Last month, it was revealed that Juniper Networks' routers/firewalls were hacked. It was reported that a backdoor was implanted in the operating system of their routers/firewalls and that attackers could listen in on all encrypted communication. There are now fears that all confidential communications by U.S. government agencies and officials could have been compromised over the last three years.
Although Juniper says that they discovered the "backdoor" through routine auditing, evidence would seem to be contrary to that claim. In addition, Juniper reported that the attacker could wipe the security logs (this means the backdoor had root or sysadmin privileges) so that there is no sign of the breach. Juniper and others have speculated this attack was promulgated by a foreign government, maybe Russia or China.
Juniper Networks is a very large (nearly $5 billion in annual revenue) Silicon Valley-based networking gear manufacturer. Not as big as Cisco, the global leader, but large enough to have their equipment used around the world (37% of the global market). They manufacture routers, switches, and network security equipment.
Some consider Juniper a leader in secure communication technology. Their products are widely used in the U.S. and Europe, but more importantly, they are widely deployed in Pakistan, Yemen. and China, countries of particular interest to U.S. espionage agencies.
VPN
What was exposed in this hack was the VPN service. This is the virtual private network that allows people outside the network to securely connect into the internal network by authentication and encryption. If the VPN is hacked, then the traffic from those using the VPN service would be exposed to sniffing and, of course, eavesdropping.
What is puzzling about this breach is that it would require that someone, or some country, would need to have implanted this backdoor into every Juniper network router. To do so would have likely required access to the source code that was installed on each router before it was shipped or downloaded. This would imply an inside job. Someone working at Juniper with access to the operating system would have had to slip in this backdoor without being detected. That is highly unlikely.
What REALLY Happened
Here's what I suspect really happened. The NSA has been asking companies for backdoors on their security protocols for years. In some cases, they have insisted that they be provided backdoors. They can be very persuasive. Some companies have complied and some have resisted.
Since the Paris attacks last month, national security officials have been insisting that they be granted backdoors on all encrypted communication. This issue even surfaced in the recent U.S. presidential debates.
(As a side note here, the encrypted email service, ProtonMail, which I highlighted in this post, was DoSed just before the Paris attacks. Were the Paris attackers using ProtonMail to communicate and the security services DDoSed them to keep anyone from using it?)
Some experts have resisted these calls for backdoors insisting that if the NSA were granted a backdoor to these communications, then these backdoors might be used by others, not just the NSA. A backdoor is a backdoor. If the NSA can use it, hackers can as well. The practice of backdoors reduces everyone's security.
Snowden Documents Reveal NSA Had Compromised Juniper
In a document released by NSA whistleblower Edward Snowden, named "Assessment of Intelligence Opportunity - Juniper" the NSA and GCHQ (Britain's equivalent of NSA) revealed that they had found ways to penetrate the Juniper Netscreen product (it's a combination IDS and VPN).
I suspect that the NSA had asked or insisted that Juniper implant a backdoor for themselves to spy on everyone's encrypted communication. Juniper complied by embedding this backdoor in their operating system and giving the NSA the keys to the kingdom.
So, why did Juniper report this as a hack? Some hacker, likely a national government, found this backdoor and began to use it just like NSA was. When they discovered that others had found the backdoor, they had to close it and announce it as a hack.
What Does This Mean to Us?
What does all this mean to us? First, don't assume that a VPN is safe. Many of these VPNs use Juniper or other vulnerable equipment.
Second, as the NSA is implanting these network devices with backdoors, hackers and national espionage organizations will be looking for them. It might take days, weeks, or months of recon, but when they do, they will have total access to all the traffic across that brand of router around the world. This makes all of us less safe.
Third, if you need access to encrypted communications, start looking for these embedded backdoors on products manufactured by U.S. companies compromised by the NSA. Juniper is not the only one.
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
12 Comments
Wow! That is scary. The NSA really shouldn't do that. As you said it lowers security for everyone. Thanks for sharing OTW.
-Smith
Great article! Kind of scary though...
The War of Hackers begins.
Every time an article like this comes up, I feel more and more threatened by the NSA.
-Defalt
I think NSA maybe inserts some malicious codes into metasploit...who knows...
Those BASTARDS are only highlighting the fact that not only we should wary our chosen sofwware, but even our hardware is compromised! the best method to ensure safety and true anonymity is by pen testing our computer hardware as well!
Apparently this isn't the cost of just preventing another terrorist attack. They have access to almost all the data in the world. It is creepy, terrifying and maddening. But they have far too much power to care about these trivial matters.
I've heard that the future will be mechanical. So the question comes- is it a good thing?
-The Joker
Sorry Phoenix750 but i don't agree really, you are right by saying that you are anonymous by discarding all technology of any kind. But this only leaves no digital footprint of yourself, things that YOU yourself would do online. This does not apply for other instances that save your personal information on their servers (like banks, phone company's, your government, ...) I think if the right person wants to find you, he will find you! Even if you don't have a computer or a telephone! Because you use electricity, water, gas, ... and for these you have to pay bills so i think that this is not the right approach on staying truly anonymous. If you want to be anonymous you should go live in greenland or alaska or some remote place were you do everything yourself (and not call the filmcrew to make a show about it)
Just to be clear i mean no offence to you Phoenix750
What i like to do when i do some coding or other stuff i don't want out there (yet) is use a fully offline machine, no networking capabilities on it whatsoever. So its only put to the test when its fully finished
damm thanx for the info but the NSA will slip up one day everyone has so everyone will
sorry Phoenix 750 i should've chosen my words more carefully
i do have a quote for this (not only for this but it seems appropriate)
The absence of evidence is not the evidence of absence!
Great article!
I've been researching the "internet anonymity" topic and ways not to leave digital traces for the last couple of months, however I feel we're all doomed.
First there is the "who controls the Tor relays", then VPN services compromised by malicious hardware...Is there any chance to have internet anonymity at all?
Should we really discard all technology?
Security is a myth. No one is safe for any reason. Stop pretending we can obtain security.
Share Your Thoughts