Does it means they had NSA-corrupted engineers, or that they have better processes than others to find this kind of stuff that would happen everywhere?
by Anonymous Coward writes:
on Sunday July 17, 2016 @01:02PM (#52528663)
That is the question, isn't it?
We know that the NSA hunts SysAdmins [theintercept.com] in order to gain control over the systems and networks they manage [theintercept.com]. With that level of access inside Juniper, the NSA could easily have added these features themselves. In that case, kudos to Juniper for discovering the features and fixing them. Now they need to discover how they were added and what level of access the NSA has inside their systems.
We also know that the NSA receives voluntary cooperation [wikipedia.org] from numerous network providers. This could have allowed them access to Juniper credentials, or they might even have had the cooperation of Juniper management or turned Juniper admins.
We know that the NSA hunts SysAdmins in order to gain control over the systems and networks they manage. With that level of access inside Juniper, the NSA could easily have added these features themselves.
Hunting sysadmins is perfect to get access to data, but that is less effective to alter stuff. I am certain Juniper uses some version control tool. Modifying something leaves trails.
I am more inclined to think about an NSA agent being hired by Juniper as developer (or a Juniper developer being hired by NSA) in order to add subtle security bug in a legitimate software change.
We are drowning in information but starved for knowledge.
-- John Naisbitt, Megatrends
Jupiner again? (Score:2)
Juniper already had a backdoor in VPN products. [arstechnica.com]
Does it means they had NSA-corrupted engineers, or that they have better processes than others to find this kind of stuff that would happen everywhere?
Re:Jupiner again? (Score:1)
That is the question, isn't it?
We know that the NSA hunts SysAdmins [theintercept.com] in order to gain control over the systems and networks they manage [theintercept.com]. With that level of access inside Juniper, the NSA could easily have added these features themselves. In that case, kudos to Juniper for discovering the features and fixing them. Now they need to discover how they were added and what level of access the NSA has inside their systems.
We also know that the NSA receives voluntary cooperation [wikipedia.org] from numerous network providers. This could have allowed them access to Juniper credentials, or they might even have had the cooperation of Juniper management or turned Juniper admins.
Or it may have been honest bugs.
I imagine that with the "most transparent administration in history" [washingtonpost.com] we may never know, unless we get more whistleblowers and better whistleblower protections [slashdot.org].
Re: (Score:2)
We know that the NSA hunts SysAdmins in order to gain control over the systems and networks they manage. With that level of access inside Juniper, the NSA could easily have added these features themselves.
Hunting sysadmins is perfect to get access to data, but that is less effective to alter stuff. I am certain Juniper uses some version control tool. Modifying something leaves trails.
I am more inclined to think about an NSA agent being hired by Juniper as developer (or a Juniper developer being hired by NSA) in order to add subtle security bug in a legitimate software change.