US Agencies Freak Out Over Juniper Backdoor

Uploaded on 2016-01-04 in NEWS-Cybersecurity News, INTELLIGENCE--USA, GOVERNMENT-National, FREE TO VIEW, BUSINESS-Services-IT & Telecoms

Juniper Networks has uncovered some unauthorized code in its firewall operating system, allowing knowledgeable attackers to get in and decrypt VPN traffic.

While the leading suspect still remains the NSA, it's been interesting to watch various US government agencies totally freak out over their own networks now being exposed.

The FBI is investigating the breach, which involved hackers installing a back door on computer equipment, U.S. officials told CNN. Juniper disclosed the issue Thursday along with an emergency security patch that it urged customers to use to update their systems "with the highest priority." 

The concern, US officials said, is that sophisticated hackers who compromised the equipment could use their access to get into any company or government agency that used it. 

One US official described it as akin to "stealing a master key to get into any government building." And, yes, this equipment is used all throughout the US government:

Juniper sells computer network equipment and routers to big companies and to US government clients such as the Defense Department, Justice Department, FBI and Treasury Department. On its website, the company boasts of providing networks that "US intelligence agencies require." 

Its routers and network equipment are widely used by corporations, including for secure communications. Homeland Security officials are now trying to determine how many such systems are in use for US government networks.

And, of course, US officials are insisting that it couldn't possibly be the NSA, but absolutely must be the Russians or the Chinese: The breach is believed to be the work of a foreign government, US officials said, because of the sophistication involved. The US officials said they are certain US spy agencies themselves aren't behind the back door. China and Russia are among the top suspected governments, though officials cautioned the investigation hasn't reached conclusions.

Anything's possible, but the NSA still has to be the leading suspect here, and the insistence that it's the Chinese or the Russians without more proof seems like a pretty clear attempt at keeping attention off the NSA. 

And, of course, all of this is happening at the very same time that the very same US government that is now freaking out about this is trying to force every tech company to install just this kind of backdoor. Because, as always, these technically illiterate bureaucrats still seem to think that you can create backdoors that only "good" people can use. 

But that's not how technology works. 

Indeed, now that it's been revealed that there was a backdoor in this Juniper equipment, it took one security firm all of six hours to figure out the details:

Ronald Prins, founder and CTO of Fox-IT, a Dutch security firm, said the patch released by Juniper provides hints about where the master password backdoor is located in the software. By reverse-engineering the firmware on a Juniper firewall, analysts at his company found the password in just six hours. 

“Once you know there is a backdoor there, … the patch Juniper released gives away where to look for the backdoor … which you can use to log into every Juniper device using the Screen OS software,” he told WIRED. 

“We are now capable of logging into all vulnerable firewalls in the same way as the actors who installed the backdoor.”

Putting backdoors into technology is a bad idea. Security experts and technologists keep saying this over and over and over and over again, and politicians and law enforcement still don't seem to get it. 

And, you can pretty much bet that even though they now have a very real world example of it, in a way that's impacting their own computer systems, they'll continue to ignore it. Instead, watch as they blame the Chinese and the Russians and still pretend that somehow, when they mandate backdoors, those backdoors won't get exploited by those very same Chinese and Russian hackers they're now claiming were crafty enough to slip code directly into Juniper's source code without anyone noticing.

Techdirt: http://bit.ly/1QI6rUt

 

« Criminals Identify Deceased ID as Easy Target
NSA Helped UK Spies Find Juniper's Security Holes »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Software Testing News

Software Testing News

Software Testing News provides the latest news in the industry; from the most up-to-date reports in web security to the latest testing tool that can help you perform better.

Apicrypt

Apicrypt

Apicrypt enables secure communications between health professionals by using strong encryption technologies.

CyberGuarded

CyberGuarded

CyberGuarded are an accredited vendor independent information security testing and auditing company.

Fraugster

Fraugster

Fraugster provides the most precise anti-fraud solution for e-commerce businesses.

Tech-Recycle

Tech-Recycle

Tech-Recycle was formed to help companies and individuals securely, ethically and easily recycle their IT and office equipment. We destroy all data passed to us safely and securely.

Civic Technologies

Civic Technologies

Civic’s Secure Identity Platform (SIP) uses a verified identity for multi-factor authentication on web and mobile apps without the need for usernames or passwords.

Authomize

Authomize

Authomize aggregates identities and authorization mechanisms from any applications around your hybrid environment into one unified platform so you can easily and rapidly manage and secure all users.

Darkbeam

Darkbeam

Darkbeam provides a unified solution to protect against security, brand and compliance risks across your digital infrastructure.

SnapAttack

SnapAttack

SnapAttack is a collaborative platform that empowers your security team to stay ahead of threats, create robust behavioral analytics for your existing tools, and prove your program's effectiveness.

CloudCover

CloudCover

CloudCover is a software-defined cybersecurity risk solution that provides risk awareness, risk analytics, and data security in real time.

Xceptional

Xceptional

Xceptional is a multi-award-winning technology services firm that celebrates the unique strengths of people with autism.

Artjoker

Artjoker

Artjoker is a full cycle software development partner specialized in Blockchain projects and smart contract development including full cycle information security of all projects.

CyberX9

CyberX9

CyberX9 helps you protect against a wide range of cyber attacks whether you are a business or a high-net worth individual under risk.

Pulsant

Pulsant

Pulsant is the UK’s premier digital edge infrastructure company providing next-generation cloud, colocation and connectivity services.

Sunnic

Sunnic

Sunnic is a leading provider of comprehensive digital data security technology.

TerraEagle

TerraEagle

Terraeagle is a boutique cyber security services company providing tailor-made solutions. Our core competency is in SOCaaS, MDRaaS & and Incident Response Retainer Services.