Researchers suspect NSA as FBI probes Juniper back door vulnerability

© Jonathan Ernst
Federal officials are investigating a recent security breach over concerns that a “back door” allowed a foreign government to access US government communications. Some researchers suspect that the NSA is responsible for implementing the back door.

Juniper Networks, a Sunnyvale, California-based tech giant that produces networking equipment used in a variety of corporate and government systems, announced on Thursday that it had discovered two unauthorized back doors in its ScreenOS firewall software, including one that had allowed the attackers to decrypt protected traffic passing through Juniper’s devices.

Juniper's disclosure has prompted an investigation by the FBI into whether foreign governments were seeking to access the encrypted communications of US government employees, reported CNN. The Department of Homeland Security is working with Juniper, according to Reuters.

In addition to having large corporations as clients, Juniper sells routers and other equipment to government agencies such as the Department of Justice, the Department of Defense, the FBI, and the Department of Treasury. One US official described using a back door as akin to “stealing a master key to get into any government building,” according to CNN.

US officials said that the breach is believed to be the work of a foreign government due to the sophistication involved, and that US spy agencies are not involved with the back door. China and Russia are among the top suspected governments.

However, evidence uncovered by Ralf-Philipp Weinmann, founder and CEO of German security firm Comsecuris, suggested in a Monday blog post that those behind the Juniper breach retooled a pre-existing encryption back door believed to have been engineered by the National Security Agency, modifying and exploiting it to use for its illicit own end.

The NSA is believed to have placed a weakness in a government-endorsed encryption algorithm known as Dual_EC, a pseudorandom number generator that Juniper and many others use to encrypt traffic. However, attackers also used a vulnerability specific to Juniper in the configuration of the VPN used in some of its firewalls, according to Weinmann.

The Dual_EC weakness has been documented for at least eight years. In 2007, Microsoft employees Dan Shumow and Niels Ferguson presented an informal paper at a cryptography conference about discoveries they had made concerning the algorithm, which had just been approved by the National Institute of Standards and Technology for inclusion in a standard used to encrypt government communication. The NSA had previously championed the inclusion of Dual_EC in the standard.

This did not seem insidious until September 2013, when former NSA contractor Edward Snowden leaked Top Secret memos showing that the weaknesses in Dual_EC were intentional. The leaked documents revealed that a $250-million operation to undermine encryption in general had been underway for a decade.

READ MORE: Privacy pulverized: NSA, GCHQ can bypass online encryption, new Snowden leak reveals

“For the past decade, NSA has led an aggressive, multipronged effort to break widely used internet encryption technologies,” said a 2010 memo describing a briefing about NSA accomplishments for employees of its British counterpart GCHQ, The New York Times reported in 2013. “Cryptanalytic capabilities are now coming online. Vast amounts of encrypted Internet data which have up till now been discarded are now exploitable.”

The attacks on Juniper’s security systems come amid increased calls for back doors to allow governments to have “golden key” access to otherwise encrypted information. Security experts say that any back door to encryption is a bad idea, because a back door is by definition a vulnerability that can be exploited by attackers, even if it is only supposed to be used by authorized parties.