US Gov't Agencies Freak Out Over Juniper Backdoor; Perhaps They'll Now Realize Why Backdoors Are A Mistake

from the wishful-thinking dept

Last week, we wrote about how Juniper Networks had uncovered some unauthorized code in its firewall operating system, allowing knowledgeable attackers to get in and decrypt VPN traffic. While the leading suspect still remains the NSA, it's been interesting to watch various US government agencies totally freak out over their own networks now being exposed:
The FBI is investigating the breach, which involved hackers installing a back door on computer equipment, U.S. officials told CNN. Juniper disclosed the issue Thursday along with an emergency security patch that it urged customers to use to update their systems "with the highest priority."

The concern, U.S. officials said, is that sophisticated hackers who compromised the equipment could use their access to get into any company or government agency that used it.

One U.S. official described it as akin to "stealing a master key to get into any government building."
And, yes, this equipment is used all throughout the US government:
Juniper sells computer network equipment and routers to big companies and to U.S. government clients such as the Defense Department, Justice Department, FBI and Treasury Department. On its website, the company boasts of providing networks that "US intelligence agencies require."

Its routers and network equipment are widely used by corporations, including for secure communications. Homeland Security officials are now trying to determine how many such systems are in use for U.S. government networks.
And, of course, US officials are insisting that it couldn't possibly be the NSA, but absolutely must be the Russians or the Chinese:
The breach is believed to be the work of a foreign government, U.S. officials said, because of the sophistication involved. The U.S. officials said they are certain U.S. spy agencies themselves aren't behind the back door. China and Russia are among the top suspected governments, though officials cautioned the investigation hasn't reached conclusions.
Yeah, sure. Anything's possible, but the NSA still has to be the leading suspect here, and the insistence that it's the Chinese or the Russians without more proof seems like a pretty clear attempt at keeping attention off the NSA.

And, of course, all of this is happening at the very same time that the very same US government that is now freaking out about this is trying to force every tech company to install just this kind of backdoor. Because, as always, these technically illiterate bureaucrats still seem to think that you can create backdoors that only "good" people can use.

But that's not how technology works.

Indeed, now that it's been revealed that there was a backdoor in this Juniper equipment, it took one security firm all of six hours to figure out the details:
Ronald Prins, founder and CTO of Fox-IT, a Dutch security firm, said the patch released by Juniper provides hints about where the master password backdoor is located in the software. By reverse-engineering the firmware on a Juniper firewall, analysts at his company found the password in just six hours.

“Once you know there is a backdoor there, … the patch [Juniper released] gives away where to look for [the backdoor] … which you can use to log into every [Juniper] device using the Screen OS software,” he told WIRED. “We are now capable of logging into all vulnerable firewalls in the same way as the actors [who installed the backdoor].”
Putting backdoors into technology is a bad idea. Security experts and technologists keep saying this over and over and over and over again -- and politicians and law enforcement still don't seem to get it. And, you can pretty much bet that even though they now have a very real world example of it -- in a way that's impacting their own computer systems -- they'll continue to ignore it. Instead, watch as they blame the Chinese and the Russians and still pretend that somehow, when they mandate backdoors, those backdoors won't get exploited by those very same Chinese and Russian hackers they're now claiming were crafty enough to slip code directly into Juniper's source code without anyone noticing.
Hide this

Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.

Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.

While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.

–The Techdirt Team

Filed Under: backdoors, china, cybersecurity, privacy, russia, security
Companies: juniper networks


Reader Comments

Subscribe: RSS

View by: Time | Thread


  1. icon
    BentFranklin (profile), 21 Dec 2015 @ 9:17am

    I just got a notice that my personal information was included in the OPM data breach. Great! They can't even keep my SSN secure, how are they going to keep their golden keys secure?

    link to this | view in thread ]

  2. identicon
    Kitiago, 21 Dec 2015 @ 9:39am

    "Perhaps They'll Now Realize Why Backdoors Are A Mistake"

    No, they won't.

    link to this | view in thread ]

  3. identicon
    JustShutUpAndObey, 21 Dec 2015 @ 9:51am

    The heart wants what the heart wants

    We want to spy on you but don't want anyone to spy on us. Why isn't this happening.

