Hackers attack Cisco internet flow

Computer hackers worked through the weekend to expose a flaw that could allow an attacker to take control of the Cisco Systems routers that direct traffic across much of the Internet.

Angered and inspired by Cisco's attempts to suppress news of the flaw earlier in the week, several computer security experts at the Defcon computer-security conference worked past midnight Saturday to discover and map out the vulnerability.

"The reason we're doing this is because someone said you can't," said one hacker, who like the others spoke to Reuters on condition of anonymity.

Cisco's routers direct traffic across at least 60 percent of the Internet and the security hole has dominated a pair of conferences that draw thousands of security researchers, U.S. government employees and teenage troublemakers to Las Vegas each summer.

The hackers said they had no intention of hijacking e-commerce payments, reading private e-mail, or launching any of the other malicious attacks that could be possible by exploiting the flaw. Rather, they said they wanted to illustrate the need for Cisco customers to update their software to defend against such possibilities.

Many Cisco customers have postponed the difficult process because it could require them to unplug entirely from the Internet.

Security researcher Michael Lynn first described the flaw on Wednesday at the Black Hat conference over the objections of Cisco and his former employer, Internet Security Systems Inc..

The two companies said that Lynn was not allowed to give out the information that he did at the conference. Any news site that distributes the information could also be charged, according to Inquirer.

Copies of the 1.9MB PDF file have popped up on a number of websites, after Cisco first pressured Lynn's former company Internet Security Systems (ISS) into removing the presentation from the line-up at the Black Hat security conference in Las Vegas.

Apparently although Lynn has appeased Cisco, ISS is still after him and has notified the FBI.

One of the things that is really strange about this, is that people who have seen the presentation say that Lynn demonstrated how the flaw could be exploited but obscured much of the technical details that an attacker would need to know to pull it off.