There was a time when Cisco routers were unstoppable, and their deviations into proprietary protocols and constructions were accepted because Cisco could do no wrong. They were the smartest kids in networking protocols.
But there is a crack in their armor, a glitch in the Teflon. Cisco may not be the only networking infrastructure vendor to now face an attack ostensibly from their own government, just the largest.
Just as the U.S. government has taken Huwaei to task for an accusation of hidden code benefiting the Chinese government, other governments across the planet now know that their Cisco infrastructure can be cracked open—and no, it’s not easy, and requires an additional step of having hacked in from some place else.
Huwaei’s sales no doubt dropped as a result of the unproven accusations foisted towards them, and Cisco (a probable infrastructure target) has been cracked open likely by its own government.
+ Also on Network World: Cisco, Fortinet issue patches against NSA malware +
Will Cisco’s sales plummet? Will German clientele balk at buying Cisco products?
I get the feeling this is the tip of a larger iceberg, one that could sink U.S. IT hardware vendors, although different government vs. IT infrastructure vendor struggles might indeed be self-inflicted.
Could Juniper, Extreme Networks, F5, not to mention Siemens, Alcatel, and SDN/SDR makes also be in the club of unknown zero-day exploits?
Cisco is a target the size of a decent portion of the internet, however. And from the evidence so far, it looks like a very professional and methodical attack was conducted. This comes after alleged shipment interception(s) where Cisco routers (and perhaps other gear) were modified for purposes unknown.
I looked on Scottrade and saw that Cisco stock (CSCO) is up a few pennies. Stockholders aren’t particularly worried it would seem, as the price has been slowly climbing—double in price from 2011.
Here’s what worries me:
Now that the NSA has been ostensibly hacked—and we have no idea how old the loot from these hacks might be—the fruits of these attacks can be used by ne’er-do-wells other than NSA ne’er-do-wells. While the NSA may have a governmental mission to do the security work of the U.S. government, others do not. Their aims would be asset exploitation attacks, I’m guessing.
And because it can be inferred with a high degree of confidence that most networks in the U.S. are hacked TODAY, the fact that these zero-days were stolen from what should be an impenetrable fortress is unconscionable.
But the whole affair will be glossed because the news of so many attacks so frequently has numbed us. I feel no remorse for Cisco except that this should happen to no one—not you, not me, no one.
No one will fall on their sword. Patches will be issued. PR experts will scrub the media, and oh, look, a picture of a cat …