Wired reports:
Security researchers believe they have finally solved the mystery around how a sophisticated backdoor embedded in Juniper firewalls works. Juniper Networks, a tech giant that produces networking equipment used by an array of corporate and government systems, announced on Thursday that it had discovered two unauthorized backdoors in its firewalls, including one that allows the attackers to decrypt protected traffic passing through Juniper's devices.
The researchers' findings suggest that the NSA may be responsible for that backdoor, at least indirectly. Even if the NSA did not plant the backdoor in the company's source code, the spy agency may in fact be indirectly responsible for it by having created weaknesses the attackers exploited.
Evidence uncovered by Ralf-Philipp Weinmann, founder and CEO of Comsecuris, a security consultancy in Germany, suggests that the Juniper culprits repurposed an encryption backdoor previously believed to have been engineered by the NSA, and tweaked it to use for their own spying purposes. Weinmann reported his findings in an extensive post published late Monday.
Previously on SN: "Unauthorized Code" in Juniper Firewalls Decrypts Encrypted VPN Traffic.
(Score: 5, Insightful) by MrGuy on Sunday January 03 2016, @08:45AM
I'll believe that the code wasn't deliberately put there with Jupiter's knowldge AFTER they come up with a plausible explanation of how some external party managed to make sophisticated changes to their core OS surreptitiously. Not before.
You don't get benefit of the doubt from me you're not a willing NSA collaborator [wikipedia.org] who got caught just on your own say so that it must have been teh hax0rz.
(Score: 4, Interesting) by Hyperturtle on Sunday January 03 2016, @04:22PM
You realize they have to say what they are saying, right?
Your cynical view is not misguided, but they cannot expect to stay in business while claiming what we expect to be true.