The source of unauthorized code that left its ScreenOS software platform vulnerable to hacking is still under investigation by Juniper Networks. The company has issued patches for the vulnerability and has found no further evidence of unauthorized code in ScreenOS, senior vice president and CIO Bob Worrall said in a Friday post on Juniper’s Security Incident Response blog.
Some security experts, citing documents revealed by former National Security Agency (NSA) contractor and whistleblower Edward Snowden, have speculated the NSA might have had a hand in the recently discovered Juniper vulnerabilities. Juniper makes routers, switches and other networking products used by Internet service providers to manage online IP and traffic routing.
On December 17, Juniper said that it had discovered the unauthorized code during an internal code review. The code “could allow a knowledgeable attacker to gain administrative access to Juniper’s NetScreen devices and to decrypt VPN connections,” Worrall said at that time.
Products Will Continue To Be Targets
In his latest update, Worrall said Juniper plans to make further changes to address the security concerns raised by the unauthorized code discovery in ScreenOS. A detailed investigation conducted with the help of “a respected security organization,” found no evidence of unauthorized code in another Juniper platform, Junos OS, he said. Worrall added that “it would be much more difficult to insert the same type of unauthorized code in Junos OS.”
Worrall said Juniper plans to replace both Dual_EC and ANSI X9.31 in ScreenOS 6.3 with “the same random number generation technology currently employed across our broad portfolio of Junos OS products.” The company intends to make those changes with a future release of ScreenOS set for the first half of this year, he added.
“Juniper Networks is keenly aware of the current and evolving threats to national and economic security around the world,” Worrall added. “As a proven leader in driving technology innovation, we are also aware that our products will continue to be a target of cyberattacks.”
He said Juniper’s recent actions demonstrate “it is our policy to fix security vulnerabilities when they are found and to notify our customers according to our Security Incident Response Team procedures.”
Security Holes ‘Put Users at Risk’
In an article published December 23 on The Intercept, Ryan Gallagher and Glenn Greenwald — who was one of the journalists to first reveal Snowden’s surveillance disclosures in 2013 — said that a February 2011 document from the GCHQ, the U.K.’s equivalent of the NSA, suggested the NSA “helped British spies find security holes in Juniper firewalls.”
While the document did not establish a clear link between the NSA, the GCHQ and the Juniper backdoor code, “it does make clear that, like the unidentified parties behind those hacks, the agencies found ways to penetrate the ‘NetScreen’ line of security products, which help companies create online firewalls and virtual private networks,” Gallagher and Greenwald said.
We reached out to Juniper, but were told by a spokesperson the company had nothing further to add since Worrall’s post was published on Friday. However, Juniper has said it has not been informed by any users that the unauthorized code had been exploited.
In a related development, the digital rights advocacy group Access Now today announced that 195 people from 42 countries had signed a letter in support of strong encryption and against actions “that would undermine digital security.”
While the letter was not drafted in direct response to the Juniper issue, Access Now policy counsel Drew Mitnick told us, “The Juniper vulnerability shows the importance of the letter. Weak encryption leads to poor security. Juniper used a standard known to have been compromised, likely for surveillance. As a result, an unknown number of users, companies, and government agencies were put at risk.”
