Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Lawmakers Ask NSA About Its Role in Juniper Backdoor Discovered in 2015

Several U.S. lawmakers sent a letter to the National Security Agency last week in an effort to find out more about its role in the backdoor discovered in Juniper Networks products back in 2015, as well as the steps taken by the agency following the Juniper incident, and why those steps failed to prevent the recent SolarWinds hack.

Several U.S. lawmakers sent a letter to the National Security Agency last week in an effort to find out more about its role in the backdoor discovered in Juniper Networks products back in 2015, as well as the steps taken by the agency following the Juniper incident, and why those steps failed to prevent the recent SolarWinds hack.

In late 2015, Juniper Networks informed customers that it had discovered unauthorized code in some versions of its ScreenOS operating system, which powered the company’s firewalls. The code introduced a vulnerability that could be exploited to gain remote access to a device, and a vulnerability that could have been leveraged to decrypt VPN traffic.

The VPN issue was related to the use of Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG), a NIST-approved cryptographic algorithm that had been known to contain a backdoor introduced by the NSA. Juniper had made some changes to prevent abuse, but the malicious code enabled the backdoor. Some speculated that the intelligence agency was responsible for the unauthorized code, but Juniper believed it was likely targeted by a foreign government.

Similar to the recent SolarWinds hack, in which attackers, believed to be backed by Russia, delivered malicious updates to many of the company’s customers, the Juniper backdoor was also delivered to many government and private organizations in the United States, either via security updates or new products.

A few months ago, a group of three senators and 13 members of the U.S. House of Representatives sent a letter to Juniper, asking the company about the results of its investigation into that incident. Juniper said it added support for Dual EC DRBG at the request of a customer, but did not say who that customer was or whether the customer was a U.S. government agency. The company said none of the people involved in the decision to use the problematic cryptographic algorithm still works there.

Senators and House members have now sent a letter to the NSA in an effort to learn more about the agency’s role in the Juniper incident.

In their letter, the lawmakers noted that the Juniper backdoor may have allowed a foreign government or a different adversary to hack into the communications of many businesses and government agencies. They have asked the NSA to describe the steps it took following the disclosure of the Juniper incident to protect government agencies, and why those measures haven’t prevented the recent SolarWinds supply chain attack.

The NSA has also been instructed to share more information regarding its development and use of the algorithm, and say whether it was the customer that asked Juniper to add support for it in its products.

The lawmakers are also interested in finding out why the NSA thought it would be legal to introduce a backdoor into an algorithm approved by the U.S. government, and who it would need approval from if it wanted to introduce backdoors or other vulnerabilities into government standards.

The NSA has been given until February 26 to provide unclassified answers.

Related: Backdoors Not Patched in Many Juniper Firewalls

Related: Cisco Reviewing Code After Juniper Backdoor Hack

Related: Juniper Firewall Backdoor Password Found in 6 Hours

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Mobile & Wireless

Technical details published for an Arm Mali GPU flaw leading to arbitrary kernel code execution and root on Pixel 6.

Mobile & Wireless

Apple rolled out iOS 16.3 and macOS Ventura 13.2 to cover serious security vulnerabilities.

Cloud Security

VMware vRealize Log Insight vulnerability allows an unauthenticated attacker to take full control of a target system.

Mobile & Wireless

Apple’s iOS 12.5.7 update patches CVE-2022-42856, an actively exploited vulnerability, in old iPhones and iPads.

Vulnerabilities

Security researchers have observed an uptick in attacks targeting CVE-2021-35394, an RCE vulnerability in Realtek Jungle SDK.

Mobile & Wireless

Two vulnerabilities in Samsung’s Galaxy Store that could be exploited to install applications or execute JavaScript code by launching a web page.