    It's like: I want her to love me but she doesn't. What's wrong with her?

    link to this | view in thread ]

  4. icon
    TruthHurts (profile), 21 Dec 2015 @ 9:53am

    One of 3 possibilities here - NSA, CIA, FBI

    Of course it's the NSA, everyone knows this.

    Truth be damned, et al.

    That's why the constitutional amendments were so clear and adamant about "Congress may pass no law" when it comes to sidestepping them.

    The founding fathers "KNEW" that generations down the line would be tempted to fuck everyone over to line their pockets and seize the reigns of power ever more tightly.

    link to this | view in thread ]

  5. identicon
    Anonymous Coward, 21 Dec 2015 @ 9:53am

    They will double down, it's all they know how to do. Ignore reality and double down. One thing is for sure. US companies cannot be trusted with your data due to the USG and the NSA.

    link to this | view in thread ]

  6. identicon
    vastrightwing, 21 Dec 2015 @ 9:57am

    I'm in shock!

    Of course it wasn't the U.S. they would never do such a thing. Juniper is wrong to point out the backdoor. Now the terrorists have won. In removing the back door, LEOS will never be able to do their jobs ever again.

    It makes me wonder about other firmware now. How many others are there? The NSA should insist on inspecting and fixing back doors other "sophisticated" countries have been able to put in. Of course since this was made public, a more sophisticated back door has since been implemented.

    If only there was a way to review code before production.

    link to this | view in thread ]

  7. identicon
    Anonymous Coward, 21 Dec 2015 @ 9:58am

    I think this article is mixing the two vulnerabilities in ScreenOS found. The first is the VPN vulnerability, it was perhaps not put in by the NSA, but due to the NSA mucking around with NIST created the issue(DUAL_EC_DBRG). Check Bruce Schneier's explaination: link.
    The second is the SSH backdoor also put in by an unknown party and this is unknown how it got into the system code. Fox-IT revealed this password by checking out the patch for it, so anyone with open SSH (never a good thing), and unpatched ScreenOS Juniper is liable to be compromised at the any level since it backdoors into shell mode. A quick Shodan search could probably cripple some companies, so it's definitely serious.

    link to this | view in thread ]

  8. identicon
    Anonymous Coward, 21 Dec 2015 @ 9:59am

    Caught in hypocrisy? Deploy the reality distortion field!

    link to this | view in thread ]

  9. identicon
    David, 21 Dec 2015 @ 9:59am

    Should be able to track it down.

    Certainly any major code like this is managed with a code repository, such as git, SourceSafe, or mercurial. We should be able to figure out where the offending code came from, or at least who was involved in it. Of course, if it's the NSA it will likely be the last we hear of it.

    link to this | view in thread ]

  10. identicon
    Anonymous Coward, 21 Dec 2015 @ 10:07am

    Sophisticated huh? That rules out simple minded Americans!

    "because of the sophistication involved. The U.S. officials said they are certain U.S. spy agencies themselves aren't behind the back door."

    Yes, yes, it was such a sophisticated attack there is no way the morons working for U.S. spy agencies could have done this!

    Has to be China or Russia, they are so much smarter than us and the only people capable of pulling off such a sophisticated attack!

    link to this | view in thread ]

  11. identicon
    Anonymous Coward, 21 Dec 2015 @ 10:08am

    They are faking it. It was revealed more than 2 years ago with the Snowden revelations.

    https://gigaom.com/2013/12/29/nsas-backdoor-catalog-exposed-targets-include-juniper-cisco-samsung-an d-huawei/

    link to this | view in thread ]

  12. icon
    DannyB (profile), 21 Dec 2015 @ 10:13am

    Mike, you just don't seem to get it

    Juniper's back door allowed both bad guys as well as good guys, such as* the NSA to get in through the back door.

    What the government wants is back doors that ONLY allow in good guys.

    * whether the NSA should be included in the group of good guys or bad guys is left as an exercise for the reader.

    link to this | view in thread ]

  13. identicon
    Anonymous Anonymous Coward, 21 Dec 2015 @ 10:20am

    Shhhhh

    Hillary Clinton says she wants her Blackberry to work over Juniper protected networks so she can discuss the details of her New Manhattan project in secret using her private email server in order to keep the important information away from the bad guys.

    link to this | view in thread ]

  14. identicon
    Michael, 21 Dec 2015 @ 10:21am

    "stealing a master key to get into any government building."

