{"id":3936,"date":"2016-11-07T14:58:42","date_gmt":"2016-11-07T19:58:42","guid":{"rendered":"http:\/\/community.mis.temple.edu\/itacs5211fall16\/?p=3936"},"modified":"2016-11-07T14:58:42","modified_gmt":"2016-11-07T19:58:42","slug":"how-the-nsa-snooped-on-encrypted-internet-traffic-for-a-decade","status":"publish","type":"post","link":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/2016\/11\/07\/how-the-nsa-snooped-on-encrypted-internet-traffic-for-a-decade\/","title":{"rendered":"How the NSA snooped on encrypted Internet traffic for a decade"},"content":{"rendered":"<p>This article talks about how the NSA allegedly snooped on VPN traffic by exploiting a vulnerability in the CISCO PIX VPN&gt; The versions that are vulnerable are\u00a05.3(9) through 6.3(4) and were supported by CISCO from 2002 to 2009. The attack code was dubbed BenignCertain and exploits a vulnerability in Cisco&#8217;s implementation of the Internet Key Exchange, a protocol that uses digital certificates to establish a secure connection between two parties.\u00a0The packets cause the vulnerable device to return a chunk of memory. A parser tool included in the exploit is then able to extract the VPN&#8217;s pre-shared key and other configuration data out of the response. According to <a href=\"https:\/\/twitter.com\/int10h\">one of the researchers who helped confirm the exploit<\/a>, it works remotely on the outside PIX interface. This means that anyone on the Internet can use it. No pre-requirements are necessary to make the exploit work. The exploit helps explain documents leaked by NSA contractor Edward Snowden and cited in a 2014 article that appeared in <em>Der Spiegel<\/em>. The article reported that <a href=\"http:\/\/www.spiegel.de\/international\/germany\/inside-the-nsa-s-war-on-internet-security-a-1010361.html\">the NSA had the ability to decrypt more than 1,000 VPN connections per hour<\/a>.\u00a0The revelation is also concerning because <a href=\"https:\/\/www.shodan.io\/search?query=cisco+4608\">data returned by the Shodan search engine<\/a> indicate more than 15,000 networks around the world still use PIX, with the Russian Federation, the US, and Australia being the top three countries affected. The following is a screen shot of BenignCertain extracting a shared key from a Cisco PIX firewall.<\/p>\n<p><img decoding=\"async\" class=\"aligncenter\" src=\"https:\/\/cdn.arstechnica.net\/wp-content\/uploads\/2016\/08\/xorcat-pix-exploit.jpg\" \/><\/p>\n<p>View article <a href=\"https:\/\/community.mis.temple.edu\/itacs5211fall16\/?p=3936&amp;preview=true\">here<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This article talks about how the NSA allegedly snooped on VPN traffic by exploiting a vulnerability in the CISCO PIX VPN&gt; The versions that are vulnerable are\u00a05.3(9) through 6.3(4) and were supported by CISCO from 2002 to 2009. The attack code was dubbed BenignCertain and exploits a vulnerability in Cisco&#8217;s implementation of the Internet Key [&hellip;]<\/p>\n","protected":false},"author":12709,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_genesis_hide_title":false,"_genesis_hide_breadcrumbs":false,"_genesis_hide_singular_image":false,"_genesis_hide_footer_widgets":false,"_genesis_custom_body_class":"","_genesis_custom_post_class":"","_genesis_layout":"","footnotes":""},"categories":[1],"tags":[],"class_list":{"0":"post-3936","1":"post","2":"type-post","3":"status-publish","4":"format-standard","6":"category-uncategorized","7":"entry"},"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts\/3936","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/users\/12709"}],"replies":[{"embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/comments?post=3936"}],"version-history":[{"count":3,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts\/3936\/revisions"}],"predecessor-version":[{"id":3939,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/posts\/3936\/revisions\/3939"}],"wp:attachment":[{"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/media?parent=3936"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/categories?post=3936"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/community.mis.temple.edu\/itacs5211fall16\/wp-json\/wp\/v2\/tags?post=3936"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}