Previous Story
FBI probes breach at Juniper Networks
Posted On Dec 20 2015
Comment: Off
Towards that end, security experts have warned that the “backdoor entry” resulting from the insertion of “unauthorized” code in Juniper’s VPN software could have enabled a foreign government to snoop on the U.S. government’s communications.
The FBI is investigating the breach, which involved hackers installing a back door on computer equipment, USA officials told CNN.
Both groups have been vulnerable to large-scale hacks over the past year, and the Obama administration has expressed increased concern that foreign governments are involved in some of the attacks.
Juniper, a USA government subcontractor has sent out an emergency patch to all their customers “with the highest priority”.
It’s not known if any classified government material was affected.
Juniper provides network systems such as routers and encryption software, to major companies and the various government agencies.
On Thursday, Sunnyvale, Calif.-based Juniper said it found unauthorized code had been inserted into its ScreenOS software, which runs its firewalls.
A senior administration official told CNN, “We are aware of the vulnerabilities recently announced by Juniper”.
Looking at what hackers did when they entered into the system Juniper said they can write “unauthorized code” which could allow them administrative access to monitor all the encrypted traffic.
Juniper Networks makes communications equipment and software for large customers, including the US government. On its website, the company boasts of providing networks that “US intelligence agencies require”.
USA officials are concerned that sophisticated hackers who were able to compromise this equipment could use this access to get into any business and or government agency that was using it. “There is no way to detect that this vulnerability was exploited”, according to the Juniper security alert.
The company said in its alert that it was not aware that there was any malicious exploitation of the vulnerabilities, but still, attackers could remove security logs that show a breach, leaving no way to determine if it had happened. The system was compromised for three years before Juniper uncovered it in a routine review in recent weeks.
