Aug 18 2016

Cisco, Fortinet Confirm Authenticity of Stolen NSA-Linked Malware

The firewall vendors warned customers to patch vulnerabilities exposed by the malware, which an anonymous group of hackers claims to have stolen from the National Security Agency.

Cisco Systems and Fortinet issued warnings and patches for vulnerabilities to firewalls that were exposed this week by a group of hackers who claimed to have stolen the malware from the National Security Agency. 

Cisco released a blog post about the vulnerabilities, and Fortinet also issued a warning about the exploits. As the Associated Press reports: "The rogue programs appear to date back to 2013 and have whimsical names like EXTRABACON or POLARSNEEZE. Three of them — JETPLOW, FEEDTROUGH and BANANAGLEE — have previously appeared in an NSA compendium of top secret cyber surveillance tools." 

A group calling itself the "Shadow Brokers" announced on the internet this week that it had stolen the code, and would auction the tools off to the highest bidder. As the New York Times explains: "Most of the code was designed to break through network firewalls and get inside the computer systems of competitors like Russia, China and Iran. That, in turn, allows the NSA to place 'implants' in the system, which can lurk unseen for years and be used to monitor network traffic or enable a debilitating computer attack." The NSA's public affairs office did not respond to inquiries on the purported hacking, the Times notes.

Although the NSA is considered among the foremost cryptographic and signals intelligence spy agency in the world, it has spent hundreds of millions of dollars beefing up its own cybersecurity since former NSA contractor Edward Snowden disclosed internal agency files on its eavesdropping programs in 2013.

The new raises questions over the NSA's own cybersecurity. Indeed, as the Times notes: "Whoever obtained the source code apparently broke into either the top-secret, highly compartmentalized computer servers of the NSA or other servers around the world that the agency would have used to store the files." While many have speculated the Shadow Brokers are backed by the Russian government, it is possible the hack could have been the work of an insider

aaa 1