Hold them accountable
Cisco should be held criminally responsible for this and all other Cisco hardware/software defects.
More than a dozen compromised router infections have been found in the wild, all targeting Cisco kit as part of sophisticated attempts to hack into corporate and government networks. Once considered only a theoretical risk, the finding of malware-infected routers by FireEye/Mandiant shows that the threat is all too real. A …
How are Cisco in any way accountable for this? - This is a clear case of credential abuse/loss. It's been clearly stated there is no vulnerability in any Cisco products which has caused this. The only thing this proves is the Password model is broken and gives further weight to organisations deploying next gen AAA services and 2 factor authentication.
Why is it that when the country that may have done it is someone like China or Russia, their names are shouted from the rooftops by every news source, but when the target list and modus operandi suggests that it was the US who did it the press gets all coy and doesn't want to talk about it?
That's very, very, odd, isn't it? I mean we do have a free press who will fearlessly report the facts, right? Or do we?
Clearly someone that does not know what they are talking about. ROMMONs are not the IOS software on the platform, they are the equivalent of a BIOS. People do not download "ROMMONs" in order to run unlicensed IOS software. Malicious ROMMONs are installed on machines are intercepted in transit and the ROMMONs replaced.