New York - When WikiLeaks founder Julian Assange disclosed this month that his anti-secrecy group had obtained CIA tools for hacking into technology products made by US companies, security engineers at Cisco Systems swung into action.
The WikiLeaks documents described how the Central Intelligence Agency had learnt more than a year ago how to exploit flaws in Cisco’s widely used internet switches, which direct electronic traffic, to enable eavesdropping.
Senior Cisco managers immediately reassigned staff from other projects to figure out how the CIA hacking tricks worked, so they could help customers patch their systems and prevent criminal hackers or spies from using the same methods, three employees said on condition of anonymity.
The Cisco engineers worked around the clock for days to analyse the means of attack, create fixes, and craft a stopgap warning about a security risk affecting more than 300 different products, said the employees, who had direct knowledge of the effort.
That a major US company had to rely on WikiLeaks to learn about security problems well known to US intelligence agencies underscores concerns expressed by dozens of current and former US intelligence and security officials about the government’s approach to cyber-
security.
Read also: Wikileaks: Google handed over our data
That policy overwhelmingly emphasises offensive cyber-security capabilities over defensive measures, these people told Reuters, even as an increasing number of US organisations have been hit by hacks attributed to foreign governments.
Larry Pfeiffer, a former senior director of the White House situation room in the Obama administration, said now that others were catching up to the US in their cyber capabilities, “maybe it is time to take a pause and fully consider the ramifications of what we’re doing".
US intelligence agencies blamed Russia for the hack of the Democratic national committee during the 2016 election. Nation-states are also believed to be behind the 2014 hack of Sony Pictures Entertainment and the 2015 breach of the US government’s Office of Personnel Management.