Saturday, January 11, 2014

Ack!

Ack! Ack! Ack!
JETPLOW
(TS//SI//REL) JETPLOW is a firmware persistence implant for Cisco PIX Series and ASA (Adaptive Security Appliance) firewalls. It persists DNT's BANANAGLEE software implant. JETPLOW also has a persistent back-door capability.

(TS//SI//REL) JETPLOW is a firmware persistence implant for Cisco PIX Series and ASA (Adaptive Security Appliance) firewalls. It persists DNT's BANANAGLEE software implant and modifies the Cisco firewall's operating system (OS) at boot time. If BANANAGLEE support is not available for the booting operating system, it can install a Persistent Backdoor (PDB) designed to work with BANANAGLEE'S communications structure, so that full access can be reacquired at a later time. JETPLOW works on Cisco's 500-series PIX firewalls, as well as most ASA firewalls (5505, 5510, 5520, 5540, 5550).
PIX and ASA are probably the most popular firewalls in the world.  These aren't the "firewall" in your cable modem, these are high end professional grade firewalls that go through regular security testing during the development and test cycles (note: I have personal knowledge of this).

Subverting your firewall is probably the worst thing that someone can do to you, security-wise.  Now that this is common knowledge, everyone is at risk - not just from the NSA, but from the Bad Guys who will be reverse engineering this exploit as we speak.

The NSA is making us all much, much less safe.  It's starting to look to me like they're willing to burn the Internet to the water line in pursuit of their Uber Surveillance State.

Via Bruce Schneier  where this comment in particular is very interesting:
Many stories from Der Spiegel over the last eight months; all talkie talk, minimal docs. Suddenly the epochal batch we're looking at now. Pointedly not attributed to Snowden. Following hard upon the German delegation getting the middle finger from Ft. Meade when they asked for Five Eyes no-spy status. Der Spiegel is, shall we say, close to the German government. So blowback maybe happening, but back channel, not how you might think.
I don't think I've ever seen a Charlie Foxtrot this massive.

2 comments:

Chris said...

Will we see "Chicago way" retribution by the Germans on the US government spying operations? (You hack one of ours, we pwn three of yours . . .)

Old NFO said...

Oh damn... Glad 'I' am out of the business...