While the rest of the world hums along, fat, dumb and happy, the IT world is still reeling from the Juniper scandal. The reason why your computer pros are scrambling and coporate/government executives are in frenzy is pretty simple. Juniper, a major manufacturer of computer communications devices, discovered two back doors inside their production code. It is these back doors, how they got there and what they did to security that has the world in a worrisome state. It all happened in three (h)acts.

The First (H)Act.
The first part of the back doors appeared to have started with modifications to an existing set of code that was bad to begin with. The code in question bears all the trademarks of a NSA (National Security Agency) operation but the NSA isn't talking. The code involved a flawed random number generator formula used to scramble and secure data - called Dual Elliptical Curve or Dual_EC for short. The formula was made a standard for US government security at the behest of the NSA and a $250 million program to monitor computer traffic. The flawed generator may not have been directly inserted into the Juniper devices by the NSA but it was their invisible hand that did the dirty deed by encouraging manufacturers to use this code, allowing the weak system to be installed.

The Second (H)Act.
The second part of the back door happened in August 2012 when some unknown hacker with access to the source code at Juniper, modified the Dual_EC adding in their own special flavor, a new secret key. The secret key allowed the unknown hacker and company to monitor data. This change was a very subtle and skillful alteration to a single set of numbers used by the Dual Elliptical Curve generator. This code appears to be very professional and would be of value only to someone with global monitoring networks, enabling them to observe traffic traveling over the Internet. In short, a nation state.

The Third (H)Act.
Now for the kicker. An additional back door was added - this time a simple hardcoded back door password was entered that would allow an attacker inside the Juniper hardware itself and take it over. This code appears to have been done by someone with less skill that in (H)Act Two. However, the back door password would allow any hacker access to full control and enable them to monitor all transmissions passing through that particular Juniper device without leaving a trace. This appears to be of value to someone who does not have the capability to monitor traffic globally. It is also the most dangerous part because not only could someone monitor traffic, they could now alter it. In this case, a possible smaller nation state or even a criminal network could benefit from the final (H)Act.

So, where does this leave us? First, the users of the Juniper communications devices span the globe; businesses, banks, corporations, governments and many are unaware they were targeted. Congress has already asked the Department of Homeland Security to report on which US agencies use the Juniper equipment that was infected. DHS has replied with a resounding "don't know". In fact, we may never know because many of the US Government agencies don't know what kind of equipment they have or where it is located.

However, silently in the real business world, IT teams are scrambling over their equipment, trying to locate and identify if they have the Juniper devices. Again, the stock holders may never know the results because the companies and banks that used the equipment are not likely to desire publishing the fact they may have been hacked big time for the past three years.

The consequences of the Juniper hack are devastating. The hackers may have taken a simple "watch and see" wall flower approach, stealing information as it passed by. This could take the form of trade secrets, financial secrets, weapon design secrets, diplomatic secrets and sources.

However, the hacks could have also taken an active stance, changing data at critical times or disabling networks at critical moments. Some examples include: attacks on airline, banking, law enforcement computers or generating a flash crash on the stock market to make a pile of money in a Goldfinger inspired scheme. It is clear, however, that someone with this kind of power could have disabled many computer networks all at the same time, inside banks, governments, stock markets, and industry.

It is very troubling to think what would happen if all air traffic went down, or the electric grids were disabled. It may be dangerous if all communications went out or the stock market suddenly goes to zero. However, worse still ... what if these things were to happen all at once?

So, in three short (h)acts the entire western world was put at risk, rooted in a desire to monitor computer traffic for intelligence purposes. This play has a lesson: back door approaches are not only dangerous, they are insanely dangerous. It should impress those inside the intelligence agencies and law enforcement community that their desire to create a system to monitor, while motivated by the best of interests, can also turn into a monster that can rain destruction.

Unfortunately, most of those in power and many inside the various agencies are unaware that their ridiculous calls for back doors, no matter how laudable the reasoning, are in fact suicide notes scrawled on legislation or released to various press outlets. The Juniper (h)act was a cyber meteor that narrowly missed the Earth.

One if by Land, Two if By Sea,



Contact Us: