FBI Investigates Alarming 2012-Era Backdoor Exploit In Juniper Networks Firewalls

Over the past couple of years, we've discovered case after case that highlights the extent the US government is willing to go to spy on whoever it can. It's an interesting juxtaposition, then, to keep learning about new revelations that show how the US government itself has been spied on, while remaining completely oblivious to it.

This past summer, it was revealed that the U.S. Office of Personnel Management agency was breached, ultimately resulting in the leaking of data on 4 million government employees. Not long after, we learned that China had managed to gain access to US security clearance information - information that's not-classified, but is still quite sensitive.

Compared to a new breach that has been discovered, though, those previous issues might now seem minor.

Juniper Firewalls

The FBI is investigating a breach involving products from Juniper Networks. The company provides both hardware and software solutions that revolve around both networking and security,specifically in the areas of intrusion detection and prevention. Juniper products are renowned enough to be used at the highest-level of US government network environments.

Attackers were able to gain access to Juniper equipment and install a back door, allowing them to fetch encrypted information. If one machine could be breached, then it seems they all could be, and that's the government's current concern. One US official has said that this is akin to, "stealing a master key to get into any government building".

Juniper has since released a patch to solve the issue, and has recommended anyone managing its products to update with the highest priority.

US officials don't believe that this was the work of US-based spy agencies, but instead are looking at Russia or China. It's important to note, though, that at the moment, there are no official accusations. Juniper also mentions that it hasn't seen malicious exploitation of these vulnerabilities up to this point. However, the company goes on to mention that anyone skilled would have removed their actions from the system's log file, effectively leaving without a trace.

Given the sensitive data that could have been accessed, this could prove a very interesting series of events to follow.