'BlackAngels' hackers swoop on Cisco security flaws

Cisco Systems issued a security warning this weekend to customers after new software code was published on the internet that targeted certain vulnerabilities on several of its networking products.

The software code, written by a group of teenagers in Italy calling themselves the "BlackAngels," exploits nine vulnerabilities found in Cisco's Internetwork Operating System (IOS). This software runs on most of Cisco's products, including its Catalyst Ethernet switches and Internet Protocol routers.

Many of the vulnerabilities exposed in the new software tool have already been identified and addressed by Cisco. Some of them were identified as far back as 2000. As these problems were discovered, Cisco published software upgrades and workaround scenarios to help customers protect their networks from malicious attacks.

While the vulnerabilities have been known for some time, the program, called the "Cisco Global Exploiter," makes exploiting them much easier by providing simple streams of code. After the code was published, Cisco posted a warning on its website on Saturday. It also provided links to vulnerabilities that had already been discovered.

"Customers should take steps to ensure that they have addressed each of these either via a software upgrade or workarounds in place as appropriate in order to mitigate any risk from this new exploit code," the company said on its website.

Most of the vulnerabilities make Cisco routers and switches more susceptible to distributed denial-of-service attacks. These attacks occur when hackers take control of servers and flood the network with millions of packets, which eventually cripple devices like switches and routers that try to process all the packets.

The BlackAngels, who describe themselves on their website as "a group of Italian teenager boys" who are "expert in the network security field and programming," stated that they do not take any responsibility for "incorrect or illegal use of this software or for eventual damages to others systems". The group has written the code in an effort to bring more awareness to security flaws, according to the site.

Members of the BlackAngels were not available for comment.

A Cisco representative said the company is not aware of any active attacks on the vulnerabilities. The company also said it is working closely with its customers and industry organisations to address the issues.

Bugs in Cisco's IOS software are common, and the company often publishes news about ways to work around these vulnerabilities. This past summer, it announced it had discovered a bug in IOS running on its carrier class routers that exposed them to denial-of-service attacks. In December 2003, the company reported vulnerabilities in IOS running on some of its wireless products. Security is a main area of focus for Cisco lately as it beefs up its portfolio of security products.

The company recently announced that it is buying Riverhead Networks for $39m. The start-up makes an appliance designed to protect enterprise networks from denial-of-service attacks.

Marguerite Reardon writes for CNET News.com