Yesterday we talked about the alleged hacking the NSA that the so - called Shadow Brokers, due in part to the auction say they have information that does not seem to be getting the expected bid. And just today were those of Cisco and Fortinet who confirmed the software does have vulnerabilities.
Both are part of the companies working - level NSA firewalls and other security software, and releases the possibility that they have accessed the information taking control of it and its traffic is confirmed. An access that may have been both internal and remote and open for a long time.
A tempting door wide
Cisco speaks of two vulnerabilities that affect your software Adaptive Security Appliance (one firewall ), and in both cases with the possibility to execute code remotely, so the attack could have been committed from anywhere in the world . What they have seen is that it is entirely possible that hackers desactivasen password request resorting to exploit ExtraBacon .
As we read in the statements of Mustafa Al-Bassam (security expert) at Ars Technica , the risk is important because in this way the hackers have been able to control completely the firewall and monitor information . Vulnerabilities that Cisco still has to be corrected by updating patches, but as we read in the statement shows how to detect exploits and stop them before someone can take control.
Security experts have not stopped investigating and indeed to be seen if other companies working with the NSA have similar vulnerabilities, such as Juniper, which is not the first time he has to correct such problems. Failures also dating software for years, as we see in communications 2011 and 2012, so these "doors" have been open for years .
And do you know who it was?
Here we continue to theorize according to the data that are being taken. It is not known 100% real identity or identities of Shadow Brokers, but as we have seen with statements by Snowden has signed up for it could be an attack by Russian hackers attack. However, as we said, it has been pointed out that the hacking should come from the NSA itself, and this hypothesis is gaining strength according to sources from the agency itself.
The hypothesis that it was a robbery by an employee of the NSA gained strength
This is reflected in Motherboard , with the testimony of an NSA employee who firmly believes that neither is an external hack or a group of hackers, but most likely was the work of an employee. It refers to which part of that information is only accessible internally since it is in an external network to the Internet.
My colleagues and I are almost completely sure that this has not been a hack or something from a group of hackers. These "Shadow Brokers" are a person, an [NSA] employee.
While technically the fact that the information is externally internet does not prevent you can access it with existing procedures hacking, on the other hand is the view of CEO of Comae (a company cybersecurity), Matt Suiche, also inclines has been nothing of Russia, giving strength to the hypothesis of the employee.