The Telnet
Protocol and Zero Day Attacks: An Investigation Into the “Vault 7” Cisco
Exploits And The Implications Thereof
Abstract
Control the routers, and you can control
the Internet. Recent revelations of leaked material from the United States
Central Intelligence Agency by Wikileaks, from the collection known as “Vault
7”, show that the agency was hoarding a plethora of so-called “zero day”
exploits: undisclosed vulnerabilities that can exploit computer systems. CIA
manuals indicated specific areas of the Cisco IOS code as being vulnerable, in
particular the Cluster Management Protocol code. Cisco engineers found the
potential to exploit the Telnet protocol, an unsecure Internet or LAN protocol
that allows for virtual terminal connections. The exploit, labelled by Cisco as
CVE-2017-3881, allowed for the remote and unfettered access of at least 300
different models of Cisco switches over the Internet, despite the access
intending to be allowed only for LAN. There are broad implications from this
discovery. One is that the continued use of the antiquated Telnet protocol is
prone to broad digital attacks, such as the Mirai botnet which targeted
Internet of Things or “IoT” devices. Two, as the largest networking company in
the world, such a broad exploitation of Cisco devices compromises the Internet
at its fundamental core. Three, the hoarding by intelligence agencies of these
exploits is risky to the public at large, due to the potential for overlap
discovery where other nefarious hackers discover the exploits or, as in the
case of the Shadow Brokers leak in 2016, where NSA cyberweapons that also
utilized zero day exploits, and happened to target Cisco, were released in the
open. Lastly, the repeated aforementioned loss of these government hoarded
secrets strongly suggests that the agencies cannot be trusted with legislated
backdoors into digital security such as encryption.
-----------------------------------------------------
Control
the routers, and you can control the Internet. On March 7th, 2017,
the largest publication of confidential documents from the United States
Central Intelligence Agency was released by Wikileaks, known as “Vault 7”
(Assange). Of particular interest to digital security specialists was how that
the agency was hoarding a plethora of so-called “zero-day” exploits:
undisclosed vulnerabilities that can exploit computer systems (Ulanoff). One exploit
is alleged to make use of the Telnet protocol, an unsecure Internet or LAN
protocol that allows for virtual terminal connections, in order to gain
elevated access to Cisco’s routers and switches (Cimpanu). The exploit,
labelled by Cisco as CVE-2017-3881, allowed for the remote and unfettered
access to at least 300 different models of Cisco switches (Kennedy). As the
largest networking company in the world, such a broad exploitation of Cisco
devices compromises the Internet at its fundamental core. This paper will
examine the history of the Telnet protocol and attacks upon it, Cisco switches,
the recently revealed practice of intelligence agencies hoarding digital
exploits, and the worldwide risk to digital security presented by this practice.
The
Telnet protocol was first defined and used in 1969 (TELNET: The Mother of All
Applications Protocols). The protocol predates the modern Internet and is the
basis for many other protocols such as HTTP and FTP (Geerling). Telnet, short
for either telecommunications network or terminal network, is considered by
some to be the “original Internet” (Gil, Fisher). The protocol allows for plain
text remote interfaces over TCP/IP networks, and was designed with the
assumption of a high level of trust between client and mainframe computers
(Gil). These client computers did not require powerful hardware – only a
connection to the network and a text based interface to utilize Telnet
(Geerling). Using these terminals boosted productivity and saved time for those
at universities and enterprises that required multiple users accessing the
mainframe at once, which could often also be very distant. As such, security
steps such as encryption were not designed into the protocol nor perhaps were
they even needed given its use for closed networks (Gil, Geerling). What this
entails for the modern user is that data transmitted via Telnet can easily be
read through network packet sniffing. For most of its purposes, Telnet was
superseded later by the Secure Shell protocol, better known as SSH, in response
to a password-sniffing attack on a university utilizing plain text
communication (Geerling). Unlike Telnet, SSH utilizes encryption through
different methods at various points in the transaction including symmetrical
encryption, asymetrical encryption, and hashing (Ellingwood). Telnet is still utilized, however, for
checking services on remote servers, devices through local serial connections,
and some remote device configuration (Neagu). Telnet also had a popular use for
searching through public access library catalogs in the early days of the
Internet (Lavendar). Some of these online catalogs are still accessible,
assumed to be Telnet daemons running on machines that also provide HTTP access
or on antiquated, forgotten servers (Public Access Catalogue). The protocol has
also been utilized for bulletin-board access along with text-videogames known
as multi-user dungeons or MUDs, due to antiquated code bases for MUDs not
supporting SSH (Why Do MUDs use Telnet?). However, the most risky use of the
protocol – the risk most relevant to the topic – is the use of the protocol for
remote configuration (Fisher).
