programming loopholes for privilege escalation and other hacking activities. Competitors could also try to make replicas of the OS while pirates would find it much easier to generate compromised software copies. Ken Dunham who serves as Malicious Code Intelligence Director at the security firm iDefense believes this leak has provided a wealth of information to mal-ware writers. By taking a look at the gigantic C, C++ and assembly code, he suspected that the code may have been tampered with. Countless inserted comments were found, which experts believed may have been added to mislead investigations and possibly to embarrass MS by exposing its vulnerabilities.

Incidentally, this is not the first time it has happened – DOS 6.22 code as well as Cisco’s 800 series code have been posted online in the past. For the moment, Microsoft has publicly tried to play down the impact of its Windows code leaks. At the same time had the breach not been a serious one, MS would not have pursued the investigation to find the source of the leak with such zeal or would have made the code public itself.

At the end of the day source code leaking is not merely a security breach – companies regard it as theft of intellectual property and cases are pursued with as much zeal as any other criminal case. After all we are talking about codes worth millions, maybe even billions of dollars in terms of what they could be potentially used for.