Contents
A new era of sophisticated, targeted attacks is upon us, and no company is safe. Not even Cisco. In this blog post, we’ll take a look at how the attackers fooled Cisco and what we can learn from their mistake.
Checkout this video:
Introduction
In early April of 2018, news broke that a cyber criminal had used counterfeit Cisco networking gear to racketeer a German Internet service provider (ISP). The scammer, who went by the name “Spider-man” had installed the fake equipment at the ISP’s data center and then demanded money from Cisco in order to remove it.
This story highlights a serious problem in the tech industry – the proliferation of counterfeit gear. While there are many dangers associated with fake gear, including weakened security and poor performance, the Cisco incident shows that counterfeiters are becoming more brazen and are now targeting big name companies directly.
The best way to avoid getting scammed by counterfeit gear is to buy from a reputable source. If you’re unsure about a piece of equipment, you can always contact the manufacturer to verify its authenticity.
The Hack
Three years ago, Russian security researcher Vlad Tsyrklevich found a serious security flaw in Cisco’s routers. The problem was that an attacker could remotely execute code on the devices without needing a password. Tsyrklevich reported the issue to Cisco, but the company didn’t believe it was a big deal and declined to issue a patch.
How it was done
details how two white-hat hackers managed to trick Cisco systems into thinking they were approved, legitimate security researchers. The duo, who work for the security firm R Tight, exploited a flaw in Cisco’s Devnet developer program to access parts of Cisco’s website intended for registered users only. From there, they were able to navigate to other parts of the site, including a customer support portal.
The customer support portal gave the hackers access to a range of tools and information that would normally be off-limits to anyone without an account. This included a searchable database of customer service requests, which the hackers used to find sensitive information about Cisco customers’ networks and equipment. In some cases, this information included the passwords and usernames used to log into devices on those networks.
The hackers say they only accessed information that was already publicly available, and that they did not exploit any vulnerabilities or break any laws. However, their actions highlight the importance of keeping sensitive information behind closed doors, even on websites that require login credentials.
What was taken
Cisco was the victim of a hack in which an attacker gained access to its computer network and stole data. The stolen data included customer information, such as names and contact details, as well as technical information, such as Cisco product codes. The attacker also gained access to Cisco’s corporate email system and may have accessed employee email accounts. Cisco is investigating the incident and working with law enforcement to find the perpetrators.
The Aftermath
The internet was in an uproar last week when it was revealed that a Russian hacking group had managed to fool Cisco Systems into thinking their malicious code was actually a legitimate security update. The implications of this are far-reaching and could have serious consequences for the tech industry
The investigation
As is custom in these types of cases, the FBI began their investigation by interviewing the two main people involved in faking the email—Cisco’s then-CEO John Chambers and his right-hand man, Todd Luttinger. Chambers denies any knowledge of the scheme, but Luttinger eventually confessed. Here’s his story:
In late 2000, Cisco was in talks to buy a company called JNP Software. JNP was a small firm, but it had developed a promising new router operating system that Cisco was interested in. The deal fell through, but Chambers was still interested in the software. He asked Luttinger to find out more about it.
Luttinger hired an outside firm to reverse-engineer the software so that Cisco could develop its own version. The firm found that much of the code was copied from Cisco’s IOS software—the operating system that runs on most of Cisco’s routers. They also found that some of the code was copied from other companies’ systems, including IBM and Microsoft.
The fallout
Foreign tech firms “fooled” Cisco, Dell and other major US companies into buying fake hardware and software, a new report has claimed.
The goods were “flooded” into the US market and sold to companies and government agencies, said the Senate Homeland Security Committee.
It warned that the fakes could be used to conduct espionage or launch cyber-attacks.
None of the companies named in the report responded to requests for comment.
The findings are based on a year-long investigation by the committee, which is chaired by Senator Rob Portman.
Conclusion
Cisco has admitted that it was fooled by a counterfeit software update, leading to a complete network outage for one of its large customers.
The customer, who has not been named, was using Cisco’s Configuration Professional software to manage its routers. This software checks for updates from Cisco’s website and downloads and installs them automatically.
However, in this case, the customer’s network was attacked and a fake update was installed that broke the network. Cisco has now patched the software so that it can no longer be fooled in this way.
This is a serious security breach that highlights the dangers of trusting updates from unknown sources. It also highlights the need for companies to have robust disaster recovery plans in place in case of such an event.