Modern
operating systems typically come with both the Telnet client and Telnet server
disabled, and as of Windows Server 2016, the Telnet server itself is not
included (Fisher, Gregory). The SANS Institute, a resource for information
security training and security certification, warns that even the ability for a
system to utilize Telnet increases risk (Zirkle). Since 1994, CERT – an
cyber-security organization out of Carnegie Mellon University – has warned
against the use of Telnet (Ongoing Network Monitoring Attacks). However, as
demonstrated by recent attacks and potential exploits that made use of the
Telnet protocol, there is still significant risk. To even summarize the large
list of potential Telnet exploits in different systems is vastly beyond the
scope of this paper, so only the most recent attacks that actually took place
will be examined. First, the largest distributed denial of service attack ever
recorded was done with the Mirai botnet (Mapping Mirai). Denial of service
attacks are where systems all simultaneously make garbage communications
attempts with an endpoint, such as a specific company’s Internet servers. In
other words, it suffocates the connection through using available bandwidth
(Popeskic). A botnet is a network of computers over the Internet that have been
compromised in various degrees (Mapping Mirai). In the case of Mirai, the focus was on
“Internet of Things” or IoT devices – so-called “smart” Internet connected
devices such as fridges, toasters, CCTVs, baby-monitors, et cetera (Mapping
Mirai). There are estimated to be over 15 million devices on the Internet that
still actively use the Telnet protocol, and Mirai spread in large part through
these (Mapping Mirai). Mirai utilized a bruteforce attack – typically, a
systematic guessing of usernames and passwords based on dictionaries, but in
Mirai’s case based on a list of factory defaults – against these devices, many
of which lack bruteforce protection (Mapping Mirai).. Once infected, these
devices continue to function, albeit sluggishly, and monitor to a command and
control server which then indicates the target of a DDoS attack. Mirai is far from the only piece of
malware to spread through Telnet, and segments of its source code have been
utilized in other malware that infects Linux-based embedded devices through the
use of default passwords and bruteforce attacking (Leyden). Of particular
interest is the CVE-2017-3881 vulnerability in Cisco devices, which allowed for
an unauthenticated, remote attacker to reload a targeted device or execute code
with elevated privileges in over 300 types of Cisco switches. To understand the
grave potential for this exploit, it is important to understand how Cisco
switches operate and what the practical security aspects are of the CVE-2017-3881
vulnerability.
The
actual code of the malware mentioned in Vault 7 has not yet been publicly
disclosed, and it is entirely possible that the CVE-2017-3881 vulnerability is
actually not the code affected. Nevertheless, according to Omar Santos and analysts
with the Cisco Product Security Incident Response Team or PSIRT, they believe
the CIA has access to malware that can target different families of Cisco
devices, and that the malware can provide:
…Data collection, data exfiltration, command execution
with administrative privileges (and without any logging of such commands ever
been executed), HTML traffic redirection, manipulation and modification
(insertion of HTML code on web pages, DNS poisoning, covert tunneling, and
others. The authors have spent a significant amount of time making sure the
tools, once installed, attempt to remain hidden from detection and forensic
analysis on the device itself. It would also seem the malware author spends a
significant amount of resources on quality assurance testing – in order, it
seems, to make sure that once installed the malware will not cause the device
to crash or misbehave.
Without immediate access to the code of
the malware, Cisco was forced to audit the code based on clues from the Vault 7
leaks (Chirgwin). In the process, they found that the Cluster Management
Protocol in the Cisco IOS and IOS XE Software could allow for a remote attack
(Kovacs). The Cluster Management Protocol utilizes Telnet for signaling and
command between cluster members. However, according to Cisco the vulnerability
was due to two specific factors:
The failure to restrict the use of CMP-specific Telnet
options only to internal, local communications between cluster members and
instead accept and process such options over any Telnet connection to an
affected device, and the incorrect processing of malformed CMP-specific Telnet
options. An attacker could exploit this vulnerability by sending malformed
CMP-specific Telnet options while establishing a Telnet session with an
affected Cisco device configured to accept Telnet connections. An exploit could
allow an attacker to execute arbitrary code and obtain full control of the
device or cause a reload of the affected device.
