Cisco pays $8.6 million for selling surveillance system it knew was vulnerable

by
Dan Goodin
from Ars Technica - All content on (#4MDSW)
cisco-vsm-800x595.jpg

Enlarge (credit: Cisco)

Cisco is paying $8.6 million to settle claims that it sold a video-surveillance product the company knew made federal and state agencies vulnerable to serious hacking attacks. This is believed to be the first time a company has made a payout under a federal whistleblower lawsuit alleging failure to have adequate security protections.

The settlement stems from a Video Surveillance Manager package Cisco sold, starting more than a decade ago, to a raft of government agencies. These agencies include the Department of Homeland Security, the Secret Service, the Department of Defense Biometrics Taskforce, the Federal Emergency Management Agency, NASA, the Army, the Navy, the Air Force, and the Marine Corps. Known as VSM, the surveillance package was also used by government agencies in at least 15 states, including New York and California.

A 2011 lawsuit unsealed on Wednesday alleged that Cisco knowingly sold VSM to customers even after learning of a critical vulnerability. This vulnerability allowed hackers to spy on video footage in real time, turn cameras on or off, delete footage, and tamper with locks and other physical security systems connected on the same network. The lawsuit was filed under the False Claims Act in the US District Court for the Western District of New York. The act allows individuals with inside knowledge to bring suits on behalf of the government when they believe a contractor is committing fraud.

Read 5 remaining paragraphs | Comments

index?i=l-JQ9Qh0kRg:hAi0KOmAsL0:V_sGLiPB index?i=l-JQ9Qh0kRg:hAi0KOmAsL0:F7zBnMyn index?d=qj6IDK7rITs index?d=yIl2AUoC8zA
External Content
Source RSS or Atom Feed
Feed Location http://feeds.arstechnica.com/arstechnica/index
Feed Title Ars Technica - All content
Feed Link https://arstechnica.com/
Reply 0 comments