Juniper breach mystery starts to clear with new details on hackers and US role

T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360


Days before Christmas in 2015, Juniper Networks Inc. alerted users that it had been breached. In a brief statement, the company said it had discovered “unauthorized code” in one of its network security products, allowing hackers to decipher encrypted communications and gain high-level access to customers’ computer systems.

Further details were scant, but Juniper made clear the implications were serious: It urged users to download a software update “with the highest priority.”

More than five years later, the breach of Juniper’s network remains an enduring mystery in computer security, an attack on America’s software supply chain that potentially exposed highly sensitive customers including telecommunications companies and U.S. military agencies to years of spying before the company issued a patch.

Those intruders haven’t yet been publicly identified, and if there were any victims other than Juniper, they haven’t surfaced to date. But one crucial detail about the incident has long been known — uncovered by independent researchers days after Juniper’s alert in 2015 — and continues to raise questions about the methods U.S. intelligence agencies use to monitor foreign adversaries.

The Juniper product that was targeted, a popular firewall device called NetScreen, included an algorithm written by the National Security Agency. Security researchers have suggested that the algorithm contained an intentional flaw — otherwise known as a backdoor — that American spies could have used to eavesdrop on the communications of Juniper’s overseas customers. NSA declined to address allegations about the algorithm.

Juniper’s breach remains important — and the subject of continued questions from Congress — because it highlights the perils of governments inserting backdoors in technology products. 

“As government agencies and misguided politicians continue to push for backdoors into our personal devices, policymakers and the American people need a full understanding of how backdoors will be exploited by our adversaries,” Senator Ron Wyden, a Democrat from Oregon,…

Source…