Federal agencies rushing to close backdoor in IT equipment installed by cyber spies


(Cyberwar.news) The Department of Homeland Security and a number of other federal agencies are scrambling to remove or block “backdoor” listening posts installed in widely purchased information systems likely installed by cyber spies, Defense One is reporting.

The unauthorized code gives hackers to decrypt communications that pass through widely used Juniper Networks firewalls, the company has said. The existence of the three-year-old code was announced by federal officials Dec. 17. Thus far the government has spent some $13 million on Juniper equipment since 2012, according to federal figures.

DHS and federal agencies are scrambling to test their IT inventory in a frantic bid to identify and sanitize affected Juniper systems, as well as any information that has ever passed through a Juniper firewall, officials told Defense One.

Officials believe that the backdoors were installed by a foreign entity. Earlier reports have hinted that the cyber spies may have exploited a weakness that the National Security Agency alleged installed in a popular encryption formula.

Cybersecurity experts noted that this is what can happen when backdoors are installed on IT equipment, such as Dave Aitel, a former NSA employee who is now chief technology officer at Immunity, a cybersecurity firm.

“We have every presidential candidate talking about crypto backdoors and no one can really point to why they are so dangerous,” Aitel told Defense One. But the Juniper software tampering is “a perfect case example of why cryptographic backdoors are so dangerous in the real world.”

The discovery of the backdoors on Juniper equipment comes at a time when federal law enforcement officials are pushing to have them installed on all systems, as an anti-terrorism measure, primarily. In fact, DHS Secretary Jeh Johnson recently raised red flags about a tech world where no backdoors for law enforcement exist.

“I understand the importance of what encryption brings to privacy,” but “our inability to access encrypted information poses public safety challenges,” he told a cybersecurity conference.

Earlier in the week Wired reported that the NSA may inadvertently be responsible for the backdoor breach.

An analysis ”suggests that the Juniper culprits repurposed an encryption backdoor previously believed to have been engineered by the NSA, and tweaked it to use for their own spying purposes,” Wired reported.

  • Click here to ‘like’ Cyberwar.news on Facebook!

See also:

Defense One

Cyberwar.news

Wired

style="display:inline-block;width:728px;height:90px"

data-ad-client="ca-pub-8193958963374960"

data-ad-slot="6833476334">



Comments
comments powered by Disqus

RECENT NEWS & ARTICLES