
Juniper hack has U.S. fearing foreign infiltration - doener
http://edition.cnn.com/2015/12/18/politics/juniper-networks-us-government-security-hack/
======
morgante
Of course, CNN leaves out the fact that the NSA shares substantial blame for
this by putting a back door into Dual_EC.

This is an incredibly poignant example of the inherent danger of any
cryptographic back door. It's a real shame that the media is both too
technically illiterate and too pro-government to explain that.

~~~
dsharlet
Can you explain how they are related?

My understanding of this is that malicious code was deliberately added to
Juniper's software, not that it exploited some existing code that Juniper
thought was safe. This could happen regardless of what kind of encryption is
in use in the surrounding code/infrastructure.

If my understanding is correct, why is Dual_EC relevant?

edit: And a follow on question: If this back door only works by assuming Dual
EC is backdoored, is that not incontrovertible proof that the NSA is behind
the entire thing, which there is at least some doubt that they are? That, or
someone else has found the hypothesized private key in Dual EC. Either
scenario seems like far more significant news than this story already is.

~~~
morgante
Disclaimer: I am by no means a cryptography expert and my understanding of
this is based on [1] and [2].

Basically, Juniper used Dual_EC, which they knew was backdoored. Because they
knew it was backdoored, they replaced the NSA key with their own, which they
thought made it "safe."

Now it turns out that a third actor might have somehow replaced the Juniper
key with their own key.

The point is that by using a CSPRNG with a backdoor, even when they tried to
close that backdoor, they still left a backdoor open. Dual_EC is relevant
because if the USG had never promoted it there never would have been a
backdoor to leave open. Another CSPRNG would have been harder to leave
insecure.

> If this back door only works by assuming Dual EC is backdoored, is that not
> incontrovertible proof that the NSA is behind the entire thing, which there
> is at least some doubt that they are?

Not necessarily. As Juniper is supposedly not using the NSA codepoints, it
could have been "any" actor which changed the back door, including but not
only the NSA.

Personally, I don't think it is the NSA in this case. If it were, I don't
think we'd be reading about it on CNN at all.

[1]
[https://www.imperialviolet.org/2015/12/19/juniper.html](https://www.imperialviolet.org/2015/12/19/juniper.html)

[2]
[https://kb.juniper.net/InfoCenter/index?page=content&id=KB28...](https://kb.juniper.net/InfoCenter/index?page=content&id=KB28205&pmv=print&actp=LIST)

~~~
csandreasen
It's even more complicated than that - Juniper used Dual EC, and changed the
Dual EC parameters, but ultimately the output of that PRNG was being used to
seed a different PRNG (probably for speed purposes).

From your 2nd link:

 _ScreenOS does make use of the Dual_EC_DRBG standard, but is designed to not
use Dual_EC_DRBG as its primary random number generator. ScreenOS uses it in a
way that should not be vulnerable to the possible issue that has been brought
to light. Instead of using the NIST recommended curve points it uses self-
generated basis points and then takes the output as an input to FIPS /ANSI
X.9.31 PRNG, which is the random number generator used in ScreenOS
cryptographic operations._

Because of this, it's not entirely clear at this point that an attack would
have been feasible even for an actor that had the P and Q used for Dual EC
here[1].

[1]
[https://twitter.com/pwnallthethings/status/67837170536721203...](https://twitter.com/pwnallthethings/status/678371705367212032)

~~~
matthewdgreen
However: even in this setting, all it takes is a single unauthorized call to
Dual EC and an exfiltration of 240 bits to obtain the values used in all
subsequent re-seeding of the ANSI generator. We already know there is
unauthorized code in ScreenOS based on Juniper's admission. So the next step
is to determine whether something like this has occurred.

~~~
csandreasen
If code was added to leak the state of the PRNG, then whether or not Dual EC
is used becomes a non-issue. The person who created the backdoor could leak
the state regardless of which PRNG was used.

------
logn
Lazy reporting: "The U.S. officials said they are certain U.S. spy agencies
themselves aren't behind the back door."

If you're not going to provide context or get a quote from a disinterested
party, then just omit the US saying the US didn't do it.

~~~
obvmn
It is guaranteed that they would say that regardless of the truth, so the
quote source is irrelevant really.

------
nightcracker
We clearly need to give up more privacy and add more fast-lane backdoors to
protect against these attacks.

~~~
jaywunder
Indeed! The best thing to do would to be to ban encryption all together! /s

~~~
marcusgarvey
Relevant and from last night's Democratic Debate.

RADDATZ: You'll be happy. I'll let -- I'll let you talk then.

