Researchers claim the NSA hacked Juniper’s firewall software
Security researchers are claiming that two “backdoors” inserted into Juniper Networks Inc.’s security software code may have been put there by the National Security Agency (NSA) or another government agency.
Juniper Networks went public with the troubling news that it had found “unauthorized code” in its ScreenOS operating system for firewalls last week, following an internal review. Now, Wired has posted research from Ralf-Phillipp Weinmann, founder of security consultancy Comsecuris, that the NSA or some other equally capable organization could be responsible, by introducing code that can be exploited by others.
A similar conclusion was reached by Matthew Green, a cryptography lecturer at John Hopkins University, in this blog post.
“To sum up, some hacker or group of hackers attacker noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional — you be the judge! “ he wrote.
“They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them. The end result was a period in which someone — maybe a foreign government — was able to decrypt Juniper traffic in the U.S. and around the world.”
If the researchers are correct, it’s likely that the NSA created the back door in order to monitor the traffic of Juniper’s customers without their knowledge. The code would allow them to easily decrypt encrypted data. However, it seems someone else also found out about it, and took full advantage of the vulnerability.
Juniper has already issued patches to fix the vulnerabilities and is urging its customers to upgrade.
Unfortunately for Juniper, things could get a lot worse. In most cases where a vulnerability of some sort is stumbled upon, there’s no evidence that anyone’s exploited it. But in Juniper’s case it seems the exploitable code was actually put there by a hacker (as opposed to it just being a mistake), and now details have been made public, attackers are already searching for unpatched Juniper firewalls to break down.
PC World reports that researchers from the SANS Internet Storm Center have created a “honeypot”, or a fake server that imitates a Juniper firewall. The intention was to monitor if anyone might try to attack it, and sure enough, they have detected “numerous login attempts against our ssh honeypots using the ScreenOS backdoor password.”
Juniper’s problems come as a much wider debate on the merits of inserting backdoors into software ensues. With tech firms like Apple, Google and Facebook all incorporating stronger encryption into their software and services, law enforcement agencies have been pushing back, arguing they need to be able to access people’s data and communications to prevent crime and terrorist attacks.
One of the arguments against allowing law enforcement some kind of backdoors is that third-parties would also be able to exploit it. The saying goes that you can’t build a backdoor just for the good guys, and if Juniper’s example is anything to go by, the critics have proven their point.
Image credit: Blickpixel via pixabay.com
A message from John Furrier, co-founder of SiliconANGLE:
Your vote of support is important to us and it helps us keep the content FREE.
One click below supports our mission to provide free, deep, and relevant content.
Join our community on YouTube
Join the community that includes more than 15,000 #CubeAlumni experts, including Amazon.com CEO Andy Jassy, Dell Technologies founder and CEO Michael Dell, Intel CEO Pat Gelsinger, and many more luminaries and experts.
THANK YOU