wordpress blog stats
Connect with us

Hi, what are you looking for?

Cisco router hack exposes Internet traffic details from India & other countries


Network security company FireEye has reported a hack called SYNful Knock that modifies the firmware on some Cisco routers letting attackers maintain a persistent presence in the victim’s router. According to the report, 14 such router implants were confirmed to exist in four different countries including India.

Cisco itself admitted to the hack and has published guidelines to help detect such attacks. According to this ibtimes report, FireEye claims that these routers are gateways to entire countries’ infrastructures and act as the ‘ultimate listening device’. Interestingly, the report further mentions that due to the sophistication of the attack, only nations with enough resources and technical knowledge could carry it out, rather than individual users or private hacker groups. The company added that multiple countries are using the exploit to spy on other countries.

The affected routers are Cisco 1841, 2811 and 3825 routers, although FireEye mentions that other models are also likely affected based on the similarity in function and IOS (Cisco’s router OS) code base. Note that these attacks do not take advantage of any vulnerability as such, and instead require physical access or login credentials in order to install the backdoor. However, once installed, the backdoor lets attackers access all data flowing through the router.

Persistent and modular: The malicious firmware continues to persist on rebooting the router, and provides access to the attacker via a backdoor password through Telnet. The firmware can then be instructed to download other modules stealthily, although these modules are automatically removed on a reboot. The modules are enabled via HTTP (rather than HTTPS), and use customized TCP packets to communicate back and forth with the attackers.

What it does: The modified IOS firmware loads a sneaky network command and control solution that basically sends TCP header values and content back to the attacker. Other than reading the network status and traffic, the firmware can load an additional 100 modules on the victim router and contains five malicious commands: to return state of modules, allocate space for additional modules, download modules, activate modules and to delete them.

Advertisement. Scroll to continue reading.

Pakistani firm cyber stealing: In March, a two year investigation by FireEye revealed that a Pakistani cyber security firm Tranchulas had reportedly been stealing information from the Indian government and defence establishments. According to FireEye, Tranchulas, which claims to have helped the Pakistani government prepare for cyber warfare, sent emails to Indian government officials containing malicious code.

NSA snooping: In June last year, we had reported that India may be working with the NSA to intercept email, chat, VPN data, VoIP and voice call records among others. This was also based on documents that were released by Edward Snowden. According to these documents, India is an “Approved SIGINT partner” with the NSA.

Another document leaked by Snowden showed that the Indian embassy in US was also monitored. The NSA used implants (sensors and recording devices), screen grabs, created images of disks and used ‘data from magnetic emanations’ to carry out the monitoring.

Written By

MediaNama’s mission is to help build a digital ecosystem which is open, fair, global and competitive.



The DSCI's guidelines are patient-centric and act as a data privacy roadmap for healthcare service providers.


In this excerpt from the book, the authors focus on personal data and autocracies. One in particular – Russia.  Autocracies always prioritize information control...


By Jai Vipra, Senior Resident Fellow at Vidhi Centre for Legal Policy The use of new technology, including facial recognition technology (FRT) by police...


By Stella Joseph, Prakhil Mishra, and Yash Desai The Government of India circulated proposed amendments to the Consumer Protection (E-Commerce) Rules, 2020 (“E-Commerce Rules”) which...


By Rahul Rai and Shruti Aji Murali A little less than a year since their release, the Consumer Protection (E-commerce) Rules, 2020 is being amended....

You May Also Like


Rajesh Kumar* doesn’t have many enemies in life. But, Uber, for which he drives a cab everyday, is starting to look like one, he...


By Aroon Deep and Aditya Chunduru You’re reading it here first: Twitter has complied with government requests to censor 52 tweets that mostly criticised...


135 job openings in over 60 companies are listed at our free Digital and Mobile Job Board: If you’re looking for a job, or...


Google has released a Google Travel Trends Report which states that branded budget hotel search queries grew 179% year over year (YOY) in India, in...

MediaNama is the premier source of information and analysis on Technology Policy in India. More about MediaNama, and contact information, here.

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ

Subscribe to our daily newsletter
Your email address:*
Please enter all required fields Click to hide
Correct invalid entries Click to hide

© 2008-2021 Mixed Bag Media Pvt. Ltd. Developed By PixelVJ