The FBI is investigating Juniper's big, embarrassing security hole
Juniper
On Thursday, Juniper disclosed the problem, which affected its NetScreen firewalls. Firewalls are security devices that are supposed to help protect networks from being hacked.
Now the FBI is investigating the breach to see if it let hackers working for foreign governments spy on the US government and private companies for up to three years, CNN Reports.
Juniper sells its computer network equipment, including a variety of security products, to large corporations and the US government. It counts agencies like the Defense Department, Justice Department, FBI and Treasury Department as customers.
Apparently, government authorities have some suspicions that the hack was orchestrated by foreign government hackers, because pulling off a hack of this type was a pretty sophisticated move.
Specifically, hackers found a way to stick "unauthorized code" in the operating system that runs Juniper's firewall device. That code could allow "a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections," Juniper described in its blog warning customers.
In other words, they could potentially spy on any organization using the hacked device.
When Juniper disclosed the flaw, it didn't mention how long that "unauthorized code" could have been in there, only that it had issued an emergency patch to fix the problem.
Interestingly, way back in 2013, German publication Spiegel wrote an article alleging that the NSA had done a similar thing - put code on Juniper security products to enable the NSA to spy. This was part of the Edward Snowden NSA spying revelations.
But it was Juniper's arch rival, Cisco, who took more heat for having products that were allegedly being tampered with so various governments can spy. In 2014, a photo circulated that allegedly showed Cisco devices being intercepted and tampered with by NSA techs. After that, Cisco's Chinese sales tanked, over fears of US government spying.
Cisco's then CEO John Chambers even wrote an open letter to President Obama asking Obama to stop the NSA from hacking into Cisco's equipment.
Now it's Juniper's turn to be embarrassed.
A Juniper spokesperson referred us the public blog post as its official comment, emphasizing,"Once we identified these vulnerabilities, we launched an investigation and worked to develop and issue patched releases for the impacted devices. We also reached out to affected customers, strongly recommending that they update their systems."
- I spent $2,000 for 7 nights in a 179-square-foot room on one of the world's largest cruise ships. Take a look inside my cabin.
- One of the world's only 5-star airlines seems to be considering asking business-class passengers to bring their own cutlery
- Vodafone Idea FPO allotment – How to check allotment, GMP and more
- India fourth largest military spender globally in 2023: SIPRI report
- New study forecasts high chance of record-breaking heat and humidity in India in the coming months
- Gold plunges ₹1,450 to ₹72,200, silver prices dive by ₹2,300
- Strong domestic demand supporting India's growth: Morgan Stanley
- Global NCAP accords low safety rating to Bolero Neo, Amaze