It looks like you're using an Ad Blocker.
Please white-list or disable AboveTopSecret.com in your ad-blocking tool.
Some features of ATS will be disabled while you continue to use an ad-blocker.
The FBI is investigating a computer security researcher for criminal conduct after he revealed that critical routers supporting the internet and many networks have a serious software flaw that could allow someone to crash or take control of them.
Mike Lynn, a former researcher at Internet Security Systems, said he was tipped off late Thursday night that the FBI was investigating him for violating trade secrets belonging to his former employer, ISS.
Lynn resigned from ISS Wednesday morning after his company and Cisco threatened to sue him if he spoke at the Black Hat security conference in Las Vegas about a serious vulnerability that he found while reverse-engineering the operating system in Cisco routers. He said he conducted the reverse-engineering at the request of his company, which was concerned that Cisco wasn't being forthright about a fix it had recently made to its operating system.
Lynn spoke anyway, discussing the flaw in Cisco IOS, the operating system that runs on Cisco routers, which are responsible for transferring data over much of the internet and private networks.
Although Lynn demonstrated for the audience what hackers could do to a router if they exploited the flaw, he did not reveal technical details that would allow anyone to exploit the bug without doing the same research he did to discover it.
Networking giant Cisco and security company Internet Security Systems filed on Wednesday a restraining order against the management of the Black Hat Conference and a security expert who told conference attendees that attackers can broadly compromise Cisco routers.
The legal action followed a presentation by security researcher Michael Lynn, a former ISS employee, who brushed off threats of legal action and a broad effort to delete his presentation from conference materials to warn attendees that malicious programs could be run on Cisco routers.
"I feel I had to do what's right for the country and the national infrastructure," he said. "It has been confirmed that bad people are working on this (compromising IOS). The right thing to do here is to make sure that everyone knows that it's vulnerable."
Lynn outlined a way to take control of an IOS-based router, using a buffer overflow or a heap overflow, two types of memory vulnerabilities. He demonstrated the attack using a vulnerability that Cisco fixed in April. While that flaw is patched, he stressed that the attack can be used with any new buffer overrun or heap overflow, adding that running code on a router is a serious threat.
"When you attack a host machine, you gain control of that machine--when you control a router, you gain control of the network," Lynn said.
The controversy is the latest rift between security researchers who find vulnerabilities and the software companies whose products contain the flaws.
In the latest case, ISS and Lynn contacted Cisco in April to report their process for using a vulnerability in IOS to run a program on a Cisco router. The networking fixed the vulnerability in the operating system, but did nothing to prevent attackers from running programs on the devices using the broad techniques Lynn described, the researcher said.
In a presentation that had all the hallmarks of good theater, Lynn stated several times that the information that he was presenting would likely result in legal action against him.
"What I just did means that I'm about to get sued by Cisco and ISS," Lynn said, joking later that he may be "in Guantanamo" by the end of the week.
"What politicians are talking about when they talk about the Digital Pearl Harbor is a network worm," he said. "That's what we could see in the future, if this isn't fixed."