/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsAndy Sullivan
LAS VEGAS: - Computer hackers worked through the weekend to expose a flaw that could allow an attacker to take control of the Cisco Systems Inc. routers that direct traffic across much of the Internet.
Angered and inspired by Cisco's attempts to suppress news of the flaw earlier in the week, several computer security experts at the Defcon computer-security conference worked past midnight Saturday to discover and map out the vulnerability.
"The reason we're doing this is because someone said you can't," said one hacker, who like the others spoke to Reuters on condition of anonymity.
Cisco's routers direct traffic across at least 60 percent of the Internet and the security hole has dominated a pair of conferences that draw thousands of security researchers, U.S. government employees and teenage troublemakers to Las Vegas each summer.
The hackers said they had no intention of hijacking e-commerce payments, reading private e-mail, or launching any of the other malicious attacks that could be possible by exploiting the flaw.
Rather, they said they wanted to illustrate the need for Cisco customers to update their software to defend against such possibilities. Many Cisco customers have postponed the difficult process because it could require them to unplug entirely from the Internet.
Security researcher Michael Lynn first described the flaw on Wednesday at the Black Hat conference over the objections of Cisco and his former employer, Internet Security Systems Inc.
Lynn helped Cisco develop a fix but wanted to discuss it publicly to raise awareness of the problem, according to associates, going so far as to quit his job with ISS so he could talk freely.
Some experts said the flaw has been blown out of proportion. Malevolent attackers are more likely to focus on easier targets such as home computers rather than the complex routers that direct traffic across the Internet, said Jon Callas, chief technical officer of PGP Corp., a provider of encryption software.
"An awful lot of the buzz that is going around is buzz because of the use of lawyers and injunctions and lawsuits rather than the actual thing itself," said Callas, who is not involved in efforts to hack the software.