{"id":408,"date":"2016-01-02T15:19:41","date_gmt":"2016-01-02T15:19:41","guid":{"rendered":"https:\/\/www.vpn.ie\/blog\/?p=408"},"modified":"2016-01-02T15:42:13","modified_gmt":"2016-01-02T15:42:13","slug":"juniper-networks-decoding","status":"publish","type":"post","link":"https:\/\/www.vpn.ie\/blog\/juniper-networks-decoding\/","title":{"rendered":"Juniper Networks decoding private information"},"content":{"rendered":"<p>Last week a story broke about how a popular system for managing firewalls contained some unauthorised code that was capable of decrypting traffic [<a href=\"http:\/\/arstechnica.com\/security\/2015\/12\/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic\/\">here<\/a>]. The story broke the week before Christmas, so it&#8217;s likely to have gotten lost by all the shopping hype. The announcement by <strong>Juniper Networks<\/strong>\u00a0suggest that this code portion was in files released as early as 2012 [<a href=\"http:\/\/forums.juniper.net\/t5\/Security-Incident-Response\/Important-Announcement-about-ScreenOS\/ba-p\/285554\">announcement<\/a>].<\/p>\n<p>Effected versions of the software include:<\/p>\n<ul>\n<li><strong>ScreenOS<\/strong> 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20<\/li>\n<\/ul>\n<p>Juniper Networks clients include BT, Verizon, Peer1, NTT &amp; Cox Communications [<a href=\"http:\/\/spiderbook.com\/junipernetworks-customers.html\">source<\/a>]. Many of these companies\u00a0service security firms, other governmental agencies\u00a0and consulates.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter size-medium wp-image-412\" src=\"https:\/\/www.vpn.ie\/blog\/wp-content\/uploads\/mobile-security-500x333.jpg\" alt=\"mobile-security\" width=\"500\" height=\"333\" srcset=\"https:\/\/www.vpn.ie\/blog\/wp-content\/uploads\/mobile-security-500x333.jpg 500w, https:\/\/www.vpn.ie\/blog\/wp-content\/uploads\/mobile-security-768x511.jpg 768w, https:\/\/www.vpn.ie\/blog\/wp-content\/uploads\/mobile-security-700x466.jpg 700w, https:\/\/www.vpn.ie\/blog\/wp-content\/uploads\/mobile-security-332x221.jpg 332w, https:\/\/www.vpn.ie\/blog\/wp-content\/uploads\/mobile-security.jpg 1000w\" sizes=\"auto, (max-width: 500px) 100vw, 500px\" \/><\/p>\n<h2>Why is this code there?<\/h2>\n<p>It&#8217;s unclear at the moment as to how the code got in there. The rumour mill is of course spinning saying that while it&#8217;s unlikely it was someone inside the organisation, perhaps it was an external company or governmental agency.<\/p>\n<p>In 2014 a story broke from leaked documents from <em>Edward Snowden<\/em> that the NSA were intercepting Cisco routers in transit and &#8216;upgrading&#8217; them. Here\u00a0NSA employees were actively \u00a0intercepting deliveries of servers, routers, and other network gear. They stopped gear temporarily being shipped to organisations targeted for surveillance. They then installed covert firmware onto them before they were finally delivered. These backdoors then allowed the NSA to have trojan horse type access. This came under the so called\u00a0<strong>Tailored Access Operations<\/strong> (TAO).<\/p>\n<p>Here&#8217;s how they worked<\/p>\n<blockquote><p>Here\u2019s how it works: shipments of computer network devices (servers, routers, etc,) being delivered to our targets throughout the world are <strong><em>intercepted<\/em><\/strong>. Next, they are <strong><em>redirected to a secret location<\/em><\/strong> where Tailored Access Operations\/Access Operations (AO-S326) employees, with the support of the Remote Operations Center (S321), enable the <strong><em>installation of beacon implants<\/em><\/strong> directly into our targets\u2019 electronic devices. These devices are then re-packaged and placed back into transit to the original destination. All of this happens with the support of Intelligence Community partners and the technical wizards in TAO.<\/p><\/blockquote>\n<p>Back in <a href=\"http:\/\/www.spiegel.de\/international\/world\/catalog-reveals-nsa-has-back-doors-for-numerous-devices-a-940994.html\">2013 der Spiegel<\/a>\u00a0reported on\u00a0an NSA operation known as FEEDTROUGH. FEEDTROUGH\u00a0worked specifically against Juniper firewalls and gave the agency persistent backdoor access.<\/p>\n<p>So is this another conspiracy waiting to happen? What ever it is one thing we are sure of is that 2016 will contain many more interesting security briefs.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Last week a story broke about how a popular system for managing firewalls contained some unauthorised code that was capable of decrypting traffic [here]. The story broke the week before Christmas, so it&#8217;s likely to have gotten lost by all the shopping hype. The announcement by Juniper Networks\u00a0suggest that this &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-408","post","type-post","status-publish","format-standard","hentry","category-general","column","twocol"],"_links":{"self":[{"href":"https:\/\/www.vpn.ie\/blog\/wp-json\/wp\/v2\/posts\/408","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.vpn.ie\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.vpn.ie\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.vpn.ie\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.vpn.ie\/blog\/wp-json\/wp\/v2\/comments?post=408"}],"version-history":[{"count":4,"href":"https:\/\/www.vpn.ie\/blog\/wp-json\/wp\/v2\/posts\/408\/revisions"}],"predecessor-version":[{"id":414,"href":"https:\/\/www.vpn.ie\/blog\/wp-json\/wp\/v2\/posts\/408\/revisions\/414"}],"wp:attachment":[{"href":"https:\/\/www.vpn.ie\/blog\/wp-json\/wp\/v2\/media?parent=408"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.vpn.ie\/blog\/wp-json\/wp\/v2\/categories?post=408"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.vpn.ie\/blog\/wp-json\/wp\/v2\/tags?post=408"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}