Secretary Clinton, I want to talk about a new terrorist tool used in the Paris
attacks, encryption. FBI Director James Comey says terrorists can hold secret
communications which law enforcement cannot get to, even with a court order.

You've talked a lot about bringing tech leaders and government officials
together, but Apple CEO Tim Cook said removing encryption tools from our
products altogether would only hurt law-abiding citizens who rely on us to
protect their data. So would you force him to give law enforcement a key to
encrypted technology by making it law?

CLINTON: I would not want to go to that point. I would hope that, given the
extraordinary capacities that the tech community has and the legitimate needs
and questions from law enforcement, that there could be a Manhattan-like
project, something that would bring the government and the tech communities
together to see they're not adversaries, they've got to be partners.

It doesn't do anybody any good if terrorists can move toward encrypted
communication that no law enforcement agency can break into before or after.
There must be some way. I don't know enough about the technology, Martha, to
be able to say what it is, but I have a lot of confidence in our tech experts.

And maybe the back door is the wrong door, and I understand what Apple and
others are saying about that. But I also understand, when a law enforcement
official charged with the responsibility of preventing attacks -- to go back
to our early questions, how do we prevent attacks -- well, if we can't know
what someone is planning, we are going to have to rely on the neighbor or, you
know, the member of the mosque or the teacher, somebody to see something.

CLINTON: I just think there's got to be a way, and I would hope that our tech
companies would work with government to figure that out. Otherwise, law
enforcement is blind -- blind before, blind during, and, unfortunately, in
many instances, blind after.

So we always have to balance liberty and security, privacy and safety, but I
know that law enforcement needs the tools to keep us safe. And that's what i
hope, there can be some understanding and cooperation to achieve.

RADDATZ: And Governor O'Malley, where do you draw the line between national
security and personal security?

O'MALLEY: I believe that we should never give up our privacy; never should
give up our freedoms in exchange for a promise of security. We need to figure
this out together. We need a collaborative approach. We need new leadership.

The way that things work in the modern era is actually to gather people around
the table and figure these things out. The federal government should have to
get warrants. That's not some sort of passe you know, antique sort of
principle that safeguards our freedoms.

But at the same time with new technologies I believe that the people creating
these projects -- I mean these products also have an obligation to come
together with law enforcement to figure these things out; true to our American
principles and values.

My friend Kashif, who is a doctor in Maryland; back to this issue of our
danger as a democracy of turning against ourselves. He was putting his 10 and
12-year-old boys to bed the other night. And he is a proud American Muslim.
And one of his little boys said to him, "Dad, what happens if Donald Trump
wins and we have to move out of our homes?" These are very, very real issues.
this is a clear and present danger in our politics within.

We need to speak to what unites us as a people; freedom of worship, freedom of
religion, freedom of expression. And we should never be convinced to give up
those freedoms in exchange for a promise of greater security; especially from
someone as untried and as incompetent as Donald Trump.

RADDATZ: Thank you, Governor O'Malley.

[https://www.washingtonpost.com/news/the-
fix/wp/2015/12/19/3r...](https://www.washingtonpost.com/news/the-
fix/wp/2015/12/19/3rd-democratic-debate-transcript-annotated-who-said-what-
and-what-it-meant/)

~~~
compbio
Interesting. The "new terrorist tool used in the Paris attacks, encryption" is
far from new, and that story has revolved around the Playstation network
(which the media told us was used by the Paris terrorists, despite the
originators of that rumor retracting their story about Jambon).

The "problem" here is not secure communication. It is media propaganda /
information warfare. Facebook and Twitter being used to instill hate and
spread conspiracies. It is all in the open: Facebook images stating that
Israel is behind ISIS, or Twitter accounts that post nothing but Anwar al-
Awlaki videos. Could you imagine that happening 10 years ago, on your own
homepage, without being raided? If Twitter can block porn, surely they can
block terrorist propaganda too. But the law enforcement probably want to use
these for fishing. Instead Clinton wants to build another nuke.

> "Dad, what happens if Donald Trump wins and we have to move out of our
> homes?"

These are propaganda tactics close to character assassination. In the next
sentence he says that "freedom of expression" unites us, but when Trump uses
this freedom of expression he is suddenly scaring Muslim kids. Very
recognizable.

> especially from someone as untried and as incompetent as Donald Trump.

You just know that they made this a talking point, a hook. And O'Malley
wrestled it in his answer, because that is what he prepared.

> where do you draw the line between national security and personal security?

Donald Trump is incompetent. Next question! Next!

------
mtgx
Who are these "officials" and why are they anonymous here?

Anyway, what's most likely to have happened is that other nation-states
discovered NSA's own backdoors and started using them. The NSA then freaked
out and told Juniper it's ok to patch them now. The reason why I'm implying
cooperation between Juniper and NSA is because Juniper keeps refusing to
eliminate the _well known_ Dual_EC backdoor from their systems and are giving
stupid reasons for keeping it.

