The Shadow Brokers, a hacking organization, recently released data online which it claims it had stolen from the Equation Group, a team that most security experts say is linked to the National Security Agency (NSA).
Cisco and Fortinet took a close look at the vulnerabilities divulged in the data dump and admitted that their products were affected. This suggests that the Equation Group is truly being operated by the NSA.
Cisco announced that two vulnerabilities found in the data released by the Shadow Brokers can be deployed to break in its Adaptive Security Appliance (ASA) software, which powers up firewalls crafted by the company.
Cisco says that a malicious user could use the exploit "to execute arbitrary code and obtain full control of the system." Seeing how the data thrown on the market by the Shadow Brokers comprises dates ranging from 2010 to 2013, Cisco firewalls may have been vulnerable for years.
Fortinet came forward and also admitted that some of its products, specifically those released before August 2012, were vulnerable in such a a way that hackers were able to gain execution control of firewalls.
According to the company, recent variants of its software are unaffected, but it continued to dig into the code released by the Shadow Brokers.
In their release, the hackers oxposed two exploits, dubbed EPICBANANA and EXTRABACON.
The latter attacks every variant of the ASA software from Cisco, but it is a bit of a challenge to get it rolling. Should you be curious of the specifics, go ahead and read all about it in the blog post by Omar Santos, Cisco's security engineer.
To summarize, the exploit can give an attacker permission to control a firewall system, but its advanced modus operandi and the fact that it ran undetected for so long suggest it was crafted by a capable adversary.
The Shadow Brokers underlines that its exploits will enable hackers to mess around with firewalls from TopSec and Juniper Networks. None of the two security companies commented on the leak.
The malevolent organization touts that it has unreleased exploits, and it even organized a Bitcoin auction to sell these to the highest bidder. The group is asking for no less than 1 million bitcoin ($568 million), but no strong participants have joined the bidding process yet.
Should the auction go bust, the Shadow Brokers could still decide to divulge vulnerabilities to the grand public. Wikileaks is one actor that claims to have access to the data, and promises a "pristine copy" will be out soon.
