U.S. government subcontractor Juniper Networks — a computer network company — has had a major security breach. The Federal Bureau of Investigation (FBI) is investigating the breach. It’s suspected that a foreign government may be responsible for inserting the rogue code that could enable spying.
The yet-to-be identified hackers introduced a code that creates a backdoor in systems commonly used by government employees. According to Juniper, it looks like the malicious code may have been present as early as September 2012.
“Juniper is committed to maintaining the integrity and security of our products, and wanted to make customers aware of critical patched releases we are issuing today to address vulnerabilities in devices running ScreenOS software, Juniper said in an announcement.
Watch a report by CNN on the hack:
Juniper explains: “During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen devices, and to decrypt VPN connections.
“Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.”
According to CNN, U.S. officials believe that the hackers, who were able to compromise the equipment, could gain access to any company or government agency that uses it. One official said it was comparable to “stealing a master key to get into any government building.”
Juniper’s customers include large corporations and clients of the U.S. government, such as the Treasury Department, the Justice Department, FBI, and the Defense Department, among just a few.
With the sophistication involved, U.S. authorities suspect it was orchestrated by a foreign government.
An unnamed U.S. official told CNN that they were certain U.S. spy agencies themselves were not behind the hack.
Among the suspected governments are China and Russia; however, the official did caution that the investigation has not yet reached any conclusions. It is still unknown whether or not any classified information has been affected, and it may take some time to determine as Juniper Networks equipment is so widely used within the government.
In the security announcement, Juniper wrote: “At this time, we have not received any reports of these vulnerabilities being exploited; however, we strongly recommend that customers update their systems, and apply the patched releases with the highest priority.
“All NetScreen devices using ScreenOS 6.2.0r15 through 6.2.0r18 and 6.3.0r12 through 6.3.0r20 are affected by these issues, and require patching. We strongly recommend that all customers update their systems, and apply these patched releases with the highest priority.”
On Juniper’s forum, they state that they are “committed to maintaining the integrity and security of our products. Consistent with industry best practices, this means releasing patches for products in a timely manner to maintain customer security. We believed that it was in our customers’ best interest to issue these patched releases with the highest priority.”
There is one thing we are guaranteed of, and that is hacking. This is not the first time a government has been hacked, and one thing is for sure — it won’t be the last.