Attack On Juniper Networks’ ScreenOS Being Investigated By Authorities

The news of an unauthorized code being found in Juniper Networks’ ScreenOS program raised severe VPNs security concerns on 17th Dec, 2015.On the same day, the SVP Chief Information Officer of Juniper, Bob Worrall, informed that during one of Juniper’s regular code review, an unidentified and unauthorized code was found that can possibly be used by a hacker to obtain access that has administrative authority, to NetScreen devices and decrypt VPNs connections. Later on 20th Dec 2015 Juniper informed in a customer update that access threats of administrative nature (CVE-2015-7755) affected only the ranges ScreenOS 6.3.0r17 to ScreenOS 6.3.0r20. Similarly the threat of decryption of VPNs (CVE-2015-7756) affected only ranges ScreenOS 6.2.0r15 to 6.2.0r18 along with 6.3.0r12 to 6.3.0r20.

FBI probing Juniper Networks firewall breach amid fears of foreign spying
The FBI also began its investigation in the matter as the US officials were worried that hackers working for foreign government could spy on encrypted communication of the US government and private companies. Due to the sophisticated nature of the security breach, US government officials suspect the involvement of a foreign government, mainly China or Russia. Juniper’s products are used worldwide especially by large corporations and even the US government.

The attack on Juniper’s NetScreen OS presents a two-level threat to NetScreen users. One, the firewall has been weakened by the unauthorized piece of code to gain administrative access to the network. Two, the VPNs can be easily decrypted making the information being shared over it completely accessible to the hacker. Considering that the users of Juniper’s VPN products are large private corporations and government organizations, this kind of a security threat could imply huge financial losses. It could also mean national security breaches for government like US that either use Juniper VPNs or exchange information with others that use it.

As described by Bob Worrall, the unauthorized code was found in the ScreenOS program which is the operating system of NetScreen devices that provide security to VPNs though their firewalls. Firewalls are the security systems that networks (and individuals systems too) put in place to avoid any malicious software or unauthorized systems gain entry to the network. The piece of code identified by Juniper Networks acted as a weak spot which could be used by a hacker to get into the system with all administrative accesses. The hacker could then easily access any of the VPNs and decrypt confidential information. The only confirmation that has been made by Juniper is the finding of the weak spot. This weak spot made all VPNs on NetScreen device vulnerable to a possible hack. Though the seriousness of the issue was strongly highlighted, Juniper Networks provided no information on how long the unauthorized code was present in the firewalls of NetScreen devices.

Juniper Networks
Juniper Networks mentioned that there have not been any reports of this vulnerability being exploited with a malicious intent. However, the magnitude of the issue can be gauged by the fact that finding out if any such incident has occurred is also not easy. A skilled hacker would crack the security of a VPN, get access to all information present on it – some of which could be extremely confidential – decrypt it and clear all logs. Clearing the logs that show a security breach into the VPNs makes it impossible to know if VPNs security has been compromised. Hence lack of any VPNs breaches reported could also be because users of VPNs have not been able to find out if their encrypted information has been decoded. This makes it even more essential for NetScreen VPNs users to know for how long their security had been at stake.

Considering that somebody had to get into the system to be able to write the unauthorized code, it is very likely that somebody from within Juniper Networks be involved, though there has not been any disclosures made by Juniper regarding it. With such high stakes involved, it is being hoped that minimal security breaches have occurred due to the lapse in Juniper’s security systems.

Visit HERE to find the best VPNs.