~~~
forgotpwtomain
Could there be a legal case involved here? I mean if I as a customer paid for
a door-lock which was marketed as "secure" and you knowingly shipped me a
door-lock which can be subverted by tools some particular burglars are known
to have access to? That sounds quite malicious to say the least.

~~~
microcolonel
At least in the literal sense, that's what you are getting when you buy a door
lock marked "secure".

I don't think a product like this has really been "secure" since the early
1800s or earlier.

------
t0mas88
Sure... "The U.S. officials said they are certain U.S. spy agencies themselves
aren't behind the back door." because if they were they would immediately tell
everyone. It's not like they have a political agenda to both deny involvement
and blame foreign agencies... /s

Either way this will have a big economic impact for Juniper. In no way are
they going to win the next big banking or government contracts.

~~~
mschuster91
> Either way this will have a big economic impact for Juniper. In no way are
> they going to win the next big banking or government contracts.

If I were in a three-letter position at any big company, I'd choose Juniper
over Cisco gear now. Juniper has proven they do code audits and throw such
stuff out if they find it. Cisco, not so much.

~~~
jlgaddis
I like the reassurance of Juniper doing code audits. If they do them
regularly, though, why did it take them over three years to find this
"unauthorized code"?

~~~
mschuster91
I can imagine that the software going into a typical router is as complex and
huge as the kernel. I'd guess they do rolling audits because of the
complexity.

------
rodionos
> Note that a skilled attacker would likely remove these entries from the log
> file, thus effectively eliminating any reliable signature that the device
> had been compromised

Sending logs off as they're written to a centralized logging server or a time-
series database would have been useful in this context.

~~~
floatrock
I would also assume you could do a blockchain-type log -- ie the hash of an
entry includes the hash of the previous entry so that if one entry is removed,
the whole thing is tamper-evident.

Of course, then you need to ensure the integrity of the latest hash (if you
can change one log, you can change them all). If the centralized logging
server(s) are protected with the same rooted ssh, then it's just an additional
step for our sophisticated state-sponsored boogeyman.

~~~
hidroto
just print the logs as they come in.

------
coldcode
Why would anyone choose to use Dual_EC even with their own keys unless they
are completely ignorant or coerced? It is especially galling for people who
sell supposedly secure products. I can't imagine that any competent CTO/CSO
would sign off on such a stupid choice.

------
Animats
Does Juniper not have source control? Don't they know who inserted this code?

~~~
dietrichepp
Lots of source control systems don't offer that level of verification. Even
Git, with SHA-1 hashes everywhere, lets you claim to be anybody when you write
a commit. The only thing you can verify the origin of in Git is the author of
a tag signature, for tags that are signed with a PGP key.

~~~
TwoBit
"even git"?

I'm not sure git is the best example of a secure system. Commercial source
control systems have more serious authentication.

~~~
gaius
Indeed. Serious players use Perforce and consider it to be worth every penny.

~~~
kingosticks
The perforce website just talks about git. Does the old perforce vcs thing
still exist?

~~~
p4thr0waw4y
Yes. Their git stuff is a front-end so users can use git, which then funnels
it to the back end. Works like Git-TFS or the built-in integration of Git into
Visual Studio.

What used to be the central p4 server was renamed Helix, turned into a
federated architecture, and there's some sort of data exfiltration protection
option that is based on Interset's behavioral analytics stuff.

As far as I can tell from the marketing materials, the idea seems to be that
if if a coder starts regularly looking at the sales numbers, file a report.
Maybe someone needs a reminder about the consequences of insider trading, but
maybe they just want to know if the project's getting traction in the real
world, and the false alarm can be resolved with a brief chat. If someone tries
to clone an entire corporate monorepo on a salesperson's workstation at 3 in
the morning local time, shut it down, because the most likely explanation is
that the salesperson's workstation has been compromised.

------
memracom
If you have access to the build server you can modify the code, after pulling
from the repo.

Or, if you have access to the binary repo where the code is pushed by the
build server after building (often just a file server and FTP) then you can
place your own binary.

Of course it us possible to use crypto hashes throughout the process to
prevent these kinds of hacks from working, but...

If you do that, then the security process itself is what hackers will attack.

To prevent installation of exploits you really need to pay serious attention
to the whole release process and not assume that anything is simple or secure.
Only the paranoid can succeed in security.

------
cm2187
Might be the NSA, might be a foreign competitor to the NSA. In any case, don't
do to others, what you wouldn't want done to you!

