Security Experts:

Lawmakers Ask NSA About Its Role in Juniper Backdoor Discovered in 2015

Several U.S. lawmakers sent a letter to the National Security Agency last week in an effort to find out more about its role in the backdoor discovered in Juniper Networks products back in 2015, as well as the steps taken by the agency following the Juniper incident, and why those steps failed to prevent the recent SolarWinds hack.

In late 2015, Juniper Networks informed customers that it had discovered unauthorized code in some versions of its ScreenOS operating system, which powered the company’s firewalls. The code introduced a vulnerability that could be exploited to gain remote access to a device, and a vulnerability that could have been leveraged to decrypt VPN traffic.

The VPN issue was related to the use of Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG), a NIST-approved cryptographic algorithm that had been known to contain a backdoor introduced by the NSA. Juniper had made some changes to prevent abuse, but the malicious code enabled the backdoor. Some speculated that the intelligence agency was responsible for the unauthorized code, but Juniper believed it was likely targeted by a foreign government.

Similar to the recent SolarWinds hack, in which attackers, believed to be backed by Russia, delivered malicious updates to many of the company’s customers, the Juniper backdoor was also delivered to many government and private organizations in the United States, either via security updates or new products.

A few months ago, a group of three senators and 13 members of the U.S. House of Representatives sent a letter to Juniper, asking the company about the results of its investigation into that incident. Juniper said it added support for Dual EC DRBG at the request of a customer, but did not say who that customer was or whether the customer was a U.S. government agency. The company said none of the people involved in the decision to use the problematic cryptographic algorithm still works there.

Senators and House members have now sent a letter to the NSA in an effort to learn more about the agency’s role in the Juniper incident.

In their letter, the lawmakers noted that the Juniper backdoor may have allowed a foreign government or a different adversary to hack into the communications of many businesses and government agencies. They have asked the NSA to describe the steps it took following the disclosure of the Juniper incident to protect government agencies, and why those measures haven’t prevented the recent SolarWinds supply chain attack.

The NSA has also been instructed to share more information regarding its development and use of the algorithm, and say whether it was the customer that asked Juniper to add support for it in its products.

The lawmakers are also interested in finding out why the NSA thought it would be legal to introduce a backdoor into an algorithm approved by the U.S. government, and who it would need approval from if it wanted to introduce backdoors or other vulnerabilities into government standards.

The NSA has been given until February 26 to provide unclassified answers.

Related: Backdoors Not Patched in Many Juniper Firewalls

Related: Cisco Reviewing Code After Juniper Backdoor Hack

Related: Juniper Firewall Backdoor Password Found in 6 Hours

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.