Juniper hacked: “Unauthorized code” found in ScreenOS

[roo_ster]

http://siliconangle.com/blog/2015/12/17/juniper-hacked-unauthorized-code-found-in-screenos/

More Background
http://forums.juniper.net/t5/Security-Incident-Response/Important-Announcement-about-ScreenOS/ba-p/285554
https://en.wikipedia.org/wiki/Juniper_Networks#2008.E2.80.93present
https://en.wikipedia.org/wiki/Core_router#Current_core_router_manufacturers
http://www.bradreese.com/blog/12-10-2014.htm

Networking giant Juniper Networks Inc. has made the somewhat embarrassing admission that it’s found “spying” code implanted into certain versions of ScreenOS, the operating system for its NetScreen firewall and VPN products.

The admission is an alarming one mainly because it smacks of some kind of state-sponsored spying initiative, and because the code has been present for at least three years...

The malicious code “could allow a knowledgeable attacker to gain administrative access to NetScreen devices and to decrypt VPN connections,” wrote Bob Worrall, Juniper’s chief information officer, in a blog post following the advisory...

Worrall refused to speculate on where the malicious code might have originated from. However, The Register surmises that it’s either due to an internal error that left rejected code in the production release of ScreenOS, or, more likely, due to parties unknown surreptitiously inserting the code so they can spy on Juniper’s customers...

...it’s bad news for Juniper, whose customers have potentially been spied upon for years without their knowledge.

Interestingly, the compromise of Juniper’s software by malicious code inserted explicitly for spying purposes echoes the tactics described by whistleblower Edward Snowden in documents leaked to the press in 2013.

Germany’s Der Spiegal revealed a fifty page catalog of hardware and software tools the NSA was using to infiltrate networking equipment back in December 2013. In that report, one of the tools was said to be specific to Juniper’s NetScreen products. The article spoke of a technique called “FEEDTROUGH” the NSA uses to insert two kinds of software implants inside NetScreen firewalls, which remain even if the device is rebooted or upgraded.

Why should we care?

Because Juniper has 7% of the network security market as a whole and a sizable chunk of the core router market.

A core router is a router designed to operate in the Internet backbone, or core. To fulfill this role, a router must be able to support multiple telecommunications interfaces of the highest speed in use in the core Internet and must be able to forward IP packets at full speed on all of them...

Given how the net works, it is likely that any particular connection passed through a Juniper router somewhere along the line.

NSA, H1B worker with Red Chinese sympathies, who knows.  I think both are a threat to the liberty of the American nation.

[zahc]

I think given the state of things that one should assume private communication across computer networks is impossible. The only way to communicate privately via computer is to encrypt your message with strong encryption in meatspace, so that it's encrypted before it even gets typed into a computer. One-time pads work for short text messages, with the typical problem of exchanging pads. I would be interested to hear of any implementations of stream ciphers, public key schemes, or  D-H key exchanges that are feasible to perform on paper.

https://github.com/Fasrad/otpgen?files=1