In response, Cisco recommended the
hardening of devices through disabling the ability for devices to accept Telnet
connections, and later released software updates to address the specific
vulnerability (Santos).
According
to the International Data Corporation or “IDC”, Cisco makes up as of 2016
nearly 60% of the market share in routers and switches (Haranas). Given this as
well as the use of proprietary, typically closed-source software such as IOS in
their devices, this makes Cisco a particularly large target. While attacks like
Mirai were impressive in the multitude of embedded devices that were affected
and crippling in botnet attacks and the difficulty in responding, the stealth
and range of damage that could be affected by outright “owning” routers and
switches is far more compromising. For example, as an intelligence agency or a
criminal enterprise – data collection on routers in the Internet can do raw
packet dumps, unencrypted passwords, browsing behaviors, vulnerability
assessment, and so on. Data exfiltration through redirecting TCP and UDP
packets can subvert firewall protection. Command execution with administrative
privileges bypasses system management and also has the potential to be non
auditable – a router rootkit. The implications of HTML redirecting and the
insertion of HTML code on webpages also have widespread implications:
redirection could cause “phishing” attacks at otherwise authentic URLs. For
example, a false login page on a mirrored and compromised website stealing
one’s credentials while using the exact same URL as the authentic website.
Of note, the fact that
this exploit utilizes the Telnet protocol means that it could stand to reason
that the exploit is very old. This raises questions about the company’s own
auditing process in their software. While Cisco claims there is no evidence of
the exploit ever having been used, in the same breath they say there is no way
to accurately audit the exploit (Chirgwin). Wikileaks claims that the CIA was
exploiting the flaw, but it is unknown whether there is hard evidence of that
or if it is an assumption by the organization (Kovacs). Ergo, it logically
follows that there is no way to know from simply auditing their device logs.
The
attacks uncovered by the Vault 7 leaks are not the first against Cisco by US
intelligence agencies. In 2014, Edward Snowden through Wikileaks revealed that
the National Security Agency or “NSA” had a practice of physically intercepting
devices in transit and installing rootkits to monitor target companies (McElroy,
Schneier). In 2013, the Shadow Brokers hacking group is believed to have
compromised an NSA staging server, stealing the spy agency’s cyberweapons which
made use of hoarded exploits. This was not revealed until 2016, potentially
after elements had already been utilized and/or sold (Schneier). There is no
indication the NSA was aware of the hack until 2016 (Whittaker). “When the NSA
screws up, it’s US technology companies that have to bear the reputational
costs,” says ACLU Chief Technologist Chris Soghoian. “The NSA gets to avoid all
of the unpleasantness associated with its mistakes” (Brandom). Unlike the
Wikileaks “Vault 7” leaks, Shadow Brokers released segments of the actual
malware code to the public writ large, along with selling other tools on the
black markets on the darknet, compromising Cisco equipment through dozens of
different and previously unknown exploits. For instance, VPNs using IPsec
internet key exchange with PIX firewalls below version 6 could be sent
specially crafted packets to obtain the contents of the device memory. Other
attacks included exploiting parsers through buffer overflow flaws, allowing
remote SNMP code execution (Whittaker). The exploits are known as CVE-2016-6367
and CVE-2016-6366, or “EPICBANANA” and “EXTRABACON” per Omar Santos. According
to Derek Kortepeter,
It is likely that we will hear of more patches being
released from all companies exposed by this NSA leak. There is talk in the
cybersecurity community now of how to best avoid incidents like this in the
future. One of the most thrown-around suggestions is making sure the NSA is
more diligent about disclosing vulnerabilities to vendors, rather than hoarding
them. As we’ve seen, by hoarding all of this data, the NSA has made vendors’
jobs extremely difficult in regard to defending against cyber attacks.
Unlike the Shadow Brokers hacks, WikiLeaks
has promised exclusivity in the direct binaries and some technical details with
vendors affected by the Vault 7 leaks, including Apple, Microsoft, Google,
Mozilla, and MicroTik. It is unclear whether this information has also been
provided to Cisco, if the binaries are available to be provided at all, or if
Cisco refuses to work with WikiLeaks. According to Eduard Kovacs, there could
be legal repercussions for using any of the information obtained by WikiLeaks,
as “classified files remain classified even if they are made public.” Looking
at the segments of the publicly available leaks, they are more developer notes
rather than program overviews – or even the programs themselves. Nevertheless,
the CIA refuses to comment on the authenticity of the leaks, but given the
exploits discovered, it seems obvious there is merit (Kovacs).
