A major breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were able to spy on the encrypted communications of the U.S. government and private companies for the past three years.
The FBI is investigating the breach, which involved hackers installing a back door on computer equipment, U.S. officials told CNN. Juniper disclosed the issue Thursday along with an emergency security patch that it urged customers to use to update their systems “with the highest priority.”
The concern, U.S. officials said, is that sophisticated hackers who compromised the equipment could use their access to get into any company or government agency that used it.
One U.S. official described it as akin to “stealing a master key to get into any government building.”
The breach is believed to be the work of a foreign government, U.S. officials said, because of the sophistication involved.
Encryption backdoors have been a hot topic in the last few years—and the controversial issue got even hotter after the terrorist attacks in Paris and San Bernardino, when it dominated media headlines
On Thursday, tech giant Juniper Networks revealed in a startling announcement that it had found “unauthorized” code embedded in an operating system running on some of its firewalls.
The code, which appears to have been in multiple versions of the company’s ScreenOS software going back to at least August 2012, would have allowed attackers to take complete control of Juniper NetScreen firewalls running the affected software. It also would allow attackers, if they had ample resources and skills, to separately decrypt encrypted traffic running through the Virtual Private Network, or VPN, on the firewalls.
“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” Bob Worrall, the companies’ CIO wrote in a post. “Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.”
Juniper released patches for the software yesterday and advised customers to install them immediately, noting that firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are vulnerable.
This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire.’
Juniper Networks today has released an emergency patch that removes what it’s calling “unauthorized code” from ScreenOS that could allow attackers to decrypt VPN traffic from NetScreen devices.
Juniper has not commented on the origin of the code it found. However, Juniper’s products were singled out, among others, in the National Security Agency’s product catalog developed by its ANT division. In a December 2013 article written by Jacob Appelbaum, Judit Horchert and Christian Stocker in Der Spiegel, the NSA’s FEEDTHROUGH implant was tailored for Juniper firewalls and gave the U.S. government persistent backdoor access to these high-end networking machines. NetScreen appliances are high-end enterprise firewall and VPN products, used also by telecommunications carriers and in data centers; ScreenOS is the underlying operating system running those appliances.
- See more at: https://threatpost.com/juniper-finds-backdoor-that-decrypts-vpn-traffic/115663/#sthash.xhcVpRff.dpuf
A top-secret document revealed that UK spy agency GCHQ exploited vulnerabilities in Juniper firewalls. Dated February 2011, it also makes clear that the exploitation went on with the knowledge and apparent cooperation of the NSA. The security vulnerabilities in 13 different models of firewalls made by Juniper Networks were disclosed earlier in December and contained a backdoor disguised to look like debug code.
Juniper Networks Inc said late on Friday it would stop using a piece of security code that analysts believe was developed by the National Security Agency in order to eavesdrop through technology products.
The Silicon Valley maker of networking gear said it would ship new versions of security software in the first half of this year to replace those that rely on numbers generated by Dual Elliptic Curve technology.
The statement on a blog post came a day after the presentation at a Stanford University conference of research by a team of cryptographers who found that Juniper’s code had been changed in multiple ways during 2008 to enable eavesdropping on virtual private network sessions by customers.
Last month, Sunnyvale-based Juniper said it had found and replaced two unauthorized pieces of code that allowed “back door” access, which the researchers said had appeared in 2012 and 2014.
The 2014 back door was straightforward
The 2012 code changed a mathematical constant in Juniper’s Netscreen products that should have allowed its author to eavesdrop
Though the academic team looking at Juniper has not named a suspect in the 2008, 2012 or 2014 changes, 2008 was one year after veteran cryptographers raised questions about Dual Elliptic Curve.
We use cookies to ensure that we give you the best experience on our website. If you continue to use this site we will assume that you are happy with it.
We are a professional review site that has advertisement and can receive compensation from the companies whose products we review. We use affiliate links in the post so if you use them to buy products through those links we can get compensation at no additional cost to you.OkDecline
4 Comments
Tomi Engdahl says:
First on CNN: Newly discovered hack has U.S. fearing foreign infiltration
http://edition.cnn.com/2015/12/18/politics/juniper-networks-us-government-security-hack/
A major breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were able to spy on the encrypted communications of the U.S. government and private companies for the past three years.
The FBI is investigating the breach, which involved hackers installing a back door on computer equipment, U.S. officials told CNN. Juniper disclosed the issue Thursday along with an emergency security patch that it urged customers to use to update their systems “with the highest priority.”
