NSA Backdoor in Juniper Firewall Exploited by China

September 5th, 2021

Via: Bloomberg:

The Juniper product that was targeted, a popular firewall device called NetScreen, included an algorithm written by the National Security Agency. Security researchers have suggested that the algorithm contained an intentional flaw — otherwise known as a backdoor — that American spies could have used to eavesdrop on the communications of Juniper’s overseas customers. NSA declined to address allegations about the algorithm.

Juniper installed the NSA code — an algorithm with the unwieldy name Dual Elliptic Curve Deterministic Random Bit Generator — in NetScreen devices beginning in 2008 even though the company’s engineers knew there was a vulnerability that some experts considered a backdoor, according to a former senior U.S. intelligence official and three Juniper employees who were involved with or briefed about the decision.

The reason was that the Department of Defense, a major customer and NSA’s parent agency, insisted on its inclusion despite the availability of other, more trusted alternatives, according to the official and the three employees. The algorithm had just become a federal standard at NSA’s behest, alongside three similar ones that weren’t mired in controversy, and the Pentagon tied some future contracts for Juniper specifically to the use of Dual Elliptic Curve, the employees said. The request prompted concern among some Juniper engineers, but ultimately the code was added to appease a large customer, the employees said. The Department of Defense declined to discuss its relationship with Juniper.

Members of a hacking group linked to the Chinese government called APT 5 hijacked the NSA algorithm in 2012, according to two people involved with Juniper’s investigation and an internal document detailing its findings that Bloomberg reviewed. The hackers altered the algorithm so they could decipher encrypted data flowing through the virtual private network connections created by NetScreen devices. They returned in 2014 and added a separate backdoor that allowed them to directly access NetScreen products, according to the people and the document.

Leave a Reply

You must be logged in to post a comment.