Several U.S. lawmakers sent a letter to the National Security Agency last week in an effort to find out more about its role in the backdoor discovered in Juniper Networks products back in 2015, as well as the steps taken by the agency following the Juniper incident, and why those steps failed to prevent the recent SolarWinds hack.
In late 2015, Juniper Networks informed customers that it had discovered unauthorized code in some versions of its ScreenOS operating system, which powered the company’s firewalls. The code introduced a vulnerability that could be exploited to gain remote access to a device, and a vulnerability that could have been leveraged to decrypt VPN traffic.
The VPN issue was related to the use of Dual Elliptic Curve Deterministic Random Bit Generator (Dual EC DRBG), a NIST-approved cryptographic algorithm that had been known to contain a backdoor introduced by the NSA. Juniper had made some changes to prevent abuse, but the malicious code enabled the backdoor. Some speculated that the intelligence agency was responsible for the unauthorized code, but Juniper believed it was likely targeted by a foreign government.
Similar to the recent SolarWinds hack, in which attackers, believed to be backed by Russia, delivered malicious updates to many of the company’s customers, the Juniper backdoor was also delivered to many government and private organizations in the United States, either via security updates or new products.
A few months ago, a group of three senators and 13 members of the U.S. House of Representatives sent a letter to Juniper, asking the company about the results of its investigation into that incident. Juniper said it added support for Dual EC DRBG at the request of a customer, but did not say who that customer was or whether the customer was a U.S. government agency. The company said none of the people involved in the decision to use the problematic cryptographic algorithm still works there.
Senators and House members have now sent a letter to the NSA in an effort to learn more about the agency’s role in the Juniper incident.
In their letter, the lawmakers noted that the Juniper backdoor may have allowed a foreign government or a different adversary to hack into the communications of many businesses and government agencies. They have asked the NSA to describe the steps it took following the disclosure of the Juniper incident to protect government agencies, and why those measures haven’t prevented the recent SolarWinds supply chain attack.
The NSA has also been instructed to share more information regarding its development and use of the algorithm, and say whether it was the customer that asked Juniper to add support for it in its products.
The lawmakers are also interested in finding out why the NSA thought it would be legal to introduce a backdoor into an algorithm approved by the U.S. government, and who it would need approval from if it wanted to introduce backdoors or other vulnerabilities into government standards.
The NSA has been given until February 26 to provide unclassified answers.
Related: Backdoors Not Patched in Many Juniper Firewalls
Related: Cisco Reviewing Code After Juniper Backdoor Hack
Related: Juniper Firewall Backdoor Password Found in 6 Hours

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.
More from Eduard Kovacs
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Hive Ransomware Operation Shut Down by Law Enforcement
- UK Gov Warns of Phishing Attacks Launched by Iranian, Russian Cyberspies
- Dozens of Cybersecurity Companies Announced Layoffs in Past Year
- Security Update for Chrome 109 Patches 6 Vulnerabilities
- New Open Source OT Security Tool Helps Address Impact of Upcoming Microsoft Patch
- Forward Networks Raises $50 Million in Series D Funding
Latest News
- Critical Vulnerability Impacts Over 120 Lexmark Printers
- BIND Updates Patch High-Severity, Remotely Exploitable DoS Flaws
- Industry Reactions to Hive Ransomware Takedown: Feedback Friday
- Microsoft Urges Customers to Patch Exchange Servers
- Iranian APT Leaks Data From Saudi Arabia Government Under New Persona
- US Reiterates $10 Million Reward Offer After Disruption of Hive Ransomware
- Cyberattacks Target Websites of German Airports, Admin
- US Infiltrates Big Ransomware Gang: ‘We Hacked the Hackers’
