- Sputnik International
World
Get the latest news from around the world, live coverage, off-beat stories, features and analysis.

Networking Giant Abandons NSA-Developed Firewall Code

© Flickr / Perspecsys PhotosA new report from the United Nations recognizes what may soon be a fundamental truth: data encryption is an essential human right.
A new report from the United Nations recognizes what may soon be a fundamental truth: data encryption is an essential human right. - Sputnik International
Subscribe
Technology company Juniper Networks has announced that it will drop code developed by The National Security Agency it believes to be responsible for breaches in the company’s firewall.

Based in Sunnyvale, California, Juniper Networks produces networking equipment used by many private companies and government agencies. Last month, the company announced a major security flaw: two unauthorized backdoors were discovered in its own firewall.

A sign stands outside the National Security Agency (NSA) campus in Fort Meade - Sputnik International
US DOS Affirms Obama Administration's ‘No Spy’ Policy on Foreign Leaders

In place for three years, one of those backdoors allowed hackers to decrypt Juniper’s traffic.

Experts immediately suspected that the US government was behind the programming flaw, and the company appeared to agree. On Friday, the company announced that it would remove the Dual_EC_DRBG random number generator from its firewall, saying it believes that portion of code to be responsible.

"We will replace Dual_EC and ANSI X9.31 in ScreenOS 6.3 with the same random number generation technology currently employed across our broad portfolio of Junos OS products," Juniper said in a blog post.

"The investigation of the origin of the unauthorized code continues."

While the company doesn’t mention the NSA by name, the Dual_EC code is widely believed to have been developed by the intelligence agency for surveillance purposes.

Israeli Prime Minister Benjamin Netanyahu - Sputnik International
NSA Spied on Netanyahu’s Office - Reports

Nicholas Weaver, a researcher with the International Computer Science Institute, told Wired Magazine that "the weakness in the VPN itself that enables passive decryption is only of benefit to a national surveillance agency," and that the NSA has been guilty of similar actions against corporate entities in the past.

Juniper’s decision to use Dual_EC has been criticized since it first began using the code. In 2007, cryptographer Bruce Schneier wrote a piece for Wired in which he called it “scary stuff.” In 2013, the New York Times, in an article based on documents provided by NSA whistleblower Edward Snowden, published a story warning of the code’s weaknesses.

"There’s no legitimate reason to put Dual_EC in a product," Matthew Green, a cryptopher at Johns Hopkins University, told Wired. "There never was. This is an incredibly powerful and dangerous code and you put it in your system and it creates a capability that would not have been there otherwise."

"There’s no way to use it safely."

Juniper had earlier defended its decision, insisting that its encryption was secure.

Newsfeed
0
To participate in the discussion
log in or register
loader
Chats
Заголовок открываемого материала