SUBSCRIBE TO OUR FREE NEWSLETTER
Daily news & progressive opinion—funded by the people, not the corporations—delivered straight to your inbox.
5
#000000
#FFFFFF
5
#000000
#FFFFFF
(Photo: AP)
If a Close US Ally Backdoored Juniper, Would NSA Tell Congress?
Dec 26, 2015
You may have heard that Juniper Networks announced what amounts to a backdoor in its virtual private network products. Here's Kim Zetter's accessible intro of what security researchers have learned. And here's some technical background from Matthew Green.
As Zetter summarizes, the short story is that some used weaknesses encouraged by the NSA to backdoor the security product protecting many American businesses.
They did this by exploiting weaknesses the NSA allegedly placed in a government-approved encryption algorithm known as Dual_EC, a pseudo-random number generator that Juniper uses to encrypt traffic passing through the VPN in its NetScreen firewalls. But in addition to these inherent weaknesses, the attackers also relied on a mistake Juniper apparently made in configuring the VPN encryption scheme in its NetScreen devices, according to Weinmann and other cryptographers who examined the issue. This made it possible for the culprits to pull off their attack.
As Green describes, the key events probably happened as early as 2007 and 2012 (contrary to the presumption of surveillance hawk Stewart Baker, who is looking to scapegoat those calling for more security). This means this can't be a response to the Snowden document, which strongly suggests the NSA had pushed those weaknesses in Dual_EC.
I find that particularly interesting, because it suggests whoever did this either used public discussions about the weakness of Dual_EC, dating to 2007, to identify and exploit this weakness, or figured out what (it is presumed) the NSA was up to. That suggests two likely culprits for what has been assumed to be a state actor behind this: Israel (because it knows so much about NSA from having partnered on things like StuxNet) or Russia (which was getting records on the FiveEyes' SIGINT activities from its Canadian spy, Jeffrey Delisle). The UK would be another obvious guess, except an Intercept article describing how NSA helped UK backdoor Juniper suggests they used another method.
This leads me back to an interesting change I noted between CISA -- the bill passed by the Senate back in October -- and OmniCISA -- the version passed last week as part of the omnibus funding bill. OmniCISA still required the Intelligence Community to provide a report on the most dangerous hacking threats, especially state actors, to the Intelligence Committees. However, it eliminated a report for the Foreign Relations Committees on the same topic. I joked at the time that that was probably to protect Israel, because no one wants to admit that Israel spies and has greater ability to do so by hacking than other nation-states, especially because it surely learns our methods by partnering with us to hack Iran.
Whoever hacked Juniper, the whole incident offers a remarkable lesson in the dangers of backdoors. Even as the FBI demands a backdoor into Apple's products, it is investigating who used a prior US-sponsored backdoor to do their own spying.
On January 20th, it begins...
Political revenge. Mass deportations. Project 2025. Unfathomable corruption. Attacks on Social Security, Medicare, and Medicaid. Pardons for insurrectionists. An all-out assault on democracy. Republicans in Congress are scrambling to give Trump broad new powers to strip the tax-exempt status of any nonprofit he doesn’t like by declaring it a “terrorist-supporting organization.” Trump has already begun filing lawsuits against news outlets that criticize him. At Common Dreams, we won’t back down, but we must get ready for whatever Trump and his thugs throw at us. Our Year-End campaign is our most important fundraiser of the year. As a people-powered nonprofit news outlet, we cover issues the corporate media never will, but we can only continue with our readers’ support. By donating today, please help us fight the dangers of a second Trump presidency. |
© 2023 EmptyWheel.net
Marcy Wheeler
Marcy Wheeler is a journalist who writes the blog Emptywheel. She publishes at various outlets including the Guardian, Salon and the Progressive. Wheeler won the 2009 the Hillman Award for blog journalism.
You may have heard that Juniper Networks announced what amounts to a backdoor in its virtual private network products. Here's Kim Zetter's accessible intro of what security researchers have learned. And here's some technical background from Matthew Green.
As Zetter summarizes, the short story is that some used weaknesses encouraged by the NSA to backdoor the security product protecting many American businesses.
They did this by exploiting weaknesses the NSA allegedly placed in a government-approved encryption algorithm known as Dual_EC, a pseudo-random number generator that Juniper uses to encrypt traffic passing through the VPN in its NetScreen firewalls. But in addition to these inherent weaknesses, the attackers also relied on a mistake Juniper apparently made in configuring the VPN encryption scheme in its NetScreen devices, according to Weinmann and other cryptographers who examined the issue. This made it possible for the culprits to pull off their attack.
