Media Mentions

Nov 23, 2005

Bart Lazar Quoted in United Press International

Click for PDF

UPI ran an article ["The Web: Hackers penetrate network routers"] on November 23, 2005 that notes "Hackers are now probing a new target -- network routers -- as they seek to wreak havoc on corporate computing networks and evade the extensive security software that has been deployed on PCs and Web servers. A router is a device that forwards packets of digital data over networks and is connected to at least two networks, generally local area networks, and wide area networks and the Internet. The routers are located at network gateways, where two networks connect, and have their own operating systems. The e-mail messages one receives that are sent over the Internet contain "headers" that indicate the path that the data has taken."

"Companies need to work with their vendors and be vigilant in terms of updating their software," Bart Lazar, an intellectual-property attorney based in Chicago with the firm of Seyfarth Shaw, told The Web. Earlier this month Cisco Systems Inc., the world's largest maker of routers, issued a public advisory about vulnerabilities to its routers a few months after the ability to hack the routers was made public at a conference of hackers, known as the "Black Hat" conference."

"Hacking was once a phenomenon powered by pranksters who were looking for some fun at other people's expense. Now it is a for-profit trade, and the incentives are changing. … Once a security flaw has been discovered in a router, IT departments must be as quick to respond as they are to problems discovered in the other operating systems on their networks, experts said. … The problem of hacking routers has been developing -- away from the public eye -- for several years now. Network developers are on the defensive -- claiming that they have the problems under control."

"Lazar also pointed out that corporate insiders -- not just outside hackers-for-hire -- might also target network routers. "Therefore, then, another concern is to make sure that your IT staff is not disgruntled," said Lazar, who also recommends that "redundant reporting mechanisms" be put in place on corporate networks "in the event of security breaches, so that more than one person is kept informed."