Cisco is investigating a claim by Germany’s Der Spiegel that the company is among many whose devices have been backdoored by the NSA to assist in the agency’s espionage efforts.
The Sunday article, which was based on leaked NSA documents, said a specialist NSA hacker unit had “burrowed its way into nearly all the security architecture made by the major players in the industry — including American global market leader Cisco and its Chinese competitor Huawei.” The report also named a variety of other manufacturers, both American and non-U.S., as targets of NSA cracking.
In the case of Cisco, documents published by Der Spiegel on Monday show the affected products to include the company’s 500-series PIX and ASA (5505, 5510, 5520, 5540 and 5550) firewalls. However, the documents date back to 2007, and newer products may also have been cracked.
In a blog post on Sunday, Cisco said it was “deeply concerned with anything that may impact the integrity of our products or our customers’ networks” and was trying to find out more about the claims.
Cisco Chief Security Officer John Stewart wrote:
“We are committed to avoiding security issues in our products, and handling issues professionally when they arise. Our Trustworthy Systems initiatives, Cisco Secure Development Lifecycle, Cisco Common Crypto models, and Product Security Incident Response Team (PSIRT) and Vulnerability Disclosure policies are all industry-leading examples of our commitment to our customers. This is central to how we earn and maintain trust.
“At this time, we do not know of any new product vulnerabilities, and will continue to pursue all avenues to determine if we need to address any new issues. If we learn of a security weakness in any of our products, we will immediately address it.
“As we have stated prior, and communicated to Der Spiegel, we do not work with any government to weaken our products for exploitation, nor to implement any so-called security ‘back doors’ in our products.”
The company also published an official security response late on Sunday, saying it had requested Der Spiegel‘s documents and noting that “Cisco development policies prohibit any product behaviors that weaken the security posture of a Cisco device.” This document may not be useful just yet, but it could be updated in future as and when the company has more to tell its customers.
Although the new revelations aren’t exclusively about American firms – Huawei aside, the firmware in Samsung hard drives has apparently also been targeted – they will no doubt add to distrust outside the U.S. of equipment coming from that country. Cisco must be particularly sensitive to backdoor claims at the moment; its revenue warning in November was one of the first from a major U.S. firm to suggest foreign customers have reacted to Edward Snowden’s disclosures by putting big orders on hold.
U.S. manufacturers of networking equipment have long been required by a law called CALEA to build surveillance capabilities into their products. So when Cisco says it never works with governments to include backdoors, it’s worth noting that the company has several pages online describing the “lawful intercept” capabilities built into some of its equipment, allowing voice and data wiretaps.
This article was updated at 5.45am PT to include reference to the specific Cisco firewall products that are affected.