Security researcher faces scrutiny, FBI probe

Michael Lynn, the security researcher who defied Cisco Systems and his employer Internet Security Systems to demonstrate that it is possible to hack into Cisco routers, faces scrutiny from his peers and a criminal investigation by the FBI.

The FBI is investigating Lynn for violating trade secrets belonging to ISS, his former employer, according to a Wired News report on Friday. Lynn quit his job at ISS and gave the talk on router software security at the Black Hat security confab in Las Vegas on Wednesday after Cisco and ISS had agreed to cancel the presentation.

A representative for the Las Vegas FBI field office on Friday would not confirm or deny the agency's involvement.

Lynn's attorney, Jennifer Granick, told Wired that she believes the FBI is investigating a complaint from Cisco or ISS. The investigation is likely to end soon now that all parties have agreed to a settlement, she said.

Black Hat was buzzing with chatter on whether Lynn did the right thing. Was he saving face, or saving the world?

Some people feel he presented because he was upset that Cisco and ISS decided to pull his talk. Others said he did the right thing disclosing a serious issue in critical infrastructure. Whistleblowers are needed, they said.

Lynn is looking for a new job. On Thursday he said he has some offers. At Black Hat several executives at well-known security companies said they were unlikely to hire him. Lynn presented research that belonged to ISS after resigning, can he be trusted not to break confidentiality agreements again, these people asked.

On Thursday, during the first news conference of his life, Lynn also said he deceived the Black Hat organizers. They thought he was going to give a talk on VoIP (Voice over Internet Protocol) security instead of the presentationo on Cisco's router software.

"I did not actually have intentions to give that back-up talk," Lynn said.