A major breach of the Juniper Networks computer system has officials in the US anxious that the hackers are working for a foreign government that has been able to spy on encrypted communications of the government as well as private companies for the last three years.
Advertisement
The sophistication of the breach is leading officials to believe it to be the work of a foreign government, but it is not believed USA spy agencies were involved.
Juniper, a U.S. government subcontractor has sent out an emergency patch to all their customers “with the highest priority”.
CNN reported that USA officials are concerned because hackers who took advantage of the flaw could access the network of companies or government agencies that used the Juniper product. That news comes from CNN, which said that a United States government official described the vulnerability as “stealing a master key to get into any government building”. The U.S. officials said they are certain U.S. spy agencies themselves aren’t behind the back door.
Russian Federation and China are amongst the governments suspected of carrying out the hack though USA officials cautioned this investigation is far from reaching its final conclusions.
The Juniper Networks equipment is widely used, and a senior administration official said the Department of Homeland Security is in close touch with the company. “The administration remains committed to enhancing our national cybersecurity by raising our cyber defenses, disrupting adversary activity, and effectively responding to incidents when they occur”. If someone knew about them, they’d not only be able to decrpyt VPN traffic on a particular network, but they could also scrub any log entry that would otherwise note the unauthorized access. It may take the Federal Bureau of Investigation a while to determine what, if any, damage was done due to the high frequency of the systems’ use.
According to a Juniper Networks spokeswoman’s statement, “Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices”.
Juniper said it had found a second security issue that would allow an attacker monitoring VPN traffic – that is, communication made over a secured network – to decrypt the traffic.
Advertisement
As the work to alter the source code was sophisticated, the system had been compromised for three years before the problem was uncovered in a routine review.
