British Spy Agency & NSA Tied to Juniper Vulnerabilities – Reports

GCHQ, with help from the NSA, was able to exploit vulnerabilities in Juniper firewalls at least as far back as 2011.

Mitch Wagner, Executive Editor, Light Reading

December 23, 2015

2 Min Read
British Spy Agency & NSA Tied to Juniper Vulnerabilities – Reports

The British spy agency GCHQ, with help from the NSA, learned to covertly exploit vulnerabilities in 13 models of Juniper firewalls, according to a top-secret 2011 document, as reported by The Intercept."The six-page document, titled 'Assessment of Intelligence Opportunity – Juniper,' raises questions about whether the intelligence agencies were responsible for or culpable in the creation of security holes disclosed by Juniper Networks Inc. (NYSE: JNPR) last week," according to The Intercept. "While it does not establish a certain link between GCHQ, NSA, and the Juniper hacks, it does make clear that, like the unidentified parties behind those hacks, the agencies found ways to penetrate the 'NetScreen' line of security products..." (See Juniper Warns of 'Unauthorized Code' on Its Firewalls.)The document, provided by NSA whistleblower Edward Snowden, refers to Juniper as a " 'threat' and a 'target' because it provides technology to protect data from eavesdropping," The Intercept says. "Far from suggesting that security agencies should help U.S. and U.K. companies mend their digital defenses, it says the agencies must 'keep up with Juniper technology' in the pursuit of SIGINT, or signals intelligence."The 2011 capabilities against Juniper are likely not connected to vulnerabilities disclosed last week, Matt Blaze, a cryptographic researcher and director of the Distributed Systems Lab at the University of Pennsylvania, tells The Intercept.Want to know more about security? Visit Light Reading's security content channel.And yet the NSA might be indirectly responsible for the recently disclosed vulnerability, according to a report on Wired. The culprits may have modified a backdoor previously created by the NSA.The incident underscores the problems with recent US and UK government proposals to require that encryption technology contain backdoors that can be used by government and law enforcement, according to the blog Techdirt."Putting backdoors into technology is a bad idea," says Techdirt. "Security experts and technologists keep saying this over and over and over and over again -- and politicians and law enforcement still don't seem to get it. And, you can pretty much bet that even though they now have a very real-world example of it -- in a way that's impacting their own computer systems -- they'll continue to ignore it. Instead, watch as they blame the Chinese and the Russians and still pretend that somehow, when they mandate backdoors, those backdoors won't get exploited by those very same Chinese and Russian hackers they're now claiming were crafty enough to slip code directly into Juniper's source code without anyone noticing."Related posts:Broad Threats Require Network-Based SecurityCisco Launches Code Review Following Juniper Backdoor DisclosureFBI Investigating Juniper VPN Hack— Mitch Wagner,  , West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to [email protected].

About the Author(s)

Mitch Wagner

Executive Editor, Light Reading

San Diego-based Mitch Wagner is many things. As well as being "our guy" on the West Coast (of the US, not Scotland, or anywhere else with indifferent meteorological conditions), he's a husband (to his wife), dissatisfied Democrat, American (so he could be President some day), nonobservant Jew, and science fiction fan. Not necessarily in that order.

He's also one half of a special duo, along with Minnie, who is the co-habitor of the West Coast Bureau and Light Reading's primary chewer of sticks, though she is not the only one on the team who regularly munches on bark.

Wagner, whose previous positions include Editor-in-Chief at Internet Evolution and Executive Editor at InformationWeek, will be responsible for tracking and reporting on developments in Silicon Valley and other US West Coast hotspots of communications technology innovation.

Beats: Software-defined networking (SDN), network functions virtualization (NFV), IP networking, and colored foods (such as 'green rice').

Subscribe and receive the latest news from the industry.
Join 62,000+ members. Yes it's completely free.

You May Also Like