Big Brother touched Juniper Networks - backdoor allowed anyone to eavesdrop on communications
By: +David Herron; Date: 2015-12-23 10:14
A couple weeks ago the Republican candidates for the 2016 US Presidential election held a debate in which Carly Fiorina (former HP CEO) bragged about having helped Government spy agencies do something to a computer shipment that may have involved installing backdoors.
All the Republican candidates (except for Rand Paul) proclaimed the necessity of undermining the Internet so that spy agencies can "do something about Terrorism". My blog post at the time pointing out the problem, that they're willing to destroy the Internet and trample on our freedom of privacy and freedom of speech, was met with a certain amount of derision. This is a serious problem we're facing, that the Internet has been subverted into a massive spying operaton.
An example of this, and the problems with having done so, is in today's news. According to The Register, routers made by Juniper Networks have been discovered to have "backdoors" installed that make it easy for those with knowledge of certain details to decrypt any communication going through those routers. The backdoors share characteristics with a random number generator the NSA lobbied for adoption, even though researchers who studied the Dual EC DRBG random number generator determined it could be decoded by "clever eavesdroppers".
In other words, the NSA wanted the world to adopt this random number generator - these are used for initializing encryption algorithms - that would predetermine the characteristics of encrypted communications that the NSA could then easily decrypt.
Juniper Networks admitted there had been unauthorized changes to software in their routers. The researchers who uncovered the flaw of course don't have access to the audit trail to determine who inserted these changes. It smells like the NSA caused this to happen, but The Register doesn't have proof of the culprit.
However, the effect is what I said above - a backdoor allowing anyone with the right knowledge to easily decrypt communications. It may not matter whether it was the NSA who did it. The truth is that Juniper routers are vulnerable, and it seems purposely so. It's just that the NSA has the motive to do this, and the means (it's well known Government agencies have demanded various forms of "cooperation" of this sort over the last several years).
What's truly egregious about this is that nefarious 3rd parties also discovered the same vulnerability. According to The Register, they built ... well, The Register has this quote from a blog post by Matthew Green, a cryptography researcher at Johns Hopkins University. That blog post goes into many more details.
"For the past several years, it appears that Juniper NetScreen devices have incorporated a potentially backdoored random number generator, based on the NSA's Dual EC DRBG algorithm,"
"At some point in 2012, the NetScreen code was further subverted by some unknown party, so that the very same backdoor could be used to eavesdrop on NetScreen connections. While this alteration was not authorized by Juniper, it's important to note that the attacker made no major code changes to the encryption mechanism – they only changed parameters."
"To sum up, some hacker or group of hackers noticed an existing backdoor in the Juniper software, which may have been intentional or unintentional – you be the judge,"
"They then piggybacked on top of it to build a backdoor of their own, something they were able to do because all of the hard work had already been done for them,"
"The end result was a period in which someone – maybe a foreign government – was able to decrypt Juniper traffic in the US and around the world."
His blog post closes with this explanation of why these details of random number generators and encryption algorithms matter:
For the past several months I've been running around with various groups of technologists, doing everything I can to convince important people that the sky is falling. Or rather, that the sky will fall if they act on some of the very bad, terrible ideas that are currently bouncing around Washington -- namely, that our encryption systems should come equipped with "backdoors" intended to allow law enforcement and national security agencies to access our communications.
One of the most serious concerns we raise during these meetings is the possibility that encryption backdoors could be subverted. Specifically, that a backdoor intended for law enforcement could somehow become a backdoor for people who we don't trust to read our messages. Normally when we talk about this, we're concerned about failures in storage of things like escrow keys. What this Juniper vulnerability illustrates is that the danger is much broader and more serious than that.
The problem with cryptographic backdoors isn't that they're the only way that an attacker can break into our cryptographic systems. It's merely that they're one of the best. They take care of the hard work, the laying of plumbing and electrical wiring, so attackers can simply walk in and change the drapes.
That is - he's raising the same concern I raised. Many politicians are calling for subversion of the Internet, so that spy agencies can more easily eavesdrop, and more easily "catch terrorists". But the effect will simply be more invasion of privacy, and worse that criminals and others will make unintended use of these backdoors.
An example that came up in todays news is a guy from the Bahama's captured by the FBI trying to sell stuff he purloined out of private e-mail accounts of Actors/Actresses/etc. In part it's the same-old-same-old story of someone hacking into e-mail accounts, and pilfering stuff. In this case it's TV scripts, movie scripts, sex tapes, private identifying numbers, and so on. It's the sort of story which comes up on occasion, you read it, yawn and move on. But, it's also a symptom of the whole problem. Nefarious people grabbing private personal data they have no business accessing.
Maybe this guy used the sort of backdoor which was installed by government agents, or maybe not. It doesn't matter. It's just another instance of privacy violation. When the Government leans on computer equipment makers to install security backdoors - it means the Government is increasing the chance of privacy violations. And the government cannot control who uses those tools.