The FBI is investigating Juniper's big, embarrassing security hole

Juniper CEO Rami Rahim


Juniper CEO Rami Rahim

Things have gone from bad to worse over a big security hack that put "unauthorized code" inside security equipment sold by Juniper Networks.

On Thursday, Juniper disclosed the problem, which affected its NetScreen firewalls. Firewalls are security devices that are supposed to help protect networks from being hacked.Now the FBI is investigating the breach to see if it let hackers working for foreign governments spy on the US government and private companies for up to three years, CNN Reports.
Juniper sells its computer network equipment, including a variety of security products, to large corporations and the US government. It counts agencies like the Defense Department, Justice Department, FBI and Treasury Department as customers.

Apparently, government authorities have some suspicions that the hack was orchestrated by foreign government hackers, because pulling off a hack of this type was a pretty sophisticated move.

Specifically, hackers found a way to stick "unauthorized code" in the operating system that runs Juniper's firewall device. That code could allow "a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections," Juniper described in its blog warning customers.

In other words, they could potentially spy on any organization using the hacked device.

When Juniper disclosed the flaw, it didn't mention how long that "unauthorized code" could have been in there, only that it had issued an emergency patch to fix the problem.Interestingly, way back in 2013, German publication Spiegel wrote an article alleging that the NSA had done a similar thing - put code on Juniper security products to enable the NSA to spy. This was part of the Edward Snowden NSA spying revelations.

But it was Juniper's arch rival, Cisco, who took more heat for having products that were allegedly being tampered with so various governments can spy. In 2014, a photo circulated that allegedly showed Cisco devices being intercepted and tampered with by NSA techs. After that, Cisco's Chinese sales tanked, over fears of US government spying.

Cisco's then CEO John Chambers even wrote an open letter to President Obama asking Obama to stop the NSA from hacking into Cisco's equipment.

Now it's Juniper's turn to be embarrassed.

A Juniper spokesperson referred us the public blog post as its official comment, emphasizing,"Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices. We also reached out to affected customers, strongly recommending that they update their systems."