The CIA criticized the
leaks as “such disclosures… equip our adversaries with tools and information to
do us harm.” According to Wired writer Andy Greenberg, the real problem isn’t
“someone in Langley is watching you through your hotel room’s TV. It’s the rest
of the hacker world that the CIA has inadvertently empowered.” The vast amount
of the zero-day stash revealed by the Vault 7 leaks suggests that it is not
only the CIA that has access to these digital vulnerabilities, but
theoretically foreign intelligence agencies and hacking syndicates may also
have access. According to Kevin Bankston, director of the New America
Foundation’s Open Technology Institute, “If the CIA can use it, so can the
Russians, or the Chinese or organized crime. The lesson here, first off, is
that stockpiling a bunch of vulnerabilities is bad for cybersecurity. And two,
it means they’re likely going to get leaked by someone” (Greenberg). As the NSA
cybertools were hacked by the Shadow Brokers group, according to WikiLeaks, the
Vault 7 archive was circulated among US government contractors and paid,
freelance hackers in an unauthorized manner, which raises the possibility of
these leaks being the hands of nefarious hackers long before WikiLeaks’
publishing. The hoarding of these exploits also appears to contradict Obama
administration policy. Again per Greenberg,
…the CIA appears to have kept the security flaws those
techniques exploited secret. And the sheer number of those exploits suggests
violations of the Vulnerabilities Equities Process, which the Obama
administration created in 2010 to compel law enforcement and intelligence
agencies to help fix those flaws, rather than exploit them whenever possible.
“Did CIA submit these exploits to the
Vulnerabilities Equities Process?” asks Jason Healey, a director at the
Atlantic Council.
If not, you can say that either the process is out of
control or they’re subverting the president’s priorities… The deal we make in a
democracy is that we understand we need military and intelligence services. But
we want oversight in the executive branch and across the three branches of
government. If the CIA says ‘we’re suppose to do this, but we’re just not going
to,’ or ‘we’re going to do it just enough that the White House thinks we are,’
that starts to eat away at the fundamental oversight for which we have elected
officials. (Greenberg)
There are thus large ethical dilemmas also
raised by the compromise of digital security by US intelligence agencies. The
implication that the CIA may have overstepped its legal boundaries through
violation of the Vulnerabilities Equities Process implies that the agency
operates as though it is beyond oversight, dangerously compromising the
separation of powers inherent in the United States federal system of
government.
When these secrets fall
into the wrong hands, or even simply keeping them from vendors, compromises
security not only for “targets” of the CIA but the worldwide digital
infrastructure, affecting not only Americans. While these ethical and legal
concerns are largely beyond the scope of this paper, they nevertheless deserve
mentioning. It should not be considered disarmament for reasons that security
expert Bruce Schneier raises,
The implications of US policy can be felt on a variety
of levels. [Such] actions have resulted in a widespread mistrust of the
security of US Internet products and services, greatly affecting American
business. If we show that we're putting security ahead of surveillance, we can
begin to restore that trust. And by making the decision process much more
public than it is today, we can demonstrate both our trustworthiness and the
value of open government. An unpatched vulnerability puts everyone at risk, but
not to the same degree. The US and other Western countries are highly
vulnerable, because of our critical electronic infrastructure, intellectual
property, and personal wealth. Countries like China and Russia are less
vulnerable -- North Korea much less -- so they have considerably less incentive
to see vulnerabilities fixed.
The CIA’s security practice, ethics aside,
also show a degree of irresponsibility in waging cyberwarfare. The act of
buying exploits from so-called “blackhat” hackers on the dark web, hoarding
those exploits, and then entrusting their portfolio to agency employees and
contractors – one of whom is the source of the Vault 7 leaks – is according to
some analysts, in many ways, the digital equivalent of sloppy nuclear arms
dealing that one would expect from a failed state. Not all security analysts
agree with this assessment, however. Rob Graham of Errata Security notes that
the agency buys zero-day exploits in order to utilize them. Critics of the
policy are thus asking the government to spend millions on vulnerabilities in
order to disclose them (Leyden, CIA Hacking Dossier).
The
inability for the agencies to keep this cache of malware and exploits secure is
also particularly worrying in the wake of demand for government-legislated
backdoors into devices. If these huge caches are so easily leaked, then
certainly a “factory default” account or methodology for root access can also
be leaked. FBI Director James Comey called for companies to intentionally build
security flaws into their devices – a technical backdoor – in the wake of the
San Bernardino shooting case (Hall). The FBI had also attempted to force Apple
to provide access into the devices of the shooters, before dropping their
request and settling on paying a hacker to do so (Nakashima).
