A bunch of US government departments and agencies – from the military to NASA – are being grilled over their use of backdoored Juniper firewalls.
The House of Representatives' Committee on Oversight and Government Reform fired off letters to top officials over the weekend, demanding to know if any of the dodgy NetScreen devices were used in federal systems.
The speculation is that there aren't many other actors other than the NSA who could have pulled this off. Speculation, of course - there's no smoking gun, as you'd expect.Juniper's ScreenOS software – the firmware that powers in its firewalls – was tampered with by mystery hackers a few years ago to introduce two vulnerabilities: one was an administrator-level backdooraccessible via Telnet or SSH using a hardcoded password, and the other allowed eavesdroppers to decrypt intercepted VPN traffic. The flaws, which were smuggled into the source code of the firmware, were discovered on December 17 by Juniper, and patches were issued three days later to correct the faults.
But everyone suspects them, which means they're incompetent: either they did this and got caught, or they didn't do this but have made everyone distrust them anyway. Way to go!