It seems that not a week passes without a cybernetic attack, or some major company reporting being hacked. This time, it is Sunnyvale-based Juniper Networks who was the victim of having its firewalls tempered with, and although they remained silent about the origin of the attacks, outside sources report that the NSA might be behind the attacks on Juniper’s firewalls.
- Juniper Networks is known for producing a variety of networking software and hardware
- ScreenOS is the operating system used for all of the company’s network products
- The type of code and approach used in the attack is very similar to what Edward Snowden reported
- No statements have been made regarding the source of the attack
The networking equipment manufacturer reported yesterday that spying code was found planted in certain models of their ScreenOS, their operating system that also acts like a firewall and a VPN provider. The versions affected are 6.2.0r15-18 and 6.3.0r12-20.
Patches were immediately released in order to fix the tempered code.
Bob Warrel, the company’s chief information officer claimed that the breach was found during a recent verification of their systems, and that despite having no reported exploitation attempts, he strongly recommends upgrading to the patched versions of the OS, versions which fix the encountered vulnerabilities.
Two types of vulnerabilities were detected.
The first one would allow remote access to a device employing ScreenOS via an SSH or telnet. The log files should show a login attempt made by a different party, but a skilled hacker would be able to cover their trails pretty well.
The second vulnerability would allow the hackers to decrypt and monitor VPN traffic. The most disturbing thing about this one is that there is no way to tell if it was actually exploited.
The first affected version of the OS was released in 2012, and both the timeline and the modus operandi seem to point to what Edward Snowden declared the NSA was doing.
A German magazine published a story in 2013 detailing a large number of methods used by the NSA to infiltrate software, and to make sure the hacking attempt is both covered and hard to get rid of.
Juniper Networks was on the list of hacked companies, along with Huawei, and many others.
The total radio silence from the company regarding the source of the attacks, combined with the information provided by Edward Snowden, and the way the attacks were carried out are more than suggestive towards the NSA being the infiltrator.
Image source: Wikimedia