Last month, it was revealed that Juniper Networks' routers/firewalls were hacked. It was reported that a backdoor was implanted in the operating system of their routers/firewalls and that attackers could listen in on all encrypted communication. There are now fears that all confidential communications by U.S. government agencies and officials could have been compromised over the last three years.
Although Juniper says that they discovered the "backdoor" through routine auditing, evidence would seem to be contrary to that claim. In addition, Juniper reported that the attacker could wipe the security logs (this means the backdoor had root or sysadmin privileges) so that there is no sign of the breach. Juniper and others have speculated this attack was promulgated by a foreign government, maybe Russia or China.
Juniper Networks is a very large (nearly $5 billion in annual revenue) Silicon Valley-based networking gear manufacturer. Not as big as Cisco, the global leader, but large enough to have their equipment used around the world (37% of the global market). They manufacture routers, switches, and network security equipment.
Some consider Juniper a leader in secure communication technology. Their products are widely used in the U.S. and Europe, but more importantly, they are widely deployed in Pakistan, Yemen. and China, countries of particular interest to U.S. espionage agencies.
What was exposed in this hack was the VPN service. This is the virtual private network that allows people outside the network to securely connect into the internal network by authentication and encryption. If the VPN is hacked, then the traffic from those using the VPN service would be exposed to sniffing and, of course, eavesdropping.
What is puzzling about this breach is that it would require that someone, or some country, would need to have implanted this backdoor into every Juniper network router. To do so would have likely required access to the source code that was installed on each router before it was shipped or downloaded. This would imply an inside job. Someone working at Juniper with access to the operating system would have had to slip in this backdoor without being detected. That is highly unlikely.
Here's what I suspect really happened. The NSA has been asking companies for backdoors on their security protocols for years. In some cases, they have insisted that they be provided backdoors. They can be very persuasive. Some companies have complied and some have resisted.
Since the Paris attacks last month, national security officials have been insisting that they be granted backdoors on all encrypted communication. This issue even surfaced in the recent U.S. presidential debates.
(As a side note here, the encrypted email service, ProtonMail, which I highlighted in this post, was DoSed just before the Paris attacks. Were the Paris attackers using ProtonMail to communicate and the security services DDoSed them to keep anyone from using it?)
Some experts have resisted these calls for backdoors insisting that if the NSA were granted a backdoor to these communications, then these backdoors might be used by others, not just the NSA. A backdoor is a backdoor. If the NSA can use it, hackers can as well. The practice of backdoors reduces everyone's security.
In a document released by NSA whistleblower Edward Snowden, named "Assessment of Intelligence Opportunity - Juniper" the NSA and GCHQ (Britain's equivalent of NSA) revealed that they had found ways to penetrate the Juniper Netscreen product (it's a combination IDS and VPN).
I suspect that the NSA had asked or insisted that Juniper implant a backdoor for themselves to spy on everyone's encrypted communication. Juniper complied by embedding this backdoor in their operating system and giving the NSA the keys to the kingdom.
So, why did Juniper report this as a hack? Some hacker, likely a national government, found this backdoor and began to use it just like NSA was. When they discovered that others had found the backdoor, they had to close it and announce it as a hack.
What does all this mean to us? First, don't assume that a VPN is safe. Many of these VPNs use Juniper or other vulnerable equipment.
Second, as the NSA is implanting these network devices with backdoors, hackers and national espionage organizations will be looking for them. It might take days, weeks, or months of recon, but when they do, they will have total access to all the traffic across that brand of router around the world. This makes all of us less safe.
Third, if you need access to encrypted communications, start looking for these embedded backdoors on products manufactured by U.S. companies compromised by the NSA. Juniper is not the only one.
Save 20% on everything in the Null Byte shop this Cyber Monday with coupon code CMSAVE20. Apps and software in the store have even bigger savings with code CMSAVE40. And for the largest discounts, check out the online courses for 70% off with CMSAVE70. Now's the time to learn hacking and get hacking gear.