More
and more, there is a conflict between interest of security and privacy and
intelligence aims of state actors. Companies like Cisco, who operate in the
global market, have their reputations and products at risk when state actors
are allowed to uncover or purchase and utilize vulnerabilities free of legal
repercussion. This particularly becomes problematic when those caches are
released into the public. Nevertheless, digital vendors also have a
responsibility to continuously test and patch their own software. The use of
Telnet, for instance, in any way shape or form – a protocol that has been
warned against for over twenty years – is irresponsible. Why Cisco continues to
permit the utilization of the protocol in modern switches and router is
probably due to compatibility issues between cluster manager services.
Nevertheless, such weak points in the technological foundations of the Internet
are an Achilles’ heel. Worse still, intelligence agencies operating outside the
bounds of their own regulation and will of the people are a weakness in the
integrity of state apparatus.
References
Assange, J. (2017, March 7). Vault 7: CIA Hacking
Tools Revealed. Retrieved April 01, 2017, from https://wikileaks.org/ciav7p1/
Brandom, R. (2016, August 19). After Shadow Brokers,
should the NSA still be hoarding vulnerabilities? Retrieved April 01, 2017,
from http://www.theverge.com/2016/8/19/12548462/shadow-brokers-nsa-vulnerability-disclosure-zero-day
Chirgwin, R. (2017, March 19). Cisco reports bug
disclosed in WikiLeaks' Vault 7 CIA dump. Retrieved April 01, 2017, from https://www.theregister.co.uk/2017/03/19/cisco_goes_public_with_its_first_vault7_response/
Cimpanu, C. (2017, March 20). Cisco's Investigation
into Vault 7 Leak Uncovers 0-Day Affecting 318 Products. Retrieved April 01,
2017, from https://www.bleepingcomputer.com/news/security/ciscos-investigation-into-vault-7-leak-uncovers-0-day-affecting-318-products/
Ellingwood, J. (2014, October 22). Understanding the
SSH Encryption and Connection Process | DigitalOcean. Retrieved April 01, 2017,
from
https://www.digitalocean.com/community/tutorials/understanding-the-ssh-encryption-and-connection-process
Fisher, T. (2017, March 6). What is Telnet? (How to
Use Telnet Client in Windows). Retrieved April 01, 2017, from https://www.lifewire.com/what-is-telnet-2626026
Geerling, J. (2014, April 15). A brief history of SSH
and remote access. Retrieved April 01, 2017, from https://www.jeffgeerling.com/blog/brief-history-ssh-and-remote-access
Gil, P. (2017, March 19). What Exactly Is 'Telnet'?
What Does Telnet Do? Retrieved April 01, 2017, from https://www.lifewire.com/what-does-telnet-do-2483642
Greenberg, A. (2017, March 08). How the CIA's Hacking
Hoard Makes Everyone Less Secure. Retrieved April 01, 2017, from https://www.wired.com/2017/03/cias-hacking-hoard-makes-everyone-less-secure/
Gregory, K. (2016, October 14). Telnet Server Removed
From Windows Server 2016. Retrieved April 01, 2017, from http://www.innovativeii.com/telnet-server-removed-windows-server-2016/
Hall, J. (2016, March 03). Issue Brief: A “Backdoor”
to Encryption for Government Surveillance. Retrieved April 01, 2017, from https://cdt.org/insight/issue-brief-a-backdoor-to-encryption-for-government-surveillance/
Haranas, M. (2016, June 27). IDC: Cisco's Networking
Market Share Dominance Slipping As It Battles HPE, Huawei. Retrieved April 01,
2017, from http://www.crn.com/slide-shows/networking/300081109/idc-ciscos-networking-market-share-dominance-slipping-as-it-battles-hpe-huawei.htm/pgno/0/1?itc=refresh
Kennedy, P. (2017, March 20). Cisco 0-day Unpatched
Switch Telnet Vulnerability CVE-2017-3881. Retrieved April 01, 2017, from https://www.servethehome.com/cisco-0-day-unpatched-switch-telnet-vulnerability-cve-2017-3881/
Kortepeter, D. (2016, August 31). NSA hack: Cisco
releases patches for exposed vulnerabilities. Retrieved April 01, 2017, from http://techgenix.com/nsa-hack-cisco-releases-patches/
Kovacs, E. (2017, March 20). Cisco Finds Zero-Day
Vulnerability in 'Vault 7' Leak. Retrieved April 01, 2017, from http://www.securityweek.com/cisco-finds-zero-day-vulnerability-vault-7-leak
Lavender, C. (n.d.). Using Telnet and the WWW to
Search Library Catalogs Online. Retrieved April 01, 2017, from https://csivc.csi.cuny.edu/history/files/lavender/library.html
Leyden, J. (2016, October 31). A successor to Mirai?