    Isn't it a good thing that nobody ever created such a key?


    The U.S. officials said they are certain U.S. spy agencies themselves aren't behind the back door

    Great way to put that statement. I'm sure the NSA isn't behind the back door - they came through it when they created it and are already inside.

    link to this | view in thread ]

  15. icon
    Brig C. McCoy (profile), 21 Dec 2015 @ 10:21am

    Just ScreenOS?

    I just finished installing a bunch of Juniper hardware, running JunOS... even though everything I've seen points to ScreenOS equipment, now I have to spend time and effort looking again at our JunOS equipment. Sigh.

    ...brig

    link to this | view in thread ]

  16. identicon
    Anonymous Coward, 21 Dec 2015 @ 10:26am

    Re:

    Another article showing that Snowden already proved this was done by the NSA:
    http://www.spiegel.de/international/world/catalog-reveals-nsa-has-back-doors-for-numerous-device s-a-940994.html

    Now we know how this was made possible:
    'Thanks to FEEDTROUGH, these implants can, by design, even survive "across reboots and software upgrades."'

    link to this | view in thread ]

  17. identicon
    Anonymous Coward, 21 Dec 2015 @ 10:29am

    Re: One of 3 possibilities here - NSA, CIA, FBI

    Well, I wouldn't say for sure it was the NSA, or the CIA or FBI for that matter. It is still possible this bad idea was the brain child of some programmer at Juniper who put it in for debugging or something, and never took it out.

    Though I would say that you can bet your ass that the NSA found it years ago and didn't tell anyone so that they could exploit it. Not all that much different from putting it in themselves I'd say.

    link to this | view in thread ]

  18. identicon
    Anonymous Coward, 21 Dec 2015 @ 10:31am

    Maybe before figuring out how to make backdoors that only good guys will use, shouldn't we figuring out how to avoid evil guys creating custom backdoors?

    Of course, that assuming that the ones we are calling "good guys" are actually "good". Or even "honest".

    link to this | view in thread ]

  19. identicon
    Stosh, 21 Dec 2015 @ 10:37am

    Without backdoors how will identity thieves and credit card scammers be able to earn a living wage?

    link to this | view in thread ]

  20. identicon
    Poe Slaw, 21 Dec 2015 @ 10:38am

    Re: Mike, you just don't seem to get it

    I don't think of it as a backdoor, I like to think of it as magic window frosting that can be dropped or lifted when the good intentions of a Government employee is weighed and proven to be lighter than, a school bus.

    Thing is, while I am not a government hack, I am an optimist, I know if the US government reflects on events like this, they will realize that weakened security for surveillance reasons is an epically stupid idea, and persist in asking for it anyway.

    link to this | view in thread ]

  21. identicon
    David, 21 Dec 2015 @ 10:42am

    Re: Mike, you just don't seem to get it

    Just do it like with electronic cat flaps: the good guys get an RFID chip that lets them in, and the rats stay out. As long as the cat does not drag a rat in with it, of course.

    Which is the basic government problem: good guys may associate with bad guys, and then both get in. And once they are in, they go everywhere.

    link to this | view in thread ]

  22. identicon
    Anon, 21 Dec 2015 @ 10:45am

    Deja Vu

    Of course it's the Chinese or Russians, just like it was North Korea not laid-off Sony employees who did the Sony data breach. Aren't these law enforcement the same clowns who pushed the blame on North Korea despite the evidence?

    link to this | view in thread ]

  23. identicon
    Anonymous Coward, 21 Dec 2015 @ 10:58am

    If anything, we need a Manhattan Project AGAINST backdoors and poor Internet security.

    link to this | view in thread ]

  24. identicon
    Michael, 21 Dec 2015 @ 11:17am

    Re:

    Get themselves re-elected.

    link to this | view in thread ]

  25. identicon
    Michael, 21 Dec 2015 @ 11:19am

    Re:

    We had that - and they created the encrypted systems these dopes are now trying to cripple.

    link to this | view in thread ]

  26. identicon
    Anonymous Hero, 21 Dec 2015 @ 11:19am

    Wait, what?

    > The breach is believed to be the work of a foreign government, U.S. officials said, because of the sophistication involved. The U.S. officials said they are certain U.S. spy agencies themselves aren't behind the back door.

    This seems to be an open admission that the USA has the least sophisticated spy agencies in the world.

    link to this | view in thread ]

  27. identicon
    Anonymous Coward, 21 Dec 2015 @ 11:40am

    Movie script

    I think I've seen this one--where the beat cops have no idea what the undercover cops are up to, and inadvertently stumble across the sting and completely screw things up.

    link to this | view in thread ]

  28. identicon
    Capt ICE Enforcer, 21 Dec 2015 @ 11:41am

    Just wait

    I hear it now, We need back doors to prevent others from installing backdoors. Or how about, maybe a peep hole is acceptable. You know look but don't touch.

    link to this | view in thread ]

  29. icon
    Oblate (profile), 21 Dec 2015 @ 11:44am

    Re: I'm in shock!

    Of course since this was made public, a more sophisticated back door has since been implemented.


    Or the update changed the built in password from FEDS!RULE! to FEDS!RULE2 and they left the actual backdoor in place.

    link to this | view in thread ]

  30. icon
    ahow628 (profile), 21 Dec 2015 @ 11:50am

    Inventory list

    I'd like to see an inventory list of which agencies have Juniper hardware/software. I imagine it might go something like this:
    FBI: 124 devices, 723 installs
    NSA: 0 devices, 0 installs
    CIA: 334 devices, 1,354 installs

    link to this | view in thread ]

  31. identicon
    Anonymous Coward, 21 Dec 2015 @ 11:50am

    Somebody kicked in Juniper's frontdoor and hacked the crap out of the US government. Where's James Comey? What's he got to say about this?

    link to this | view in thread ]

  32. identicon
    Anonymous Coward, 21 Dec 2015 @ 12:00pm

    Re:

    I just got a notice that my personal information was included in the OPM data breach. Great! They can't even keep my SSN secure, how are they going to keep their golden keys secure?

    You're lucky, they got my whole SF-86. They know more about me now than I do.

    link to this | view in thread ]

  33. identicon
    Capt ICE Enforcer, 21 Dec 2015 @ 12:04pm

    Liability

    If the NSA is responsible for the security of our nation, and the t knew about this exploit/back door. Then can the NSA be held liable for all the damage done to national security. After all, wouldn't this be grounds to get fired at least, or grounds of treason for allowing the opponent the opportunity to attack us.

    link to this | view in thread ]

  34. icon
    DannyB (profile), 21 Dec 2015 @ 12:05pm

    Re: Re: Mike, you just don't seem to get it

    Since EULAs are apparently absolutely binding, why not just have a click through agreement where you agree and certify that you will not be accessing anyone's secret data for any improper purpose. Then we could do away with encryption and the whole problem goes away.

    link to this | view in thread ]

  35. identicon
    Anonymous Coward, 21 Dec 2015 @ 12:06pm

    Magic Unicorns

    If they had been using magic unicorns to create the magic golden keys this would have never happened.

    link to this | view in thread ]

  36. identicon
    Capt ICE Enforcer, 21 Dec 2015 @ 12:06pm

    Not the NSA

    I don't think it was the NSA. They are more concerned about who calls the local pizza place and getting that Metadata instead of something sophisticated like this.

    link to this | view in thread ]

  37. identicon
    SomeGuy, 21 Dec 2015 @ 12:11pm

    Russians or Chinese - PUHleeeze

    Juniper is owned by Israelis and the Israelis have been spying on the US for decades. They've installed back doors on ALL of the equipment and software they supply to US corporations and government entities - they can easily hack into any of the telecomms and listen to phone conversations directly (just one example). Doesn't surprise me that their controlled media would try to blame someone else ... it's SOP for Israel....

    link to this | view in thread ]

  38. icon
    streetlight (profile), 21 Dec 2015 @ 12:14pm

    Re: No, they won't

    Exactly. They will build an even more difficult to find backdoor and install it if they haven't already.

    link to this | view in thread ]

  39. identicon
    Capt ICE Enforcer, 21 Dec 2015 @ 12:31pm

    Why so angry?

    Remember only good guys use back doors, so we are safe.

    link to this | view in thread ]

  40. icon
    Berenerd (profile), 21 Dec 2015 @ 12:49pm

    I think you are misunderstanding...

