NSA Backdoors Juniper, GovCorp Backdoors Even More
grarpamp
grarpamp at gmail.com
Fri Sep 3 00:38:19 PDT 2021
https://finance.yahoo.com/news/juniper-breach-mystery-starts-clear-130016591.html
https://www.wsj.com/articles/u-s-believes-it-doesnt-need-to-show-proof-huawei-is-a-spy-threat-11548288297
http://rump2007.cr.yp.to/15-shumow.pdf
D-EC-DRBG Dual Elliptic Curve Deterministic Random Bit Generator
OpenBSD Cryptographic Framework
Countless "Secure" Phones, Protocols, and Applications
Undocumented CPU OpCodes Fuzzed
Wyden is a fraud who knew well before Snowden and didn't speak up.
Days before Christmas in 2015, Juniper Networks alerted users that it
had been breached. In a brief statement, the company said it had
discovered "unauthorized code" in one of its network security
products, allowing hackers to decipher encrypted communications and
gain high-level access to customers' computer systems. Further details
were scant, but Juniper made clear the implications were serious: It
urged users to download a software update "with the highest priority."
More than five years later, the breach of Juniper's network remains an
enduring mystery in computer security, an attack on America's software
supply chain that potentially exposed highly sensitive customers
including telecommunications companies and U.S. military agencies to
years of spying before the company issued a patch.
Those intruders haven't yet been publicly identified, and if there
were any victims other than Juniper, they haven't surfaced to date.
But one crucial detail about the incident has long been known --
uncovered by independent researchers days after Juniper's alert in
2015 -- and continues to raise questions about the methods U.S.
intelligence agencies use to monitor foreign adversaries. The Juniper
product that was targeted, a popular firewall device called NetScreen,
included an algorithm written by the National Security Agency.
Security researchers have suggested that the algorithm contained an
intentional flaw -- otherwise known as a backdoor -- that American
spies could have used to eavesdrop on the communications of Juniper's
overseas customers. NSA declined to address allegations about the
algorithm.
Juniper's breach remains important -- and the subject of continued
questions from Congress -- because it highlights the perils of
governments inserting backdoors in technology products. "As government
agencies and misguided politicians continue to push for backdoors into
our personal devices, policymakers and the American people need a full
understanding of how backdoors will be exploited by our adversaries,"
Senator Ron Wyden, a Democrat from Oregon, said in a statement to
Bloomberg. He demanded answers in the last year from Juniper and from
the NSA about the incident, in letters signed by 10 or more members of
Congress.
More information about the cypherpunks
mailing list