Security Market Segment LS
Friday, 19 August 2016 08:51

Cisco remote flaws revealed in NSA group hack Featured


Networking giant Cisco has said it will release a security update to patch one of two remotely exploitable flaws in its products. Both flaws were leaked following a hack of a group strongly suspected to be an NSA front.

The company rates this flaw, known as EPICBACON, of which it had no knowledge, as having a high security impact rating and has advised of workarounds until a fix is released.

It has released a fix for the second flaw, known as EPICBANNA, also remotely exploitable, the risk of which it terms medium. Detailed explanations of the two flaws are on the Cisco blog.

The vulnerabilities were released by a group called Shadow Brokers which is suspected to have Russian backing. The theft took place from the Equation Group, an outfit that has long been suspected to be an NSA-backed effort.

The Equation Group's retention of flaws without disclosing them to Cisco appears to run contrary to published American government policy.

EPICBACON affects the simple networking management protocol code in Cisco adaptive security appliance software and is new to the company.

The other flaw, EPICBANNA, which affects the command-line interface parser of the same software could permit an authenticated, local attacker to create a denial of service (DoS) condition or potentially execute arbitrary code. An attacker could exploit this vulnerability by invoking certain invalid commands in an affected device.

The hack of the Equation Group has been linked to the hacking and leaks of material from the US Democrat party.

Commenting on the presence of a zero-day flaw — that was unknown to Cisco in the possession of the Equation Group, NSA whistleblower Edward Snowden said on Twitter that this was why the organisation got hacked: because it left catastrophic flaws in US networks for more than three years to aid offence, rather than fixing them.

Snowden, who worked for the NSA as a contractor before he fled to Russia, revealed in June 2013 that the NSA had been conducting blanket surveillance of Americans. Big technology companies like Microsoft, Google, Yahoo!, Apple and Facebook were revealed to be co-operating with the NSA. Later came the revelation that the NSA was running its spying activities on servers powered by Red Hat Linux, the world's biggest open source company.

Privacy researcher and activist Christopher Soghoian, who works with the American Civil Liberties Union, said on Twitter: "If NSA knew several years ago that its hacking tools were stolen, not notifying Cisco and other vulnerable US firms would be outrageous."

Snowden said in response: "The inevitable consequence of maintaining known vulnerabilities in US products is their discovery by enemies."

After Snowden's initial revelations, Cisco took a hit to its overseas business; along with IBM, the two companies saw business drop by US$1.7 billion. Cisco's sales fell 8.75% in the quarter after the Snowden allegations, compared with just 2.84% in the three months prior to that.


26-27 February 2020 | Hilton Brisbane

Connecting the region’s leading data analytics professionals to drive and inspire your future strategy

Leading the data analytics division has never been easy, but now the challenge is on to remain ahead of the competition and reap the massive rewards as a strategic executive.

Do you want to leverage data governance as an enabler?Are you working at driving AI/ML implementation?

Want to stay abreast of data privacy and AI ethics requirements? Are you working hard to push predictive analytics to the limits?

With so much to keep on top of in such a rapidly changing technology space, collaboration is key to success. You don't need to struggle alone, network and share your struggles as well as your tips for success at CDAO Brisbane.

Discover how your peers have tackled the very same issues you face daily. Network with over 140 of your peers and hear from the leading professionals in your industry. Leverage this community of data and analytics enthusiasts to advance your strategy to the next level.

Download the Agenda to find out more


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments