Cisco Settles False Claims Act Suit For Video Surveillance Vulnerabilities

By John Honovich, Published Aug 01, 2019, 11:54am EDT

Cisco entered the video surveillance market in 2007 and suffered for many years through a variety of its own errors and arrogance. The conclusion of that embarrassing error may have just now been reached as Cisco has paid an $8.6 million settlement for cybersecurity vulnerabilities.

cisco whistleblower video surveillance

Inside this note, we examine:

  • The significance of this court case, settled after nearly a decade of secret litigation,
  • What Cisco did according to excerpts of the complaint
  • What this means for Cisco and the video surveillance industry including the benefits and risks of those who could use the 'False Claims Act' lawsuits against other manufacturers.

Case ********

******* (*** *********)*** ***** ** **** by * *************, ***** on ************* *************** ********** in **** *** **** Cisco *** *** *******,** *** *** *********, until ****. *** *************'* *********,******** & *****, **** that *** ************* *** $*.* ******* and *** "*** ** the *****, ** *** the *****, ***** ****** Act ***** ******* ********* cybersecurity ******".***** ********* ** **"* ******* ****** ** the ** ******* ********** and ** ****** *** products ********* ******* *****’* fiscal ***** **** *** 2013."

Excerpts **** ********* **** *****

*** ********* **** **** this ***** ******* **** an ******** ***** ****** with *****'* **** *** software *** ****** ** with ***** *** *** complaint ******** *** *** fix **:

** *** **** ** the ******, *** ************* worked ** ********* *******, per *** *********.

*** *************** **** ********* obvious, ********* ** *** complaint, ** *** ********* acknowledges **** *** **** needed ***** ********* *********:

*** *********, ****** ******** reasons, **** *** ****** what *** ****** ****, though **** ** ****, it ** ****** **** there **** **** ******* security ****** (**** ** mind, ** **** ******, ********* ******* **** being **** ********* ** ******** ******* password).

******** ** *** ***** VSOM *************** ********* *** user ****** **** ****** to *** ******:

** ******* ******* ** the ******* *****:

*** *********** ***** ** that ******** ******** ****** would *** **** ****** to ****** **** ***:

Cisco ********

*****,********** ** **** ** the **********, ****** ** ** the *****, ******:

*** ********* ** ***** suppliers *** ****** *** also ********... ** *****, what ****** ********** ** one ***** ** ****** meets *** ***** ** our ************ *****.

******* **** **** ****** was '**********' ** **** is ********* *********. *** fact **** ***** ***, even **** ** **** then, *** ****** ** networking, ***** ** **** harder ** ******.

******, ***** **** **** blame ** *********:

*** ******** *** ******* by *********, * ******* we ******** ** ****. Broadware ************* ******** ** open ************ ** ***** customized ******** ************ *** solutions ** ** ***********.

********* *** * ******** for ***** ** ****, many **** **** **** being *** ****** ******, as *** ********* ******** has **** ***** **** discontinued. ** ******, **** if *** ******** **** from *********, ***** ***** and **** **** *** many *****, ** *** responsibility ** ** ****.

False ****** ***

*** *** ***** ** ***** ****** act*** ************* *************** ** important. **** ******** ********** for ***** **** **** these ****** ** **** as *** ***** **** are ***** ** **** such ************* *****. *** example, *** *** **** that *** **** ******* ** ****** '************* practices ****'.

**** ************* ******** ****** increased *******, **** ***** be * ***** *** those ****** ** *** only **** *********** ***** (the ************* *** ******* $1.6 *******) *** ****** large ************.

Cisco ******

*** ****** ** ***** in ***** ************ ** likely ** ** *******. The ******** ***** ***** surveillance ******** ** *********** dead, **************** *** ***** '***** security' ******** ** ****. ***** ***** ** still ** *** ***** surveillance ******, **** ** through ******, ***** **** a ********** ********* *** unrelated ************ (******** ****** ***** ***/******* Tested).

Industry ******

***** *** **** **** be ***** **** ******** in ********. *** ****** a ****** **** ******* was ****** (*.*., *** public) ** ** *** being *********. ** ** is ********* ******** ***** lawsuits ******* ***** ************* are *******.

*** ***** *** ********* this *** ******** ** the ********** *****, ** could ******* ****** ** step ******* *** *** the ***** ****** ***.

Comments (10)

Undisclosed Manufacturer #1

08/01/19 04:03pm

This was the Broadware Software that they acquired. They used that platform for the VMS.  The leader was and here is his bio from Puretec where is on the the Board of Directors.

Bill Stuntz is a proven business leader with strengths in setting strategic direction, building organizations, and negotiating mergers and acquisitions. He was CEO of BroadWare, which developed IP platforms for managing and integrating security products into unified solutions. After selling BroadWare to Cisco in 2007 Bill served as VP/General Manager of Cisco’s Physical Security BU which supplied surveillance, access control, and communication products to the security industry. Prior to BroadWare he served in a variety of CEO and executive capacities for companies in the security and data acquisition industries.

Agree
Disagree
Informative
Unhelpful
Funny: 4

John Honovich

IPVM | In reply to Undisclosed Manufacturer #1 | 08/01/19 04:05pm

Where is Bill Stuntz today? Curious. His LinkedIn profile has not been updated in 7 years since saying "I am currently taking some time off before starting my next venture"

Agree
Disagree
Informative
Unhelpful
Funny

Undisclosed #2

IPVMU Certified | In reply to John Honovich | 08/06/19 06:55pm

Where is Bill Stuntz today?

quit while he was ahead :)

Agree
Disagree
Informative
Unhelpful
Funny
Avatar

Morten Tor Nielsen

prescienta.com
08/01/19 07:39pm

Blaming Broadware is a cop-out. They surely did due diligence, and decided to just sell the turd anyways. Since the US is a dystopian litigation hell (or paradise if you're a lawyer I guess), it seems pretty dangerous to blow the whistle.

Even if you do "win", I expect the lawyers to take the lions share, while the whistleblower assumes the risk of frivolous counter-litigation in order to bully you into submission.

I don't expect we'll see much of this in the VMS space.

Although... maybe I should give Mr Phillips & Mr Cohen a call :)

Agree
Disagree: 1
Informative
Unhelpful
Funny: 2

John Honovich

IPVM | In reply to Morten Tor Nielsen | 08/01/19 08:04pm

Since the US is a dystopian litigation hell

While there are certainly reasons to criticize the US legal system, this seems an example of a good use. Cisco did screw up by failing to fix this and the FCA allowed some amount of punishment (the money is trivial but the public relations impact is not). Furthermore, it likely will provide further motivation for manufacturers to promptly fix things.

Agree: 7
Disagree
Informative
Unhelpful
Funny

Undisclosed #2

IPVMU Certified | 08/03/19 11:23pm

With cybersecurity concerns having increased sharply, this could be a means for those filing to not only make significant money (the whistleblower was awarded $1.6 million)...

i am considering a career change to ‘whistleblower’...

Agree
Disagree
Informative
Unhelpful
Funny: 3

Undisclosed

08/06/19 08:48pm

A Milestone employee reported a bug in Cisco software and got fired for it?  Milestone fired someone over this?

Agree
Disagree
Informative
Unhelpful: 1
Funny

John Honovich

IPVM | In reply to Undisclosed | 08/06/19 08:53pm

No, he got fired when he worked at NetDesign, a 'Danish network services provider". Later, he went to work for Milestone and it was during this time, the suit was filed.

Agree
Disagree
Informative: 1
Unhelpful
Funny

Robert Fuller

09/09/19 03:16pm

This VMS was absolutely terrible. Cisco's support on it was equally as bad. John, there is a review on here I wrote probably 10 years ago detailing how terrible it was.

Edit: Cisco Surveillance Problems - Case Study

Agree
Disagree
Informative
Unhelpful
Funny

luis rodriguez

10/29/19 06:51pm

to be quiet honest for Cisco to pay $10,000,000 dollars is nothing !!! not even worth the mention on surveillance.

Agree
Disagree
Informative
Unhelpful
Funny
Read this IPVM report for free.

This article is part of IPVM's 7,338 reports and 973 tests and is only available to subscribers. To get a one-time preview of our work, enter your work email to access the full article.

Already a subscriber? Login here | Join now
Loading Related Reports