Newly discovered malware aims to create fresh IoT botnet. Retrieved April 01,
2017, from https://www.theregister.co.uk/2016/10/31/iot_botnet_wannabe/
Leyden, J. (2017, March 8). CIA hacking dossier leak
reignites debate over vulnerability disclosure. Retrieved April 01, 2017, from https://www.theregister.co.uk/2017/03/08/cia_hacking_tool_dump_vuln_disclosure_debate/
Mapping Mirai: A Botnet Case Study. (2016, October
05). Retrieved April 01, 2017, from https://www.malwaretech.com/2016/10/mapping-mirai-a-botnet-case-study.html
McElroy, R. (2017, March 22). Own the Routers. Own the
Internet. Retrieved April 01, 2017, from https://www.carbonblack.com/2017/03/22/own-the-routers-own-the-internet/
Nakashima, E. (2016, April 12). FBI paid professional
hackers one-time fee to crack San Bernardino iPhone. Retrieved April 01, 2017,
from https://www.washingtonpost.com/world/national-security/fbi-paid-professional-hackers-one-time-fee-to-crack-san-bernardino-iphone/2016/04/12/5397814a-00de-11e6-9d36-33d198ea26c5_story.html?utm_term=.4552bedcd029
Neagu, C. (2015, October 06). Simple Questions: What
Is Telnet & What Can It Still Be Used For? Retrieved April 01, 2017, from http://www.digitalcitizen.life/simple-questions-what-telnet-what-can-it-still-be-used
Ongoing Network Monitoring Attacks. (1994, February
3). Retrieved April 01, 2017, from http://www.cert.org/historical/advisories/CA-1994-01.cfm
Popeskic, V. (2015, September 14). Telnet Attacks –
Ways to compromise remote connection. Retrieved April 01, 2017, from https://howdoesinternetwork.com/2011/telnet-attacks
Public access catalogue? r/telnet. (n.d.). Retrieved
April 01, 2017, from https://www.reddit.com/r/telnet/comments/3n8ve4/public_access_catalogue/
Santos, O. (2016, August 17). The Shadow Brokers
EPICBANANA and EXTRABACON Exploits. Retrieved April 01, 2017, from http://blogs.cisco.com/security/shadow-brokers
Santos, O. (2017, March 7). The Wikileaks Vault 7 Leak
– What We Know So Far. Retrieved April 01, 2017, from http://blogs.cisco.com/security/the-wikileaks-vault-7-leak-what-we-know-so-far
Scheneier, B. (2014, May 22). Disclosing vs Hoarding
Vulnerabilities. Retrieved April 01, 2017, from https://www.schneier.com/blog/archives/2014/05/disclosing_vs_h.html
TELNET: The Mother of All (Application)
Protocols. (n.d.). Retrieved April 01, 2017, from http://www.ics.uci.edu/~rohit/IEEE-L7-v2.html
Ulanoff, L. (2017, March 08). This is why you should
be terrified of the Wikileaks Vault 7 data dump. Retrieved April 01, 2017, from
http://mashable.com/2017/03/08/what-wikileaks-vault7-reminds-us-about-iot/#EqlrKjWmu8qB
Whittaker, Z. (2016, August 18). Cisco, Fortinet patch
flaws used by alleged NSA hacking group. Retrieved April 01, 2017, from http://www.zdnet.com/article/cisco-fortinet-patch-flaws-exposed-by-alleged-nsa-hacking-group/
Why do most MUDs use Telnet instead of SSH? r/MUD. (n.d.).
Retrieved April 01, 2017, from https://www.reddit.com/r/MUD/comments/2qfu6q/why_do_most_muds_use_telnet_instead_of_ssh/
Zirkle, L. (n.d.). IDFAQ: Do telnet and rlogin
increase the risk of compromise? Retrieved April 01, 2017, from https://www.sans.org/security-resources/idfaq/do-telnet-and-rlogin-increase-the-risk-of-compromise/7/2