Culture

The NSA May Have Spawned Backdoor That Has U.S. Government in a Panic

Many security experts are ultimately blaming the NSA for the Juniper backdoor vulnerability — and with good reason.

LPS.1 (Wikimedia Commons)

If you’re worried that you may get hacked, remember that you’re a small fish. The United States government, on the other hand: a big fish. One of the biggest fishes around. And the United States government, right now, is freaking out about a recent hack — but many hold the National Security Administration accountable.

It starts with a company called Juniper Networks in Sunnyvale, California, that makes routers, gateways, and network security appliances, and their products range across the globe. Juniper also used by the “Defense Department, Justice Department, FBI and Treasury Department,” according to CNN, and Juniper as a company likes to tout the fact that they supply security systems to these top-tier clients.

They may not be touting those ties as much in the near future. Last Thursday, Juniper’s Chief Information Officer admitted, on the company’s blog, that they had “discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections.” This is known as a backdoor, and it’s a virtual version of your worst fears — an unauthorized guest sneaking in your backdoor, creeping around, and watching you from the shadows.

The primary purpose of VPNs — virtual private networks — is to keep your internet activity private. VPNs make it really easy to download Lord of the Rings or Stankonia if you’re a small fish. Evidently, the big fish use VPNs, too, because they’ve been panicking over Juniper’s announcement. CNN quotes one anonymous government official who claims that the hack is analogous to “stealing a master key to get into any government building.” Homeland Security officials are running around in a frenzied attempt to find out how many United States government networks run on Juniper equipment.

VPNs have long been the bane of national security organizations like the NSA and the FBI. While the government is pointing fingers at Russia and China for this hack, security experts online are blaming the NSA, claiming that the hackers simply modified a loophole the NSA had itself manufactured within Juniper. And those claims seem warranted, given the following leaked NSA document:

Wikimedia Commons

Regardless, Juniper claims to have patched over the breezy backdoor, and is urging its clients to update their software to stay secure. Their tone suggests that if they don’t, things will go south fast.

“We strongly recommend that all customers update their systems and apply these patched releases with the highest priority.”