& cplSiteName &

British Spy Agency & NSA Tied to Juniper Vulnerabilities – Reports

Mitch Wagner

The British spy agency GCHQ, with help from the NSA, learned to covertly exploit vulnerabilities in 13 models of Juniper firewalls, according to a top-secret 2011 document, as reported by The Intercept.

"The six-page document, titled 'Assessment of Intelligence Opportunity – Juniper,' raises questions about whether the intelligence agencies were responsible for or culpable in the creation of security holes disclosed by Juniper Networks Inc. (NYSE: JNPR) last week," according to The Intercept. "While it does not establish a certain link between GCHQ, NSA, and the Juniper hacks, it does make clear that, like the unidentified parties behind those hacks, the agencies found ways to penetrate the 'NetScreen' line of security products..." (See Juniper Warns of 'Unauthorized Code' on Its Firewalls.)

The document, provided by NSA whistleblower Edward Snowden, refers to Juniper as a " 'threat' and a 'target' because it provides technology to protect data from eavesdropping," The Intercept says. "Far from suggesting that security agencies should help U.S. and U.K. companies mend their digital defenses, it says the agencies must 'keep up with Juniper technology' in the pursuit of SIGINT, or signals intelligence."

The 2011 capabilities against Juniper are likely not connected to vulnerabilities disclosed last week, Matt Blaze, a cryptographic researcher and director of the Distributed Systems Lab at the University of Pennsylvania, tells The Intercept.

Want to know more about security? Visit Light Reading's security content channel.

And yet the NSA might be indirectly responsible for the recently disclosed vulnerability, according to a report on Wired. The culprits may have modified a backdoor previously created by the NSA.

The incident underscores the problems with recent US and UK government proposals to require that encryption technology contain backdoors that can be used by government and law enforcement, according to the blog Techdirt.

"Putting backdoors into technology is a bad idea," says Techdirt. "Security experts and technologists keep saying this over and over and over and over again -- and politicians and law enforcement still don't seem to get it. And, you can pretty much bet that even though they now have a very real-world example of it -- in a way that's impacting their own computer systems -- they'll continue to ignore it. Instead, watch as they blame the Chinese and the Russians and still pretend that somehow, when they mandate backdoors, those backdoors won't get exploited by those very same Chinese and Russian hackers they're now claiming were crafty enough to slip code directly into Juniper's source code without anyone noticing."

Related posts:

— Mitch Wagner, Circle me on Google+ Follow me on TwitterVisit my LinkedIn profileFollow me on Facebook, West Coast Bureau Chief, Light Reading. Got a tip about SDN or NFV? Send it to [email protected]

(5)  | 
Comment  | 
Print  | 
Related Stories
Newest First  |  Oldest First  |  Threaded View        ADD A COMMENT
1/4/2016 | 9:24:44 AM
Re: Backdoors...
And every indication is we're headed toward MORE backdoors, since both leading political candidates full support them as a "solution" to the "problem" of encryption, not realizing encryption benefits us all.
12/28/2015 | 9:12:24 PM
Re: Backdoors...
I agree this is making everything less secure.

People are certainly concerned about their privacy in light of this, and they well should be. There aren't many protections from backdoors right now. Someday maybe there will be, but I am not too hopeful. 
12/27/2015 | 12:00:19 PM
How many times exactly do security professionals have to remind government that backdoors are a bad idea? They wind up making EVERYBODY less secure. How many companies were at risk this last month after this backdoor was revealed (and, from what I understand, not initially properly patched by Juniper?) 
Joe Stanganelli
Joe Stanganelli
12/25/2015 | 11:22:07 AM
Government made its bed...
Stuff like this is exactly why companies like Apple work on rolling out end-to-end encryption that keeps even the company itself from discovering and releasing information even if it wanted to.
12/23/2015 | 6:12:38 PM
Come on
Why would they do that ;)
Featured Video
Upcoming Live Events
March 16-18, 2020, Embassy Suites, Denver, Colorado
April 20, 2020, Las Vegas Convention Center
May 18-20, 2020, Irving Convention Center, Dallas, TX
May 18, 2020, Hackberry Creek Country Club, Irving, Texas
September 15-16, 2020, The Westin Westminster, Denver
All Upcoming Live Events
Upcoming Webinars
Webinar Archive
Partner Perspectives - content from our sponsors
Challenges & Key Issues of Constructing 'MEC-Ready' 5G Bearer Networks for Carriers
By Dr. Song Jun, Senior Solution Architect, Huawei Datacom Product Line
Good Measures for 5G Service Assurance
By Tomer Ilan, Senior Director of Product Management, RADCOM
Automation Scores Against Operational Costs – The Business Benefits of Automation and Orchestration
By John Malzahn, Senior Manager, Service Provider Product Marketing, Cisco Systems
All Partner Perspectives