The revelations from WikiLeaks about the U.S. government’s hacking tools are reported to have sent Cisco reeling earlier this month, Reuters reported.
WikiLeaks documents revealed that the CIA uses a myriad of devices and products, including televisions, smartphones and anti-virus software, to take surveillance on owners, including devices from tech company Cisco.
The document described actions such as recording sounds, images and text messages of those using devices, whether or not the communication is encrypted. The report also highlighted the many ways in which the CIA may be turning vulnerabilities into attack tools against unsuspecting people.
Learning that the CIA was able to exploit security flaws in Cisco internet switches, Reuters noted, sent the company rushing to immediately address how the hacks worked and mitigate the vulnerabilities in order to prevent cybercriminals or spies from using the same back doors.
Three employees told the media outlet that senior Cisco managers quickly reassigned staff from other projects in order to turn their focus solely on analyzing the attack, developing patches and issuing a warning on security risks impacting more than 300 products.
Whether the CIA’s alleged decision to utilize security vulnerabilities for surveillance rather than report them to tech companies is undermining the efforts to protect U.S. citizens remains a hot topic of debate.
It brings to light a significant issue facing cybersecurity in the U.S. — that it required a revelation from WikiLeaks for a company to learn about its major security vulnerabilities, rather than being able to rely on U.S. intelligence agencies that were well versed on the issues.
Cisco isn’t the only entity that is now reassessing their level of readiness to address cybersecurity shortcomings and action plans, which seems to stress offensive capabilities over defensive measures.
“Maybe it is time to take a pause and fully consider the ramifications of what we’re doing,” Larry Pfeiffer, a former senior director of the White House Situation Room, told Reuters, noting that others are quickly catching up with the U.S.’ cyber-related capabilities.
It was confirmed by departing NSA Deputy Director Rick Ledgett that the U.S. government devoted 90 percent of its cybersecurity spending on offensive measures, which he also said was lopsided.
“I absolutely think we should be placing significantly more effort on the defense, particularly in light of where we are with exponential growth in threats and capabilities and intentions,” Debora Plunkett, former head of the NSA’s defensive mission, added.