The concern, U.S. officials said, is that sophisticated hackers who compromised the equipment could use their access to get into any company or government agency that used it.
One U.S. official described it as akin to “stealing a master key to get into any government building.”
The breach is believed to be the work of a foreign government, U.S. officials said, because of the sophistication involved.
Secret Code Found in Juniper’s Firewalls Shows Risk of Government Backdoors
http://www.wired.com/2015/12/juniper-networks-hidden-backdoors-show-the-risk-of-government-backdoors/
Encryption backdoors have been a hot topic in the last few years—and the controversial issue got even hotter after the terrorist attacks in Paris and San Bernardino, when it dominated media headlines
On Thursday, tech giant Juniper Networks revealed in a startling announcement that it had found “unauthorized” code embedded in an operating system running on some of its firewalls.
The code, which appears to have been in multiple versions of the company’s ScreenOS software going back to at least August 2012, would have allowed attackers to take complete control of Juniper NetScreen firewalls running the affected software. It also would allow attackers, if they had ample resources and skills, to separately decrypt encrypted traffic running through the Virtual Private Network, or VPN, on the firewalls.
“During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” Bob Worrall, the companies’ CIO wrote in a post. “Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.”
Juniper released patches for the software yesterday and advised customers to install them immediately, noting that firewalls using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are vulnerable.
This is a very good showcase for why backdoors are really something governments should not have in these types of devices because at some point it will backfire.’
Tomi Engdahl says:
Juniper Finds Backdoor that Decrypts VPN Traffic
https://threatpost.com/juniper-finds-backdoor-that-decrypts-vpn-traffic/115663/
Juniper Networks today has released an emergency patch that removes what it’s calling “unauthorized code” from ScreenOS that could allow attackers to decrypt VPN traffic from NetScreen devices.
Juniper has not commented on the origin of the code it found. However, Juniper’s products were singled out, among others, in the National Security Agency’s product catalog developed by its ANT division. In a December 2013 article written by Jacob Appelbaum, Judit Horchert and Christian Stocker in Der Spiegel, the NSA’s FEEDTHROUGH implant was tailored for Juniper firewalls and gave the U.S. government persistent backdoor access to these high-end networking machines. NetScreen appliances are high-end enterprise firewall and VPN products, used also by telecommunications carriers and in data centers; ScreenOS is the underlying operating system running those appliances.
- See more at: https://threatpost.com/juniper-finds-backdoor-that-decrypts-vpn-traffic/115663/#sthash.xhcVpRff.dpuf
Tomi Engdahl says:
A top-secret document revealed that UK spy agency GCHQ exploited vulnerabilities in Juniper firewalls. Dated February 2011, it also makes clear that the exploitation went on with the knowledge and apparent cooperation of the NSA. The security vulnerabilities in 13 different models of firewalls made by Juniper Networks were disclosed earlier in December and contained a backdoor disguised to look like debug code.
Source: http://arstechnica.co.uk/business/2015/12/europes-top-tech-news-december-2015/
More: https://theintercept.com/2015/12/23/juniper-firewalls-successfully-targeted-by-nsa-and-gchq/
Tomi Engdahl says:
Joseph Menn / Reuters:
Juniper Networks will drop code tied to National Security Agency
http://www.reuters.com/article/us-spying-juniper-idUSKBN0UN07520160109
Juniper Networks Inc said late on Friday it would stop using a piece of security code that analysts believe was developed by the National Security Agency in order to eavesdrop through technology products.
The Silicon Valley maker of networking gear said it would ship new versions of security software in the first half of this year to replace those that rely on numbers generated by Dual Elliptic Curve technology.
The statement on a blog post came a day after the presentation at a Stanford University conference of research by a team of cryptographers who found that Juniper’s code had been changed in multiple ways during 2008 to enable eavesdropping on virtual private network sessions by customers.
Last month, Sunnyvale-based Juniper said it had found and replaced two unauthorized pieces of code that allowed “back door” access, which the researchers said had appeared in 2012 and 2014.
The 2014 back door was straightforward
The 2012 code changed a mathematical constant in Juniper’s Netscreen products that should have allowed its author to eavesdrop
Though the academic team looking at Juniper has not named a suspect in the 2008, 2012 or 2014 changes, 2008 was one year after veteran cryptographers raised questions about Dual Elliptic Curve.