Petronella Blog Archive

Visit our New Blog

NSA Responsible for Juniper Vulnerability?

Blog Post

Remember very recently when we reported that Juniper VPN software had a serious backdoor?  It turns out that the NSA is likely responsible.

A security consultancy in Germany, Comsecuris, says that even if the NSA didn't directly add the backdoors that leave the OS open to a hack, they are in some way culpable for creating the exploit.

In case you're not up to speed on the NSA and backdoors, here's the short version.  A backdoor is a way to access a network or machine that is built into the software of the device.  Apparently, the NSA placed an exploitable weakness in Dual_EC, a random number generator used to encrypt traffic, which is used by Juniper.  This allows the government spy agency to read traffic that goes through Juniper servers.

Unfortunately, as the argument goes against backdoors, if it's discovered, entities other than the NSA can then access and exploit the traffic going through the devices.  And while it's possible that this breach could have been the NSA or a friendly country, it's not out of the question to assume it's one of the usual suspects: Russia or China.