~~~
jcoffland
Right, that's the spy agency moto, isn't it?

------
acd
One can start to question using proprietary security software and devices with
closed source vs using opensource.

If its one device, it may be in others.

~~~
gaius
Open source is not a panacea. It doesn't matter if the code is perfect, if the
algorithm it implements is flawed.

------
im2w1l
Can we have a discussion about not every nation state being NSA and what that
means?

------
DyslexicAtheist
Juniper is providing crucial Radio-access and backhaul security features to
mobile network vendors such as in Nokia / NSN equipment. would be interesting
to understand how these are impacted.

[http://www.lightreading.com/mobile/mobile-security/nsn-
junip...](http://www.lightreading.com/mobile/mobile-security/nsn-juniper-
strengthen-mobile-ties/d/d-id/706046)

------
phjesusthatguy3
CNN is the People magazine of cable network news. I suppose this story is
important because it's exposing this issue to the wider American audience, but
anyone who is reading HN already knows about this issue.

------
GTP
I hope this may let them think more seriously about the potential security
threat that a so-called "governamento backdoor" would pose.

------
Jonoco
> A senior administration official told CNN, "... The administration remains
> committed to enhancing our national cybersecurity by raising our cyber
> defenses"

I hope you can see my eyes because I'm rolling them as hard as I can.

This does raise the question of whether the US government is foolish enough to
use insecure US made electronics. And I suppose answers it.

------
obvmn
Oops, we didn't notice that China/Whoever was using our own back door for 3
years!

Clearly we need even MORE back doors! /s

------
yodsanklai
Is that a big deal? after all, it's common knowledge that the US spy routinely
on their allies [1,2]. Nobody really seemed to care at the time.

[1] [http://www.theguardian.com/us-news/2015/jul/08/nsa-tapped-
ge...](http://www.theguardian.com/us-news/2015/jul/08/nsa-tapped-german-
chancellery-decades-wikileaks-claims-merkel) [2] [https://wikileaks.org/nsa-
france/](https://wikileaks.org/nsa-france/)

~~~
singiht34-02
I think the undercurrent that in implied is that there are countries like
China who don't play by the normal rules of international espionage. Since
they are so tightly coupled to Chinese industry they abuse their resources and
power to feed domestic industry. To most people this seems very scummy.

Are there examples the other way? Where the US stole secrets and then handed
them off to domestic companies? Maybe in defense? but otherwise?

~~~
janekm
Yes, there have been such allegations. A recent case involves Airbus who
allege industrial espionage in the context of revelations that the German BND
helped the NSA spy on European businesses: [http://www.bbc.com/news/world-
europe-32542140](http://www.bbc.com/news/world-europe-32542140)

~~~
staunch
Your link does not support your confirmation.

> _Leaks from a secret BND document suggest that its monitoring station at Bad
> Aibling checked whether European companies were breaking trade embargos
> after a request from the NSA._

If all the NSA did was look for illegal (off the books) sales of military
equipment, that's exactly the kind of thing that's easy to justify ethically.
If they were taking Airbus data and funneling it to Boeing, that would be
highly unethical.

Is there any evidence the NSA has ever been motivated by economic espionage?

~~~
janekm
Indeed, the link only confirms that he allegation had been made; whether it
has ever occurred is rather harder to confirm, of course.

------
PakG1
Occam's Razor would say that the code was modified by a disgruntled employee
just before leaving, no? Why is the jump being made to foreign governments?

~~~
beambot
Bypassing VPN encryption is only broadly useful if you can get access to
packets in transit. Nation-state agencies are the only actors that probably
already have such wiretaps. (As discussed here:
[https://www.imperialviolet.org/2015/12/19/juniper.html](https://www.imperialviolet.org/2015/12/19/juniper.html))

~~~
umanwizard
Non-nation-states could still get access to a reduced set of packets. I can
sit next to you in a coffee shop with public wifi and see everything in the
clear if I can decrypt your VPN.

Also, maybe they never intended to use it, and just wanted to make their
company look bad.

~~~
csandreasen
Is this guy sitting in a coffee shop with a 2U rackmount ScreenOS-based
hardware VPN connected to his laptop? If not, this particular attack that the
article is discussing wouldn't work.

