Cisco Systems, Inc. CSCO is said to be the “primary target” of CIA hacking revealed by WikiLeaks in a massive dump of U.S. Central Intelligence Agency files code-named "Vault 7."
A blog posted by Craig Dods, the chief architect of security at Juniper Networks, received much attention from the press, as it mentioned CIA mainly targeted Cisco’s products.
"By 'primary target,' I think Craig means 'Cisco was happy to cash checks from CIA front companies to implement the backdoors in their routers,'" said a commenter on Dods' blog, Dan Danknick.
Dods replied, “This is correct.
“If Cisco (or any US-based networking/security vendor) were ever to be exposed in this manner, it would do irreparable damage to both their brand and bottom line. Colluding with a three-letter acronym in the way you are describing would be suicide,” Dods added.
Dods clarified that his post doesn’t mean to attack Cisco.
“This isn't meant to be a shot at Cisco. Given their market share, it absolutely makes sense that the CIA focused on developing toolkits for their equipment and not others as a priority,” Dods said.
“Given sufficient motivation, unlimited funds, and time, any system can be compromised. Cisco should not feel ashamed that their devices were a target here. If you look at the discussions and patch-notes, some of these exploits are extremely complex in nature and required significant engineering to make successful. This is a testament to Cisco, if anything."
Meanwhile, Cisco said its scope of action is limited, since none of the tools and malware referenced in the initial Vault 7 disclosure have been made available by Wikileaks.
“An ongoing investigation and focused analysis of the areas of code that are alluded to in the disclosure is underway,” Omar Santos — the principal engineer at Cisco's Product Security Incident Response Team (PSIRT) Security Research and Operations — said in a blog post.
Based on preliminary analysis of the disclosed documents, Cisco said it determined the following:
- “Malware exists that seems to target different types and families of Cisco devices, including multiple router and switches families.”
- “The malware, once installed on a Cisco device, seem to provide a range of capabilities: data collection, data exfiltration, command execution with administrative privileges (and without any logging of such commands ever been executed), HTML traffic redirection, manipulation and modification (insertion of HTML code on web pages), DNS poisoning, covert tunneling and others.”
- “The authors have spent a significant amount of time making sure the tools, once installed, attempt to remain hidden from detection and forensic analysis on the device itself.”
- “It would also seem the malware author spends a significant amount of resources on quality assurance testing — in order, it seems, to make sure that once installed the malware will not cause the device to crash or misbehave.”
Related Link: WikiLeaks: The CIA 'Weaponized' Apple, Samsung And Microsoft Products For Surveillance Purposes
Related Link: WSJ Source Confirms Part Of WikiLeaks Report; Here's What You Should Know
© 2024 Benzinga.com. Benzinga does not provide investment advice. All rights reserved.
Trade confidently with insights and alerts from analyst ratings, free reports and breaking news that affects the stocks you care about.
