Federal authorities are scrambling to figure out what happened and what was exposed.
Federal authorities have discovered a “backdoor” computer hack in Juniper Networks, which controls the connections used by many businesses and government agencies.
This potential vulnerability was discovered in software that the government uses called ScreenOS from Juniper Networks, which enables a virtual private network, or VPN, according to a CBS News report.
Juniper posted a security bulletin on their website warning people that the vulnerability allowed people to make unauthorized access to networks.
“[It] allows unauthorized remote administrative access to the device over SSH or telnet,” the bulletin reads. “Exploitation of this vulnerability can lead to complete compromise of the affected system.”
Juniper acknowledged the breach in a statement on its website.
“Juniper is committed to maintaining the integrity and security of our products and wanted to make customers aware of critical patched releases we are issuing today to address vulnerabilities in devices running ScreenOS® software.
During a recent internal code review, Juniper discovered unauthorized code in ScreenOS that could allow a knowledgeable attacker to gain administrative access to NetScreen® devices and to decrypt VPN connections,” the statement reads. “Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS.”
This backdoor access may have been available since all the way back in 2012.
Government investigators are in contact with Juniper to see what government computers may have been compromised.
However, Juniper says they have received no indication that anyone has exploited these vulnerabilities.
“Juniper is committed to maintaining the integrity and security of our products,” the company added in the statement. “Consistent with industry best practices, this means releasing patches for products in a timely manner to maintain customer security. We believed that it was in our customers’ best interest to issue these patched releases with the highest priority. We strongly recommend that all customers update their systems and apply these patched releases as soon as possible.”
Leave a Reply