Cisco Warns of Hacker Break-In
Cisco Systems Inc., the company that makes the Internet routers that process a majority of Web and e-mail traffic, said today that hackers had compromised an untold number of usernames and passwords need to gain access to the customer login page at Cisco.com.
Cisco said the stolen passwords belonged to "employees, customers, partners and other third-party users," and that it has "since researched the issue and taken steps to correct it." Cisco spokeswoman Mojgan Khalili declined to say how many accounts were affected, but in a statement, the company said "because of a large number of requests, registered Cisco.com users may experience delays in receiving new passwords." The company also emphasized that the "incident does not appear to be due to a weakness in Cisco products or technologies."
The attack comes just days after a very public blowup at the Black Hat security conference in Las Vegas, where security researcher Michael Lynn quit his job at Internet Security Systems Inc. to discuss security flaws in Cisco routers. Cisco and ISS obtained a federal court-backed injunction to prevent Lynn from discussing his research and to have all material related to his work destroyed. As I've noted in past coverage, however, much of that information is freely circulating online.
The actions by Cisco and ISS, coupled with news of an FBI investigation of Lynn, have galvanized the darker side of the security researcher community, several of whom privately told me there are efforts to develop an exploit for the flaw Lynn detailed in his original speech, and that some people are out to make the companies look bad in the media.
Khalili said the company learned about the problem on Monday from a third-party security research organization. But one security researcher -- who asked not to be named because doing so could jeopardize his relationship with the company -- said certain circles in the hacker underground community have known about and exploited the Cisco.com password flaw for two weeks.
Much of the information available to customers through the Web site is relatively benign, such as instructions on how properly secure a router and upgrade its operating system. Other types of information, however -- such as router maintenance history and listings of tech support "trouble tickets" -- could help attackers impersonate a target company in order to learn more about its digital defenses. The login page also is used by Cisco employees to manage things such as expense accounts and timecard information, according to one IT administrator who asked not to be named. UDPATE: Cisco's Khalili said that the employee login page that manages timecards and expense accounts is separate and was not compromised in this attack. Rather, she said, the type of employee-only content on the site was more in the realm of technical documentation that had not yet been publicized.
Posted by: Jeff S. | August 3, 2005 10:14 PM | Report abuse
Posted by: t | August 3, 2005 11:12 PM | Report abuse
Posted by: Brandon | August 4, 2005 9:26 AM | Report abuse
Posted by: Bob B - Rome | August 4, 2005 10:41 AM | Report abuse
Posted by: Hello? | August 4, 2005 11:53 AM | Report abuse
Posted by: Jeff S. | August 4, 2005 2:38 PM | Report abuse
Posted by: John Becker | August 4, 2005 3:00 PM | Report abuse
Posted by: robin | August 15, 2005 10:23 PM | Report abuse
The comments to this entry are closed.