master.on
New Member
https://www.deepdotweb.com/2018/01/31/leak-shows-us-army-nsa-compromised-tor-i2p-vpns-wants-track-monero/ (Leak Shows US Army and NSA Compromised Tor, I2P, VPNs and Wants to Track Monero)
Shadow Brokers Leak Just Revealed How The NSA Broke American-Made Encryption
If the Shadow Brokers' leak of NSA files is legit, as is now all but confirmed, they have offered a glimpse into how the intelligence agency exploited security systems created by American tech vendors. And one of the vulnerabilities has offered proof of just how the US' finest digital spies were able to snoop on encrypted communications, in particular those provided by Virtual Private Networks (VPNs).
The weakness resided in Cisco's PIX product, discontinued back in 2009, according to an analysis by London-based security researcher Mustafa Al-Bassam. The so-called BENIGNCERTAIN exploit dropped by the Shadow Brokers was not dissimilar to the infamous Heartbleed hacks of 2014: the snoop would send specially-crafted requests to a Cisco PIX server - in this case what's known as an Internet Key Exchange (IKE) packet - that would cause the device to dump pieces of its memory. Keep doing that and eventually the hacker could get the passwords for the PIX devices. The firewall could then be hacked.
As PIX firewalls were used to run VPNs using a protocol called IPSec, any organizations using the Cisco product for such supposedly-secure communication could have been spied on by the NSA with apparent ease. Al-Bassam gave the vulnerability a cute name to boot: PIXPocket.
Mustafa Al-Bassam on Twitter
Though Al-Bassam wasn't able to test the exploits on a real Cisco firewall, others were. Researcher Brian WatersWAT -2.49% tweeted to show how he was able to grab test passwords for his PIX box.
A Cisco spokesperson said: "There is not a current PIX version to evaluate or update, and PSIRT has confirmed for me that the investigation so far has not identified any new vulnerabilities in current products related to the exploit you mention." The spokesperson also pointed FORBES to the company's end-of-life policy.
But whilst Cisco stopped selling PIX kit in 2009, many are believed to still use the tool. Using Shodan, a search tool for internet-connected devices, it was possible to find more than 2,000 servers just entering "PIX". Many appeared to be Cisco products.
Even if few PIX tools remain in use, according to Al-Bassam, the leak would indicate that between 2002 and 2008, the NSA was able to break Cisco security. "Rewind a little bit and you had the biggest governments and businesses on PIX, and an intelligence agency potentially with a command line tool to get access. And nobody even understands how. That is crazy," said British malware researcher Kevin Beaumont.
"The Snowden files made reference to the NSA having VPN access... I think we may know how finally."
NSA owns VPNs
Edward Snowden leaks previously showed just how keen the NSA was to expose encrypted comms and how successful it was in cracking VPNs open.
As noted in a Der Spiegel article from December 2014, the NSA claimed an astonishing rate of success against VPNs. By late 2009, the same year Cisco discontinued support for PIX, the agency was processing 1,000 requests an hour to decrypt VPN connections. It expected to be doing 100,000 per hour by the end of 2011.
Though documents indicated the NSA was more than capable of breaking VPN encryption, the BENIGNCERTAIN leak has provided the first evidence of just how the agency could do it.
Cisco isn't the only vendor affected by the Shadow Brokers' escapades: rival Juniper Networks JNPR -2.7% told FORBES it continued to assess if its products are affected by the leaks, whilst Fortinet provided a patch for its own firewall products following the disclosure. Cisco had also been forced into issuing a fix for its security appliances.
The NSA had not responded to requests for comment regarding the leak.
Shadow Brokers Leak Just Revealed How The NSA Broke American-Made Encryption
Even the Britons seem to have cracked VPNs too
N.S.A. Able to Foil Basic Safeguards of Privacy on Web
Russians may not (stupid russians always lagging), so they chose to ban VPNs instead
NSA whistleblower Snowden: VPN ban makes Russia 'less safe and less free' | ZDNet
So, the NSA can crack VPNs encryption
hope you guys sleep well tonight
especially those running sources.
Last edited: