U.S. reviews possible
'back door' in Juniper Networks code
Send a link to a friend
[December 19, 2015]
The U.S. government is investigating
unauthorized code inserted in software from Juniper Networks Inc, which
experts warned could be a "back door" used to spy on the networking
equipment maker's customers, an official told Reuters on Friday.
A senior U.S. official who declined to be named because of the
sensitivity of the matter said the Department of Homeland Security
is working with Juniper as it investigates the issue.
The official said the White House National Security Council had
taken an interest in Juniper's rare disclosure that somebody had
inserted rogue code into its software. Outside experts told Reuters
it was likely planted by a nation state or sophisticated criminals.
The incident at Juniper comes at the end of a year of several
high-profile hacks on Washington, including at the White House,
State Department and Office of Personnel Management.
Juniper warned customers on Thursday that it had uncovered
"unauthorized code" in the software that runs its firewalls, saying
it could be exploited to allow an attacker to unscramble encrypted
CNN reported Friday that the Federal Bureau of Investigation was
probing the matter. An FBI representative declined comment to
A former Juniper security executive said the flaw appeared to be a
"back door", a reference to rogue code secretly inserted into a
product to enable attackers to eavesdrop on users.
Juniper's notice to customers did not say whether the company was
aware of how the code was inserted in the software.
"This shines a light on the fact that kind of attack is something
intelligence agencies are probably doing," said Chris Wysopal, chief
technology officer with Veracode, a maker of software for uncovering
[to top of second column]
Juniper said on its website that it had not received any reports of
these vulnerabilities being exploited by hackers.
"However, we strongly recommend that customers update their systems
and apply the patched releases with the highest priority," it added.
On Thursday, the Department of Homeland Security's U.S. Computer
Emergency Response Team issued a short notice on its website,
advising Juniper customers to install the update.
Representatives with Sunnyvale, California-based Juniper could not
be reached for comment on Friday.
(Reporting by Jim Finkle in Boston, Mark Hosenball in New York,
Joseph Menn in San Francisco; Editing by Stephen R. Trousdale,
Matthew Lewis and Ken Wills)
[© 2015 Thomson Reuters. All rights
Copyright 2015 Reuters. All rights reserved. This material may not be published,
broadcast, rewritten or redistributed.