Home Security Cisco remote flaws revealed in NSA group hack

Cisco remote flaws revealed in NSA group hack

Networking giant Cisco has said it will release a security update to patch one of two remotely exploitable flaws in its products. Both flaws were leaked following a hack of a group strongly suspected to be an NSA front.

The company rates this flaw, known as EPICBACON, of which it had no knowledge, as having a high security impact rating and has advised of workarounds until a fix is released.

It has released a fix for the second flaw, known as EPICBANNA, also remotely exploitable, the risk of which it terms medium. Detailed explanations of the two flaws are on the Cisco blog.

The vulnerabilities were released by a group called Shadow Brokers which is suspected to have Russian backing. The theft took place from the Equation Group, an outfit that has long been suspected to be an NSA-backed effort.

The Equation Group's retention of flaws without disclosing them to Cisco appears to run contrary to published American government policy.

EPICBACON affects the simple networking management protocol code in Cisco adaptive security appliance software and is new to the company.

The other flaw, EPICBANNA, which affects the command-line interface parser of the same software could permit an authenticated, local attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. An attacker could exploit this vulnerability by invoking certain invalid commands in an affected device.

The hack of the Equation Group has been linked to the hacking and leaks of material from the US Democrat party.

Commenting on the presence of a zero-day flaw — that was unknown to Cisco in the possession of the Equation Group, NSA whistleblower Edward Snowden said on Twitter that this was why the organisation got hacked: because it left catastrophic flaws in US networks for more than three years to aid offence, rather than fixing them.

Snowden, who worked for the NSA as a contractor before he fled to Russia, revealed in June 2013 that the NSA had been conducting blanket surveillance of Americans. Big technology companies like Microsoft, Google, Yahoo!, Apple and Facebook were revealed to be co-operating with the NSA. Later came the revelation that the NSA was running its spying activities on servers powered by Red Hat Linux, the world's biggest open source company.

Privacy researcher and activist Christopher Soghoian, who works with the American Civil Liberties Union, said on Twitter: "If NSA knew several years ago that its hacking tools were stolen, not notifying Cisco and other vulnerable US firms would be outrageous."

Snowden said in response: "The inevitable consequence of maintaining known vulnerabilities in US products is their discovery by enemies."

After Snowden's initial revelations, Cisco took a hit to its overseas business; along with IBM, the two companies saw business drop by US$1.7 billion. Cisco's sales fell 8.75% in the quarter after the Snowden allegations, compared with just 2.84% in the three months prior to that.


Did you know: Key business communication services may not work on the NBN?

Would your office survive without a phone, fax or email?

Avoid disruption and despair for your business.

Learn the NBN tricks and traps with your FREE 10-page NBN Business Survival Guide

The NBN Business Survival Guide answers your key questions:

· When can I get NBN?
· Will my business phones work?
· Will fax & EFTPOS be affected?
· How much will NBN cost?
· When should I start preparing?


Sam Varghese

website statistics

A professional journalist with decades of experience, Sam for nine years used DOS and then Windows, which led him to start experimenting with GNU/Linux in 1998. Since then he has written widely about the use of both free and open source software, and the people behind the code. His personal blog is titled Irregular Expression.