Cisco Firewalls are being used by the NSA for spying

The NSA has made a recent disclosure statement which says that the security agency has been spying on consumers using Cisco systems for approximately 10 years now. Investigation into the facts reveals that keys for decryption have been acquired through the PIX firewalls, a line which Cisco has now discontinued.

This makes sure that private browsing has been compromised. To ensure that you stay securewhen using a torrent client just head over to the 3 best VPNs for torrents, filesharing and p2p.

The PIX versions by CISCO were first rolled out in 2002 and were offered support for till 2009. As of July 2009, Cisco stopped providing fixes for their PIX versions but did offer miscellaneous support till 2013. This means that the attack code, named BenignCertain has affected a major chunk of consumers. Almost every consumer using the PIX version was exposed and their VPN traffic was monitored. Only people who had taken serious measure to protect themselves remained unexposed. BenignCertain gave access to attackers as a remote user, allowing them 100% control over the network as well as the VPN traffic which the key decrypts.

Three researchers communicated the problems, which arose with BenignCertain, to the public. The initial release about the attributes of BenignCertain came through a blog post. Once these attacks and the presence of BC was confirmed, Cisco was approached by Ars to inspect the security issues. Cisco refused to do this, based on their policy of not supporting products once their life cycle is over. Edward Snowden, the Ex-NSA contractor released documents stating that NSA could decrypt more than 1,000 encrypted VPNs on an hourly basis. This claim is greatly justified by the release of this disclosure.

Why this disclosure is a big deal? Well, let’s look at the numbers. More than 15,000 networks in the world are still based on PIX versions. The most effected country is the US with Russia and Australia coming 2nd and 3rd. Now the main property of NSA attack tools, which included BC is that it makes access to encrypted VPN easy, giving even an amateur hacker can execute more complex attacks. This significantly increases the risk of hacking for a PIX consumer. The main exploitation carried out by BC was through an inherent susceptibility of PIX versions 5.3(9) to 6.3(5) which enable BC to bypass the security and obtain a decryption key. This gives the attacker an access to all the encrypted information.

CISCO obviously maintained a media blackout with their representatives pointing out to their no-support-after-product-life policy. However, they provided an update via a blog post that they will undertake an inspection of BC. This inspection revealed that their newer Adaptive Security Appliance firewall was unbreeched, but their PIX versions earlier and up to 6x were affectedwhile versions after 7.0 were safe.

Funnily enough, the ASA firewall, which substituted PIX, had the exact same drawback which allowed attackers to obtain the decryption key. This susceptibility was fixed later. Now the BenignCertain has been known only to work on Cisco’s PIX, but it is likely that other security providers are also being breached by it. Since there has been no extensive study into its effects on other firewalls, there is no way to quantify the actual impact of BenignCertain.

About the author:

Nuur Hasan is a software developer and a political activist, he intends to dedicate his life to the becoming the voice of the voiceless.