Have the Chinese/Russians had backdoor access to Juniper kit for the past three years?

Martyn Warwick
By Martyn Warwick

Dec 22, 2015

© Flickr/cc-licence/YuriSamoilov

© Flickr/cc-licence/YuriSamoilov

  • US Federal authorities investigate hacking of Juniper firewalls
  • "Unauthorised code" discovered
  • Allows take-over of computers, networks, routers and decryption of VPN traffic
  • FBI says hacking "most likely" done by "nation-state attackers"

The Christmas holidays might be almost upon us but celebrations at the HQ of Juniper Networks in Sunnyvale, California will be muted this year in light of the revelation that both the US Federal Bureau of Investigation (FBI) and the Department of Homeland Security (DHS) are looking into the discovery of unauthorised code lurking in the company's commercially available firewall software. The secretly-embedded code permits hackers to hijack computing resources and equipment as well as decrypt traffic on virtual private networks.

It is claimed that Juniper staff themselves stumbled across a secret software backdoor that had been in place for at least three years. The company later issued customers – existing and potential – with this warning: "During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections. Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS." A Juniper spokesperson added, [The hacking] "allows unauthorised remote administrative access to a device. Exploitation of this vulnerability can lead to complete compromise of the affected system.”

Basically the (so-far) unidentified hackers have the ability to gain administrative access to systems, decrypt traffic, otherwise interfere with operating systems and devices, go about their nefarious work and then exit the systems and sneak out the backdoor without leaving any trace of ever having been there in the first place. It's a nightmare scenario that will worry Juniper's many customers and could have a profound effect on the company itself. Fortunately the company "reached out to affected customers, strongly recommending that they update their systems." Yeah, thanks for that.

Bolting the stable door when the dark horse is long back home in Beijing, or Moscow, or Pyong Yang or Raqqa, or, well, take your pick

In its advertising, marcoms and PR, Juniper claims that its "best in class" and "trusted" security products are so good and so robust that they are more than fully up to the strengths and standards "required by the US intelligence services" and are installed across government agencies including the Department of Defense, the US Treasury Department and even in the FBI and the DHS. No wonder Juniper equipment has been such an attractive target for highly organised and sophisticated attackers widely suspected to be Chinese or Russian state agencies.

Juniper says it doesn't know "exactly" when its software was hacked but is certainly more than three years ago. The company advises that its customers either to change or update passwords and conduct their own investigations into their own networks. Like the man said, "No shit, Sherlock?"

Back in October it was revealed that Juniper plans to go private after multiple quarters of poor performance and that the investment bank Goldman Sachs has been retained to oversee the process. However Juniper will be decidedly less attractive to potential investors after the revelations and the scandal is unlikely to die down quickly and be forgotten as 2016 dawns - not least because the government agencies themselves say Juniper kit is so widely dispersed amongst their networks it could take several months to determine exactly how much damage has been done. After all, intrusions will be very difficult to detect without deep forensic inspection of millions of lines of code.

Originally Juniper, which has a market capitalisation of $11 billion, was hoping to go private at $32 a share, which would have valued the company at some $12.5 billion. However, such an outcome seems highly unlikely. When the New York Stock Exchange closed last night, Juniper Networks shares were trading at $27.25.

Mind you, it's an ill wind that blows no-one any good and Cisco will be rubbing its hands with glee over its unexpected Christmasbox.

And for those of you who like your comms news laced with a bit of Old Testament blood and thunder, how about this from Kings 19:4? "But he himself went a day's journey into the wilderness, and came and sat down under a juniper tree: and he requested for himself that he might die."

I wonder who that might apply to?

Email Newsletters

Sign up to receive TelecomTV's top news and videos, plus exclusive subscriber-only content direct to your inbox.