    The government thinks that if there is a back door, they can use it on us but not on them. Sadly noone realizes if there is a "back door" so they can access our information, then there is a back door that anyone can use to access the government's information. All those emails? Secure communications? data? military movements? All will be seen by everyone putting not only the soldiers at risk like you seem to want to blame Snowden for, but us Citizens themselves.

    link to this | view in thread ]

  41. identicon
    Anonymous Coward, 21 Dec 2015 @ 12:52pm

    Remember the fiasco with Cisco routers being stopped in route to put in spyware by the NSA? Duh. We have another company who no one on the globe will want to purchase their products for because of this 'hack'. Keep this up with the tech companies of Silicon Valley and before very much longer the US will no longer be a tech leader that others want products from.

    What a great way to improve the economy!

    link to this | view in thread ]

  42. identicon
    Anonymous Coward, 21 Dec 2015 @ 1:00pm

    Juniper executive: Thank God for CISA liability waivers!

    Whew! That was a very close call!

    If CISA hadn't passed, we might now be on the hook for our incompetence.

    link to this | view in thread ]

  43. identicon
    Anonymous Coward, 21 Dec 2015 @ 1:24pm

    Re:

    I still think this is a brilliant master plan by the government to turn the US into such a third world stink hole that no terrorist would bother attacking us. The only alternative is that the government is so arrogant, they didn't think they could ever be caught.

    link to this | view in thread ]

  44. icon
    streetlight (profile), 21 Dec 2015 @ 1:35pm

    Re: Cisco fiasco...

    Wasn't there a similar problem where purchase of Chinese made routers was highly discouraged because of potential for Chinese capture of traffic? Then again, the NSA could just as easily intercept Chinese made routers and Internet information available to two governments.

    IIRC, wasn't it recommended that purchasers of Cisco routers send a vehicle to the Cisco manufacturing facility for transport? Maybe they're made outside the US.

    link to this | view in thread ]

  45. identicon
    Anonymous Coward, 21 Dec 2015 @ 1:48pm

    China and Russia are among the top suspected governments

    China & Russia: We did what??

    link to this | view in thread ]

  46. icon
    andrew_duane (profile), 21 Dec 2015 @ 1:55pm

    Re: Just ScreenOS?

    Yes, this affects *just* ScreenOS. JUNOS is a completely different thing from a completely different code base. It is unaffected by this breach.

    And to "some_guy" at comment #38.... Israel? WTF?

    link to this | view in thread ]

  47. identicon
    Personanongrata, 21 Dec 2015 @ 2:13pm

    Incompetent Noobs

    US Gov't Agencies Freak Out Over Juniper Backdoor; Perhaps They'll Now Realize Why Backdoors Are A Mistake

    This is gross incompetence on behalf of all the US government know-nothing nitwits involved.

    How many billions of US dollars were squandered on this boondoggle?

    Will these incompetent noobs be held to account?

    Unfortunately failing spectacularly while working for the US government means failing upward so these worthless noobs will be promoted. After their promotions the noobs can then testify before congress about how they too believe in unicorns.

    link to this | view in thread ]

  48. identicon
    Anonymous Coward, 21 Dec 2015 @ 2:23pm

    Re: Re: One of 3 possibilities here - NSA, CIA, FBI

    The NSA is culpable for this, and everyone knows it without any doubt.

    link to this | view in thread ]

  49. identicon
    Median Wilfred, 21 Dec 2015 @ 2:29pm

    Re: Juniper executive: Thank God for CISA liability waivers!

    And now we get to see the REAL REASON for CISA - waiver of liability of hardware vendors. Make the ISPs be the cops for copyright, but waive any liability for "terrorism".

    link to this | view in thread ]

  50. identicon
    Nathan, 21 Dec 2015 @ 3:00pm

    Ha

    Nope... This will be an excuse to request back doors to ensure back doors dint exist. :(

    link to this | view in thread ]

  51. identicon
    Mr Big Content, 21 Dec 2015 @ 3:03pm

    This Is Not About No Backdoors!

