Whistleblower vindicated in Cisco cybersecurity case

ABC News | 8/1/2019 | Staff
Cocoa_Candy12Cocoa_Candy12 (Posted by) Level 3
Click For Photo: https://s.abcnews.com/images/Technology/WireAP_e004410a97884952be488f735ab3d520_16x9_992.jpg

A computer security expert who has won a trailblazing payout in a whistleblower lawsuit over critical security flaws he found in October 2008 in Cisco Systems Inc. video surveillance software thought his discovery would be a career-boosting milestone.

"I mean, this was a pretty decent accomplishment," Glenn said Thursday in a phone interview.

Cisco - Reseller - Denmark - Cost-cutting - Needs

Instead, he was fired by the Cisco reseller in Denmark that employed him, which cited cost-cutting needs. And Cisco kept the flaws in its Video Surveillance Manager system quiet for five years.

Only Wednesday, when an $8.6 million settlement was announced and the lawsuit he filed in 2011 under the federal False Claims Act unsealed, was Glenn's ordeal revealed — along with the potential peril posed by Cisco's long silence.

Law - Whistleblowers - Report - Fraud - Misconduct

The law lets whistleblowers report fraud and misconduct in federal contracting — for selling flawed products, essentially — and collect financial rewards when claims succeed. Glenn's attorneys said his is the first cybersecurity case successfully litigated under the FCA.

Cybersecurity expert Chris Wysopal of Veracode said the case breaks new ground by making it clear that security vulnerabilities now fall into the flawed product category.

Type - Bug - Bounty - Security - Researchers

"This allows for a new type of bug bounty for security researchers if vendors drag their feet, continue selling their products to governments without notifying of the risk they know about and not fixing their flaws," he said.

The exploit Glenn, 42, discovered would have given an attacker full administrative access to the software that managed video feeds, letting them be monitored from a single location, the lawsuit says. It could also potentially allow unauthorized access to sensitive connected systems.

Intruder - Control - Security - Systems - Locks

That meant an intruder might have taken control of or bypassed physical security systems such as locks and fire alarms, which are regularly connected to camera systems.

"An unauthorized user could effectively shut down an entire airport by taking control of...
(Excerpt) Read more at: ABC News
Wake Up To Breaking News!
Sign In or Register to comment.

Welcome to Long Room!

Where The World Finds Its News!