Network equipment supplier Juniper has admitted to the US Congress that a back door built into Juniper software at the request of the US secret service NSA has been taken over by another state. According to a report by the Reuters news agency, investigators assume that it is in China. After the incident 2018, a report on “lessons learned” had been drawn up at the NSA. Now the secret service is claiming to be unable to find this document, the news agency quotes an employee of US Senator Ron Wyden.

An inherited back door The so-called Juniper scandal is now one chapter richer. Its public processing began at the end 2015 when it became known that malicious code had been found in Juniper’s ScreenOS operating system. According to Juniper, the “unauthorized” program code could compromise NetScreen systems. Anyone who knew about it could not only have decrypted VPN traffic, but also made all traces of such an attack disappear. The company had drawn attention to it itself and published a patch. However, later analyzes showed that Juniper’s own built-in errors were the cause of the malicious code. Unknown attackers then practically exchanged the lock on the back door and thus gained exclusive access to the back door – the NSA was outside.

This part of the Juniper- Scandals had already been extensively documented 2017, but apparently there were other findings behind the scenes. Reuters cites statements by the Democrat Ron Wyden. At the same time, he criticizes the fact that the NSA does not disclose its handling of the back doors to the MPs despite changed regulations. They were introduced after the Snowden revelations had revealed how problematic the installation of back doors in software and hardware is. The Juniper scandal had underlined this, as the scenario occurred here that critics repeatedly warn against: Once a back door has been built in – for example to give intelligence services such as the NSA insight into communication in order to make their work easier – other actors can do so discover and use an access.

(mho)