Thursday, March 4, 2021
  • Setup menu at Appearance » Menus and assign menu to Top Bar Navigation
Advertisement
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News
No Result
View All Result
NikolaNews
No Result
View All Result
Home Internet Security

Senators ask Juniper for the results of its 2015 NSA backdoor investigation

June 11, 2020
in Internet Security
Senators ask Juniper for the results of its 2015 NSA backdoor investigation
585
SHARES
3.3k
VIEWS
Share on FacebookShare on Twitter

Image: Juniper, ZDNet

A group of 13 US senators has sent an open letter today to networking equipment vendor Juniper Networks, asking the company to publish the results of its internal investigation into the origins of a suspected NSA backdoor mechanism discovered in its firewall products in late 2015.

“It has now been over four years since Juniper announced it was conducting an investigation, but your company has still not revealed what, if anything, it uncovered,” the senators wrote.

You might also like

Ursnif Trojan has targeted over 100 Italian banks

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

Malaysia Airlines suffers data security ‘incident’ spanning nine years

The group is seeking answers about what happened at Juniper behind closed doors and what made the company skip on publishing a public report, as it initially promised.

Their inquiry and letter come amid actions from Attorney General William Barr and other senior US government officials who’ve been seeking to pressure US technology companies to weaken their encryption and assist US government surveillance efforts.

“Juniper’s experiences can provide a valuable case study about the dangers of backdoors, as well as the apparent ease with which government backdoors can be covertly subverted by a sophisticated actor,” the senators said.

Recap of the 2015 Juniper-NSA backdoor scandal

Details about a backdoor in Juniper products first came to light in December 2015. Members of the cyber-security community discovered what looked like a change of a secret access key inside the source code of ScreenOS, an operating system running on NetScreen, Juniper’s line of firewall and VPN products.

Following public pressure, Juniper later admitted that “unauthorized code” made its way into the ScreenOS source code, and that the unauthorized code could have allowed attackers to take over devices and decrypt VPN traffic.

While Juniper initially shied away from providing any details, members of the public cyber-security community later discovered that the unauthorized code referred to the use of Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) algorithm as the random number generator (RNG) component inside ScreenOS.

Dual_EC_DRBG is a lesser-known algorithm that was developed by the US National Security Agency (NSA) in 2006 and which received almost an immediate FIPS (Federal Information Processing Standards) certification despite some security experts warning that initial audits revealed signs of a potential backdoor mechanism.

However, despite criticism, Dual_EC_DRBG remained certified until 2013, until the Edward Snowden revelations, when the US National Institute of Standards and Technology (NIST) intervened to withdraw its FIPS certification.

But investigators discovered that Juniper quietly added support for Dual_EC_DRBG in 2008, and did not publicly disclose it in any subsequent audits and promotional material.

It was only after members of the public discovered that an unknown individual changed an access key associated with the Dual_EC_DRBG algorithm that Juniper admitted to the issue and promised to investigate the unauthorized code. But the company never published any in-depth report on the matter, despite the severity of the original accusations levied against it.

Now, senators want answers. They want to know:

  • Why didn’t Juniper publicly disclose that it was using Dual_EC_DRBG, as the company usually did with all the FIPS-certified algorithms?
  • If the company was aware of the potential backdoor mechanism in Dual_EC_DRBG?
  • Who were the Juniper employees who approved the addition and subsequent changes made in relation to the Dual_EC_DRBG?
  • Who led the company’s investigation?
  • What were the results of the investigation and if a written report was put together?
  • If the report made any recommendations and if the company implemented any of them?

The senator group requested that Juniper provide answers to these questions by July 10, this year.

“The American people – and the companies and U.S. government agencies that trusted Juniper’s products with their sensitive data – still have no information about why Juniper quietly added an NSA-designed, likely-backdoored encryption algorithm, or how, years later, the keys to that probable backdoor were changed by an unknown entity, likely to the detriment of U.S. national security,” the senators said.

Credit: Zdnet

Previous Post

Everyone Thinks They’re Warren Buffett Just Before the Stock Market Bubble Pops

Next Post

COVID-19's Affect on Email Benchmarks by Industry

Related Posts

Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Microsoft account hijack vulnerability earns bug bounty hunter $50,000
Internet Security

Microsoft account hijack vulnerability earns bug bounty hunter $50,000

March 3, 2021
Malaysia Airlines suffers data security ‘incident’ spanning nine years
Internet Security

Malaysia Airlines suffers data security ‘incident’ spanning nine years

March 3, 2021
Remote work: 5 things every business needs to know
Internet Security

Remote work: 5 things every business needs to know

March 3, 2021
New app rollout helps reduce paperwork for NSW frontline child protection caseworkers
Internet Security

New app rollout helps reduce paperwork for NSW frontline child protection caseworkers

March 3, 2021
Next Post
COVID-19’s Affect on Email Benchmarks by Industry

COVID-19's Affect on Email Benchmarks by Industry

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

Plasticity in Deep Learning: Dynamic Adaptations for AI Self-Driving Cars

January 6, 2019
Microsoft, Google Use Artificial Intelligence to Fight Hackers

Microsoft, Google Use Artificial Intelligence to Fight Hackers

January 6, 2019

Categories

  • Artificial Intelligence
  • Big Data
  • Blockchain
  • Crypto News
  • Data Science
  • Digital Marketing
  • Internet Privacy
  • Internet Security
  • Learn to Code
  • Machine Learning
  • Marketing Technology
  • Neural Networks
  • Technology Companies

Don't miss it

13 challenges creating an open, scalable, and secure serverless platform – IBM Developer
Technology Companies

13 challenges creating an open, scalable, and secure serverless platform – IBM Developer

March 4, 2021
Ursnif Trojan has targeted over 100 Italian banks
Internet Security

Ursnif Trojan has targeted over 100 Italian banks

March 4, 2021
Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection
Internet Privacy

Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection

March 4, 2021
Streamlining data science with open source: Data version control and continuous machine learning
Big Data

Streamlining data science with open source: Data version control and continuous machine learning

March 4, 2021
Companion Raises $8M Seed Round to Use Machine Learning and Computer Vision to Talk to Dogs
Machine Learning

Companion Raises $8M Seed Round to Use Machine Learning and Computer Vision to Talk to Dogs

March 3, 2021
The TensorFlow Certification: get official recognition, but it’s hard! | by Keenan Moukarzel | Feb, 2021
Neural Networks

The TensorFlow Certification: get official recognition, but it’s hard! | by Keenan Moukarzel | Feb, 2021

March 3, 2021
NikolaNews

NikolaNews.com is an online News Portal which aims to share news about blockchain, AI, Big Data, and Data Privacy and more!

What’s New Here?

  • 13 challenges creating an open, scalable, and secure serverless platform – IBM Developer March 4, 2021
  • Ursnif Trojan has targeted over 100 Italian banks March 4, 2021
  • Hackers Now Hiding ObliqueRAT Payload in Images to Evade Detection March 4, 2021
  • Streamlining data science with open source: Data version control and continuous machine learning March 4, 2021

Subscribe to get more!

© 2019 NikolaNews.com - Global Tech Updates

No Result
View All Result
  • AI Development
    • Artificial Intelligence
    • Machine Learning
    • Neural Networks
    • Learn to Code
  • Data
    • Blockchain
    • Big Data
    • Data Science
  • IT Security
    • Internet Privacy
    • Internet Security
  • Marketing
    • Digital Marketing
    • Marketing Technology
  • Technology Companies
  • Crypto News

© 2019 NikolaNews.com - Global Tech Updates