Join us at TNW Conference 2022 for insights into the future of tech →

The heart of tech

This article was published on December 24, 2015

    NSA knew about Juniper backdoors and kept quiet about them

    NSA knew about Juniper backdoors and kept quiet about them
    Abhimanyu Ghoshal
    Story by

    Abhimanyu Ghoshal

    Managing Editor

    Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and Abhimanyu is TNW's Managing Editor, and is all about personal devices, Asia's tech ecosystem, as well as the intersection of technology and culture. Hit him up on Twitter, or write in: [email protected].

    Last week, network hardware manufacturer Juniper revealed that it had found unauthorized code in its system firmware that made it possible for hackers to gain administrative access to its devices. It’s possible that the firmware has been vulnerable for years.

    The Intercept has released a top secret document, shared by whistleblower Edward Snowden, which shows that the NSA was aware of vulnerabilities in Juniper products since 2011.

    It also reveals that the British intelligence agency GCHQ was able to exploit these flaws in 13 different Juniper products.

    While the document doesn’t establish a clear link between the NSA, the GCHQ and the recently disclosed vulnerability, it proves that the NSA knew about flaws in Juniper’s network gear that could be exploited to gain access to administrative capabilities and didn’t say a thing about it. Rather, it left the backdoor open for anyone, including itself, to gain easy entry.

    It’s also worth noting that the security holes mentioned in the document aren’t the same as the one Juniper says it only just learned about, as those pertained to older versions of firmware.

    The document, authored by an NSA employee who was working with GCHQ, also suggests that the UK and US intelligence agencies used their knowledge of flaws in Juniper firmware to repeatedly penetrate them for surveillance:

    “Juniper technology sharing with NSA improved dramatically during [calendar year] 2010 to exploit several target networks where GCHQ had access primacy.”

    It isn’t clear how these security flaws were introduced in Juniper’s software, and who was responsible. There’s been speculation about whether the UK, China or the NSA are to blame — but today’s revelation strongly suggests that it might have been the US.

    ➤ NSA helped British spies find security holes in Juniper firewalls [The Intercept]