As Green describes, the key events probably happened as early as 2007 and 2012 (contrary to the presumption of surveillance hawk Stewart Baker, who is looking to scapegoat those calling for more security). This means this can't be a response to the Snowden document, which strongly suggests the NSA had pushed those weaknesses in Dual_EC.
I find that particularly interesting, because it suggests whoever did this either used public discussions about the weakness of Dual_EC, dating to 2007, to identify and exploit this weakness, or figured out what (it is presumed) the NSA was up to. That suggests two likely culprits for what has been assumed to be a state actor behind this: Israel (because it knows so much about NSA from having partnered on things like StuxNet) or Russia (which was getting records on the FiveEyes' SIGINT activities from its Canadian spy, Jeffrey Delisle). The UK would be another obvious guess, except an Intercept article describing how NSA helped UK backdoor Juniper suggests they used another method.
This leads me back to an interesting change I noted between CISA -- the bill passed by the Senate back in October -- and OmniCISA -- the version passed last week as part of the omnibus funding bill. OmniCISA still required the Intelligence Community to provide a report on the most dangerous hacking threats, especially state actors, to the Intelligence Committees. However, it eliminated a report for the Foreign Relations Committees on the same topic. I joked at the time that that was probably to protect Israel, because no one wants to admit that Israel spies and has greater ability to do so by hacking than other nation-states, especially because it surely learns our methods by partnering with us to hack Iran.
Whoever hacked Juniper, the whole incident offers a remarkable lesson in the dangers of backdoors. Even as the FBI demands a backdoor into Apple's products, it is investigating who used a prior US-sponsored backdoor to do their own spying.
Marcy Wheeler
Marcy Wheeler is a journalist who writes the blog Emptywheel. She publishes at various outlets including the Guardian, Salon and the Progressive. Wheeler won the 2009 the Hillman Award for blog journalism.
You may have heard that Juniper Networks announced what amounts to a backdoor in its virtual private network products. Here's Kim Zetter's accessible intro of what security researchers have learned. And here's some technical background from Matthew Green.
As Zetter summarizes, the short story is that some used weaknesses encouraged by the NSA to backdoor the security product protecting many American businesses.
They did this by exploiting weaknesses the NSA allegedly placed in a government-approved encryption algorithm known as Dual_EC, a pseudo-random number generator that Juniper uses to encrypt traffic passing through the VPN in its NetScreen firewalls. But in addition to these inherent weaknesses, the attackers also relied on a mistake Juniper apparently made in configuring the VPN encryption scheme in its NetScreen devices, according to Weinmann and other cryptographers who examined the issue. This made it possible for the culprits to pull off their attack.
As Green describes, the key events probably happened as early as 2007 and 2012 (contrary to the presumption of surveillance hawk Stewart Baker, who is looking to scapegoat those calling for more security). This means this can't be a response to the Snowden document, which strongly suggests the NSA had pushed those weaknesses in Dual_EC.
I find that particularly interesting, because it suggests whoever did this either used public discussions about the weakness of Dual_EC, dating to 2007, to identify and exploit this weakness, or figured out what (it is presumed) the NSA was up to. That suggests two likely culprits for what has been assumed to be a state actor behind this: Israel (because it knows so much about NSA from having partnered on things like StuxNet) or Russia (which was getting records on the FiveEyes' SIGINT activities from its Canadian spy, Jeffrey Delisle). The UK would be another obvious guess, except an Intercept article describing how NSA helped UK backdoor Juniper suggests they used another method.
This leads me back to an interesting change I noted between CISA -- the bill passed by the Senate back in October -- and OmniCISA -- the version passed last week as part of the omnibus funding bill. OmniCISA still required the Intelligence Community to provide a report on the most dangerous hacking threats, especially state actors, to the Intelligence Committees. However, it eliminated a report for the Foreign Relations Committees on the same topic. I joked at the time that that was probably to protect Israel, because no one wants to admit that Israel spies and has greater ability to do so by hacking than other nation-states, especially because it surely learns our methods by partnering with us to hack Iran.
Whoever hacked Juniper, the whole incident offers a remarkable lesson in the dangers of backdoors. Even as the FBI demands a backdoor into Apple's products, it is investigating who used a prior US-sponsored backdoor to do their own spying.
We've had enough. The 1% own and operate the corporate media. They are doing everything they can to defend the status quo, squash dissent and protect the wealthy and the powerful. The Common Dreams media model is different. We cover the news that matters to the 99%. Our mission? To inform. To inspire. To ignite change for the common good. How? Nonprofit. Independent. Reader-supported. Free to read. Free to republish. Free to share. With no advertising. No paywalls. No selling of your data. Thousands of small donations fund our newsroom and allow us to continue publishing. Can you chip in? We can't do it without you. Thank you.