Juniper faces many questions after spying code planted in software

Who were the attackers and how did they get in?

The discovery of spying code nestled deeply in Juniper's networking equipment, the latest example of a major IT vendor caught up in an damaging cyberattack,  raises many questions.

Juniper said Thursday that one of its firewall operating systems had been modified to allow secret access, posing a huge threat to companies and organizations using the equipment.

Security experts wondered how the modifications could have been made years ago to some of Juniper's most sensitive source code without it knowing until recently. Companies try to vigorously protect their source code, which is an IT company's core intellectual property.

But the fact that Juniper's Chief Information Officer, Bob Worrell, came forward with the findings has been met with praise, although there is hope the company will soon provide greater detail.

A Juniper spokeswoman said Sunday the company did not have more information to share.

"I think Juniper did the right thing here," said HD Moore, chief research officer for the security firm Rapid7, via email. "I suspect that this incident will trigger internal security audits across the industry and cause Juniper to drastically change their code review process." 

Juniper's approach with customers may reflect that taken by EMC's RSA unit, wrote Alex Stamos, Facebook's chief security officer. In March 2011, RSA revealed that hackers had stolen critical information about its one-time passcode product called SecurID.

"I expect they are briefing big customers privately to control the sales damage, a la RSA after their incident," Stamos wrote.

Two major problems were found in Juniper's NetScreen OS. One was a hard-coded password that could allow any attacker with a valid username to log into one of Juniper's firewalls running its NetScreen OS using telnet or SSH.

On Sunday, Moore wrote on Rapid7's blog that his company had discovered that hard-coded password, which had been cleverly crafted to not look like a password.

Since the password is now public, it poses a great risk to organizations that have not patched their Juniper devices. Moore wrote he found 26,000 Internet-facing NetScreen devices that have SSH available using Shodan, a specialized search engine for querying Internet-connected devices.

The second vulnerability can allow VPN traffic to be monitored and decrypted. VPNs are encrypted connections between a user and another computer and are often used by companies to allow secure remote access to their systems for employees who are traveling.

There are many questions that Juniper will face in the coming days, such as how the attackers were able to infiltrate so deeply into the company's systems undetected and what it will do now to keep them out.

Matt Blaze, an associate professor of computer and information science at the University of Pennsylvania, wrote on Twitter that Juniper should "keep details coming, for the sake of the community."

"I understand the natural corporate PR instinct is to shut up about something like this, but that's not the right thing to do here," Blaze wrote.

Join the Good Gear Guide newsletter!

Error: Please check your email address.

Our Back to Business guide highlights the best products for you to boost your productivity at home, on the road, at the office, or in the classroom.

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Essentials

Lexar® JumpDrive® S57 USB 3.0 flash drive

Learn more >

Microsoft L5V-00027 Sculpt Ergonomic Keyboard Desktop

Learn more >

Mobile

Lexar® JumpDrive® S45 USB 3.0 flash drive 

Learn more >

Exec

HD Pan/Tilt Wi-Fi Camera with Night Vision NC450

Learn more >

Audio-Technica ATH-ANC70 Noise Cancelling Headphones

Learn more >

Lexar® Professional 1800x microSDHC™/microSDXC™ UHS-II cards 

Learn more >

Lexar® JumpDrive® C20c USB Type-C flash drive 

Learn more >

Budget

Back To Business Guide

Click for more ›

Most Popular Reviews

Latest News Articles

Resources

PCW Evaluation Team

Michael Hargreaves

Windows 10 for Business / Dell XPS 13

I’d happily recommend this touchscreen laptop and Windows 10 as a great way to get serious work done at a desk or on the road.

Aysha Strobbe

Windows 10 / HP Spectre x360

Ultimately, I think the Windows 10 environment is excellent for me as it caters for so many different uses. The inclusion of the Xbox app is also great for when you need some downtime too!

Mark Escubio

Windows 10 / Lenovo Yoga 910

For me, the Xbox Play Anywhere is a great new feature as it allows you to play your current Xbox games with higher resolutions and better graphics without forking out extra cash for another copy. Although available titles are still scarce, but I’m sure it will grow in time.

Kathy Cassidy

STYLISTIC Q702

First impression on unpacking the Q702 test unit was the solid feel and clean, minimalist styling.

Anthony Grifoni

STYLISTIC Q572

For work use, Microsoft Word and Excel programs pre-installed on the device are adequate for preparing short documents.

Featured Content

Latest Jobs

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?