Network News

X My Profile
View More Activity

Cisco Warns of Hacker Break-In

Cisco Systems Inc., the company that makes the Internet routers that process a majority of Web and e-mail traffic, said today that hackers had compromised an untold number of usernames and passwords need to gain access to the customer login page at Cisco.com.

Cisco said the stolen passwords belonged to "employees, customers, partners and other third-party users," and that it has "since researched the issue and taken steps to correct it." Cisco spokeswoman Mojgan Khalili declined to say how many accounts were affected, but in a statement, the company said "because of a large number of requests, registered Cisco.com users may experience delays in receiving new passwords." The company also emphasized that the "incident does not appear to be due to a weakness in Cisco products or technologies."

The attack comes just days after a very public blowup at the Black Hat security conference in Las Vegas, where security researcher Michael Lynn quit his job at Internet Security Systems Inc. to discuss security flaws in Cisco routers. Cisco and ISS obtained a federal court-backed injunction to prevent Lynn from discussing his research and to have all material related to his work destroyed. As I've noted in past coverage, however, much of that information is freely circulating online.

The actions by Cisco and ISS, coupled with news of an FBI investigation of Lynn, have galvanized the darker side of the security researcher community, several of whom privately told me there are efforts to develop an exploit for the flaw Lynn detailed in his original speech, and that some people are out to make the companies look bad in the media.

Khalili said the company learned about the problem on Monday from a third-party security research organization. But one security researcher -- who asked not to be named because doing so could jeopardize his relationship with the company -- said certain circles in the hacker underground community have known about and exploited the Cisco.com password flaw for two weeks.

Much of the information available to customers through the Web site is relatively benign, such as instructions on how properly secure a router and upgrade its operating system. Other types of information, however -- such as router maintenance history and listings of tech support "trouble tickets" -- could help attackers impersonate a target company in order to learn more about its digital defenses. The login page also is used by Cisco employees to manage things such as expense accounts and timecard information, according to one IT administrator who asked not to be named. UDPATE: Cisco's Khalili said that the employee login page that manages timecards and expense accounts is separate and was not compromised in this attack. Rather, she said, the type of employee-only content on the site was more in the realm of technical documentation that had not yet been publicized.

By Brian Krebs  |  August 3, 2005; 4:50 PM ET
Categories:  Latest Warnings  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   Del.icio.us   StumbleUpon   Technorati   Google Buzz   Previous: Leaving Las Vegas: So Long DefCon and Blackhat
Next: A Bit of Free Advice

Comments

"incident does not appear to be due to a weakness in Cisco products or technologies."

Okay, so does Cisco really run Juniper routers behind closed doors? HELLO!!! Suck it in Cisco, and deal with your problems...

Posted by: Jeff S. | August 3, 2005 10:14 PM | Report abuse

Cisco Pix Firewall? Not too secure after all.

Posted by: t | August 3, 2005 11:12 PM | Report abuse

So. In response to the trolls above.

Cisco runs Cisco products in it's network not Juniper.. you missed the point.

I don't care how secure your firewalls, routers are... they are low level (read: layer) devices, if you allow port 80 to a public website it's still open.

The problem is there was a problem with the web app that provides authentication for CCO.

Course this is probably over your heads. I really don't intend 12 year olds to figure this out.

Posted by: Brandon | August 4, 2005 9:26 AM | Report abuse

The problems are likely relevant to flaws in PC and server operating systems and applications.
Technologies such as PIX are primarily used to protect against errors and flaws in systems that are not built by Cisco.
Networks will completely secure only when all operating systems and applications are completely secure... most likely never..

Posted by: Bob B - Rome | August 4, 2005 10:41 AM | Report abuse

Some of you guys don't get it. This isn't an issue with Cisco hardware, it's a bug in design in the web site. No firewall, IPS, router, or anything else would be able to prevent this.

Posted by: Hello? | August 4, 2005 11:53 AM | Report abuse

"No firewall, IPS, router, or anything else would be able to prevent this"

Uhm. Mine can when I unplug it. :p

And when I talked about routers that was just one example; the quote also mentions "technologies," which would include that backend software with the problem. I was getting at the point of how ironic press releases/statements can be when a company tries to save face.

Oh, and I'm 11 1/2.

Posted by: Jeff S. | August 4, 2005 2:38 PM | Report abuse

Someday this whole country will go down due to computor breakdown and the banking system with it. TO BAD TO BAD FOR IN ONE HOUR BABYLON THE GREAT IS DESTROYED.

Posted by: John Becker | August 4, 2005 3:00 PM | Report abuse

obviously the original information was transmitted to the internet by an employee working in technical support services who bothered to read the numerous flaw updates that internet companies regularly send to their personnel. no great skill needed to notice that remote access to fix problems allows remote access to screw around. numerous sub contractcompanies hire without ethical checks on personnelwho are learning the systems in order to help the customer solve problems. and actually the October 2002 attack on the top level computer spine of the internet shutdown 11 of 13 key company sites not somewhat over 1/2.

Posted by: robin | August 15, 2005 10:23 PM | Report abuse

The comments to this entry are closed.

 
 
RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company