    Such wonderful, patriotic Americans. They comprimise National Security by Wilfully Betraying NSA secret Technologies like this. Luckily they found and exposed these nefarious Spying Backdoors put in by Unauthorized Foreign Parties. Did they check with teh Government before telling every Tom Dick and Harry about this? We need more people like this Guarding our FREEDOMS. They should be LOCKED UP for threatening our National Security! They help America stay safe! They are destroying the safety of America!

    link to this | view in thread ]

  52. identicon
    Anonymous Coward, 21 Dec 2015 @ 3:34pm

    Pulling a Hillary

    The government is going to pull a Hillary, changing their story as more information becomes available.

    link to this | view in thread ]

  53. identicon
    Anonymous Coward, 21 Dec 2015 @ 3:34pm

    Roll it back to zero

    The number of days since the Government made a stupid statement about encryption technology and backdoors.

    link to this | view in thread ]

  54. identicon
    Anonymous Coward, 21 Dec 2015 @ 3:35pm

    Gov't Fraud Waste and Abuse

    Yeah, they are probably buying multiple zeros, thinking they need to use a new one everyday.

    link to this | view in thread ]

  55. identicon
    Anonymous Coward, 21 Dec 2015 @ 4:13pm

    Re:

    What a great way to improve the economy!

    Why would they want to improve the economy? That only benefits you, not them.

    link to this | view in thread ]

  56. identicon
    Anonymous Coward, 21 Dec 2015 @ 7:51pm

    they are going to continue to be hypocrites as that is how paid mouthpieces operate.

    link to this | view in thread ]

  57. identicon
    Anonymous Coward, 21 Dec 2015 @ 7:56pm

    Re: One of 3 possibilities here - NSA, CIA, FBI

    Probably because they had just fought a war against that.

    link to this | view in thread ]

  58. identicon
    Anonymous Coward, 21 Dec 2015 @ 8:00pm

    Re: Re: Mike, you just don't seem to get it

    or if a government employee goes bad and sells the info to the criminals.

    Or do you really trust your government not to abuse this to screw over law abiding citizens they just do not like for various reasons?

    link to this | view in thread ]

  59. identicon
    Tech girl, 21 Dec 2015 @ 8:54pm

    Re: Re: Just ScreenOS?

    Exactly, this affects legacy EOL firewalls that went bye bye years ago. It does not affect any newer Juniper JUNOS based products. The ScreenOS products have been out of production and EOL for 3+++ years. Also "some_guy". Do a fact check on your info. It's easy, it's called Google. juniper is a 100% owned US company on the NYSE. Your info is so wrong.

    link to this | view in thread ]

  60. icon
    Eldakka (profile), 21 Dec 2015 @ 9:45pm

    Re: Re: One of 3 possibilities here - NSA, CIA, FBI

    Based on the hard-coded password:

    <<< %s(un='%s') = %u

    Who put it in is an open question, but based on the deliberate obfuscation, it was likely intended to be a surreptitious backdoor that would make it past automated code auditing routines into production firmware.

    link to this | view in thread ]

  61. identicon
    Anonymous Coward, 22 Dec 2015 @ 4:40am

    Re: Re: Re: Just ScreenOS?

    It's easy, it's called Google. juniper is a 100% owned US company on the NYSE.

    Juniper Networks is a multinational corporation.

    Your info is so wrong.

    Ditto.

    link to this | view in thread ]

  62. icon
    DannyB (profile), 22 Dec 2015 @ 6:09am

    Re: Re: Re: Mike, you just don't seem to get it

    A magical golden key to the back door is a wonderful solution to this problem.

    The golden key only works for those with pure intentions.

    If someone in the government goes bad, the golden key no longer works for them.

    Why can't anyone understand something so simple? A magical golden key to the back door would solve all our problems. Good guys can get in. Bad guys can not. If silicon valley could bring their pixee dust, and law enforcement could bring their genuine unicorn horn powder, and they get together, surely we could solve this problem.

    link to this | view in thread ]

  63. icon
    Nageki (profile), 22 Dec 2015 @ 10:23am

    Re: Mike, you just don't seem to get it

    I don't think you get it DannyB, the whole point of the article is that what the NSA wants is what has happened here. So their claims that a "golden key" would work are ludicrous... Yes, they want a backdoor that only the "good guys" can use, but the problem is any backdoor that has a key can be gotten into by anyone with the same key. If you have one, whether you're a "good guy" or a "bad guy", you can open the lock. Also, who's to say that "good guy" is good 100% of the time? We have LoveInt for a reason... (don't know what it is? look it up!)

