In-brief: Ars Technica has a good write-up of the ongoing news about how the NSA used tools that exploited known vulnerabilities in networking and security products by Cisco, Juniper, Fortinet and others to spy on customers of those companies.
Dan Goodin over at Ars Technica has a good write-up of the ongoing news about how the NSA used tools that exploited known vulnerabilities in networking and security products by Cisco, Juniper, Fortinet and others to spy on communications from customers of those companies.
From the article:
In a revelation that shows how the National Security Agency was able to systematically spy on many Cisco Systems customers for the better part of a decade, researchers have uncovered an attack that remotely extracts decryption keys from the company’s now-decommissioned line of PIX firewalls.The discovery is significant because the attack code, dubbed BenignCertain, worked on PIX versions Cisco released in 2002 and supported through 2009.
The NSA was able to extract encryption keys used to security communications to and from the Cisco PIX hardware. That allowed the U.S. Government to snoop on encrypted VPN traffic or gain full access to a vulnerable network by posing as a remote user.
The most recent revelations, which began with a leak of offensive hacking tools supposedly used by a NSA hacking unit called Equation Group helps tie up a loose string from the 2014 leak of classified documents by NSA contractor Edward Snowden. Articles by Der Spiegel and others claimed that the NSA had the ability to decrypt more than 1,000 VPN connections per hour. The BenignCertain tool suggests how they were able to do so.