Juniper Network Investigates on Unauthorized code in ScreenOS

By CIOReview | Wednesday, January 20, 2016

SUNNYVALE, CA: Juniper Networks, a developer and manufacturer of networking equipments and network security products has recently disclosed about the discovery of unauthorized code in the ScreenOS software which is used in their Netscreen products, reports Joseph Menn,REUTERS.

From an internal code review, Juniper found an unauthorized code in ScreenOS that allows a knowledgeable attacker to have administrative access to Netscreen devices and to decrypt Virtual Private Network (VPN) connections. The team found that Juniper’s code has changed in multiple ways to enable eavesdropping on a virtual private network sessions by customers. Analysts believe the code was developed by the National Security Agency and now Juniper decided to stop using the code.

The National Security Agency (NSA) provides products and services to the defense department, the intelligence community, government agencies, industry partners, and selected allies and coalition partners. NSA’s Information Assurance eliminates risk of preventing foreign adversaries from gaining access to sensitive or classified national security information. Similarly, the Signals Intelligence mission will collects, processes, and disseminates intelligence information from foreign signals for intelligence and counterintelligence purposes and to support military operations. Also NSA makes available, critical strategic and tactical information to war planners and war fighters.

Juniper notified that it will be rolling out the new versions of security software to replace those that count on numbers generated by Dual Elliptic Curve technology (ECC). ECC is an alternative mechanism to implement public-key cryptography based on the algebraic curves over finite fields. It uses smaller keys regarding security solutions.

Before, Juniper had discovered and replaced two unauthorized pieces of code that allowed “back door” access. According to Shacham, Researcher, University of California, San Diego, the 2012 code changed a mathematical constant in Juniper's Netscreen products that should have allowed its author to eavesdrop.

Similarly, a curve constant provided by NSA and required for some federal certification was exposed in documents leaked by former NSA contractor Edward Snowden as a key to the back door. For clarifications Juniper will investigate further about the incidents.