    link to this | view in thread ]

  64. identicon
    Anonymous Coward, 22 Dec 2015 @ 10:47am

    Damned fudge packers, always looking for a backdoor, not that there is anything wrong with that...

    link to this | view in thread ]

  65. identicon
    Anonymous Coward, 22 Dec 2015 @ 12:17pm

    Re: I'm in shock!

    nah, gotta review compilers, machine code, and hardware implementation if you wanna get REALLY tinfoil. also, advanced opponents love BIOS.

    link to this | view in thread ]

  66. icon
    That Anonymous Coward (profile), 22 Dec 2015 @ 2:59pm

    Our people, who buy 0 day exploits to abuse, would NEVER do something like this.

    The problem has to be bad guys did this because they didn't have our pure intentions anyone could access the backdoor.

    Perhaps this might put the tiniest little idea in their heads that the people who inform them of how they are supposed to vote & what to say in the media might not be fully truthful. That maybe they should look to be educated about topics they wish to rule on beyond a talking points memo attached to a "donation"... but then that old line comes to mind... money talks.

    link to this | view in thread ]

  67. identicon
    Anonymous Coward, 22 Dec 2015 @ 9:15pm

    Re: Inventory list


    I'd like to see an inventory list of which agencies have Juniper hardware/software. I imagine it might go something like this:
    FBI: 124 devices, 723 installs
    NSA: 0 devices, 0 installs
    CIA: 334 devices, 1,354 installs


    I bet they'd still use them but install their own firmware patched to remove the backdoor(s).

    link to this | view in thread ]

  68. identicon
    Anonymous Coward, 22 Dec 2015 @ 9:22pm

    Re: Russians or Chinese - PUHleeeze


    Juniper is owned by Israelis and the Israelis have been spying on the US for decades. They've installed back doors on ALL of the equipment and software they supply to US corporations and government entities - they can easily hack into any of the telecomms and listen to phone conversations directly (just one example). Doesn't surprise me that their controlled media would try to blame someone else ... it's SOP for Israel....


    Uh... Juniper was founded at Xerox PARC in the United States by an Indian-American. They're still headquartered in the US and as far as I know, their biggest stakeholders are American investment firms.

    Please follow up with information on your claim that they're owned by Israelis.

    link to this | view in thread ]

  69. icon
    Seegras (profile), 23 Dec 2015 @ 1:44am

    Re: Liability

    Absolutely. The NSA knew.

    Because the second "backdoor" (which isn't really a backdoor to the system, but to its traffic), was a NIST standard EC-PRNG, which was deliberately compromised by the NSA.

    Somebody at Juniper even changed the curve, so it was not (that?) vulnerable, but later somebody changed it back to the curve the NSA knew was vulnerable. It's impossible the NSA did not notice that.

    While it might not have been the NSA which changed it back (but it's likely it was indeed the NSA), at least it knew and put knowingly every other government agency and all people at jeopardy.

    link to this | view in thread ]

  70. identicon
    Anonymous Coward, 23 Dec 2015 @ 5:38am

    Re: Re: Liability

    While it might not have been the NSA which changed it back (but it's likely it was indeed the NSA), at least it knew and put knowingly every other government agency and all people at jeopardy.

    If you put the fox in charge of guarding the chicken house, don't be surprised if a few chickens go missing.

    link to this | view in thread ]

  71. identicon
    Anonymous Coward, 24 Dec 2015 @ 8:43am

    Not if they are paid to not grasp it.

    link to this | view in thread ]

  72. icon
    blue skies (profile), 28 Dec 2015 @ 11:24pm

    Re: Wait, what?

    Either that or they really, truly believe the NSA people "on their blue eyes" ans my native language puts it. Which opens a whole other can of worms like chain of possibilities.

    link to this | view in thread ]


Follow Techdirt
Essential Reading
Techdirt Deals
Report this ad  |  Hide Techdirt ads
Techdirt Insider Discord

The latest chatter on the Techdirt Insider Discord channel...

Loading...
Recent Stories

This site, like most other sites on the web, uses cookies. For more information, see our privacy policy. Got it
Close

Email This

This feature is only available to registered users. Register or sign in to use it.