Advertisement

Here's how the NSA spied on Cisco firewalls for years

A special attack tool let intelligence officers monitor encrypted VPN traffic.

AP Photo/Paul Sakuma

Edward Snowden leaks revealed that the NSA had the ability to spy on Cisco firewall traffic for years, but just how did the agency do it? We now have a clearer idea. An analysis of data from the Equation Group hack shows that the NSA used a specialized tool, BenignCertain, that uses an exploit in Cisco's Internet Key Exchange implementation to extract encryption keys and read otherwise secure virtual private network data. Cisco has confirmed that the attack can compromise multiple versions of its old PIX firewalls, which were last supported in 2009.

The issue doesn't crop up in PIX 7.0 or in Cisco's newer Adaptive Security Appliance, but that isn't going to reassure many security experts. Ars Technica warns that there appear to be over 15,000 networks still clinging on to PIX, and there's a real possibility that many of them are vulnerable. Other platforms have comparable security holes, too, suggesting that the NSA might have snooped on many VPNs. To make matters worse, the Equation Group breach lets any would-be hacker use the exploit. While the past surveillance is alarming, you may need to worry more about everyday criminals going forward.