According to security researchers, the recently discovered Juniper Networks security flaw could have been created by the NSA to spy on Juniper Network customers. Others claim it is the work of a foreign government, although the NSA is still implicated.

Juniper Networks security flaw is a backdoor allowing customers’ information to be decrypted

Juniper Networks has discovered an external third party has inserted code into its software that could be used as a backdoor, potentially allowing hackers to decrypt secure communications and spy on customers’ data.

The networking equipment manufacturer’s corporate virtual private network (VPN) software was discovered to contain rogue code that allowed a security flaw to be exploited for the past three years. The Juniper Networks security flaw could have allowed the internal secure communications of customers to be viewed by hackers. The Juniper Networks security flaw would have allowed all VPN traffic to be monitored.

Juniper Networks security flaw now patched?

According to a statement released by Juniper Networks SVP and chief information officer, Bob Worrall, “Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections.”

If a customer had communications intercepted they would likely to see a log file entry saying “system” had logged in and had a password authenticated. However, it has been proposed that an individual with the skill to insert the code and exploit the flaw would likely also be able to remove traces of a successful login attempt. Consequently, it is not possible to tell with any degree of certainty whether the Juniper Networks security flaw has actually been exploited.

That said, it would be odd for an individual or group of hackers to go to the trouble and expense of creating a sophisticated backdoor that allows secure communications to be monitored, and then not use it in the three years that it has existed.

A patch has now been released to tackle the issue and all customers have been advised to upgrade the software immediately. Whether the patch actually fixes the security flaw is debatable. Some suggest it does not tackle the vulnerability at all, and certainly does not entirely fix the problem.

Government agencies investigate: NSA implicated

The code insertion is being investigated by the FBI, Department of Homeland Security, and the White House National Security Council has also taken an interest.

Junipers’ clients include the U.S. Defense Department, FBI, Justice Department, and the U.S. Government. The sophisticated nature of the hack, together with the types of customers Juniper has, has led many to believe the code insertion is the work of foreign government-backed hackers.

However, not all security experts agree. Some believe that far from Russia, North Korea, or China being behind the hack, it could actually have come from within. Ralf-Philipp Weinmann, CEO of German security research company Comsecuris, has suggested that this could well be the work of the NSA.

He claims the Juniper Networks security flaw was a re-purposed decryption backdoor that had been inserted by the NSA more than a decade ago, albeit indirectly. The Dual_EC encryption algorithm that the NSA had lobbied to be included in encryption standards after discovering a flaw that could be exploited made the hack to be possible.

While the NSA could have inserted the code, even if it didn’t it could certainly have exploited it and used it to eavesdrop.

While the U.S. government, FBI, and others investigate and attention is focused on who may have been able to gain access to highly confidential U.S. data, it should be noted that the U.S. is not the only country that has many high profile customers using Juniper Networks ScreenOS firewalls. The firewalls are popular in Arab countries and the security flaw could have been used by the United States, Israel, UK, and others to eavesdrop on secret communications of Arab states.