Juniper Networks ScreenOS / Netscreen Firewalls - VPN Traffic Decryption - NSA Backdoor?

ꕤ Article SOURCE http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/ Extracts Ars Technica “Unauthorized code” in Juniper firewalls decrypts encrypted VPN traffic Backdoor in NetScreen firewalls gives attackers admin access, VPN decrypt ability. by Dan Goodin - Dec 18, 2015 10:50am AEDT An operating system used to manage firewalls sold by Juniper Networks contains unauthorized code that surreptitiously decrypts traffic sent through virtual private networks, officials from the company warned Thursday. ...  Release notes published by Juniper suggest the earliest vulnerable versions date back to at least 2012 and possibly earlier. There's no evidence right now that the backdoor was put in other Juniper OSes or devices. "... Juniper discovered unauthorized code in ScreenOS ... administrative access to NetScreen devices and to decrypt VPN connections," Juniper Chief Information officer Bob Worrall wrote. A separate advisory from Juniper says there are two separate vulnerabilities, but stops short of describing either as "unauthorized code." The first flaw allows unauthorized remote administrative access to an affected device over SSH or telnet. Exploits can lead to complete compromise. "The second issue may allow a knowledgeable attacker who can monitor VPN traffic to decrypt that traffic," the advisory said. Whodunit? Word that the VPN-breaking code was the result of unauthorized code, as opposed to an inadvertent programming flaw, touched off immediate concern that ScreenOS had been deliberately tampered with. The most likely culprit for such tampering would be the NSA or one of its many counterparts around the world. Classified documents leaked by former NSA subcontractor Edward Snowden showed NSA agents intercepting network gear from Cisco Systems as it was being shipped to a customer. They installed covert implant firmware onto the device before sending it to its final destination. As involved as that process was, getting unauthorized code covertly installed into an official operating system and keeping it there for years would appear to be an even more complicated—and brazen—undertaking. This 2013 article published by Der Spiegel reported that an NSA operation known as FEEDTHROUGH worked against Juniper firewalls and gave the agency persistent backdoor access. "This malware burrows into Juniper firewalls and makes it possible to smuggle other NSA programs into mainframe computers," the article reported. "Thanks to FEEDTROUGH, these implants can, by design, even survive 'across reboots and software upgrades.' In this way, US government spies can secure themselves a permanent presence in computer networks. The catalog states that FEEDTROUGH 'has been deployed on many target platforms.'" Of course, it's also possible the backdoor was installed some other way. Juniper's advisory makes no mention who it suspects is behind the move or what steps it's taking to find out. Ars has asked Juniper for more details and will update this post as warranted. http://arstechnica.com/security/2015/12/unauthorized-code-in-juniper-firewalls-decrypts-encrypted-vpn-traffic/ ScreenOS -- operating system for NetScreen firewalls Juniper Networks Juniper Networks multinational corporation HQ, Sunnyvale, California develops and markets networking products routers switches network management software network security products software-defined networking tech -- efforts to establish an ecosystem of technologies, software & applications Juniper Networks - Market Share -- 2001 - 37% share of core routers market -- challenging Cisco, who previously dominated market -- 2014 - USD$419.7 BILLION revenue Pradeep Sindhu Indian-American entrepreneur VP, Board Directors co-founded Juniper in 1996 B.Tech. in Electrical Engineering (1974) Indian Institute of Technology, Kanpur M.S. in Electrical Engineering (1976) University of Hawaii Ph.D (1982) in Computer Science Carnegie Mellon University Studied under Bob Sproull Sproull Oracle Corp was Associate Prof of Computer Science Carnegie Mellon est. consulting firm consulting firm bought by Sun Microsystems 1990 --> creation Sun Microsystems labs Sproull worked on design & director 2010 Sun bought by Oracle --> bcm Oracle Labs Pradeep Sindhu -- scientist with Xerox Paolo Alto Research Centre -- f. Juniper Networks 1996 Routers -- early routers for internet traffic -- intended for phone calls -- dedicated circuits for each caller -- Sindhu envisaged packet-based routers -- optimised for internet traffic -- joined by Sun Microsystems & MCI Communications engineers -- $2-million SEED FUNDING -- $12-million FUNDING in first year of ops Funding - $40-Million (1997) -- from a group of OEMs and service providers -- OEMs - 'original equipment manufacturers' -- are in fact re-sellers of another company's product under own name Contributors to 1997 funding: Northern Telecom 3Com Ericsson's Infocom Systems group Siemens/Newbridge Networks alliance WorldCom's UUNet Technologies subsidiary https://business.highbeam.com/3094/article-1G1-19746999/startup-snags-40m-bid-redefine-routers Spreading Control / Influence 2010 - Junos Innovation Fund Juniper Networks Establishes $50 Million Venture Fund will invest in companies 2010 - 2012 focusing on: networking tech applications security infrastructure services mobility services video solutions virtualisation network automation optical tech green networking investment as at 2010 article, in x11 companies - incl: Ankeena Networks Blade Network Technologies Cyan Optics FireEye Packet Design Vulture Fund - 'Activist Investor' Elliot Management Corporation hedge fund {billionaire Paul E. Singer} Dec. 2014 - Elliot owns 10% stake Juniper Networks x2 hedge fund directors appointed to Juniper board hedge fund guru Singer wants to cut this and that & increase share price -- eg operating costs & potential stock buy-backs in the billion --> basically wants to tell a successful, enormous tech company how to operate * I think the hedge fund may operate as a take-over merchant ACTIVIST INVESTORS -- include:     -- hedge funds     -- private equity firms     -- wealthy individuals well-known activist investors: Carl Icahn -- targets:  Yahoo, Blockbuster, Time Warner, RJR Nabisco & other NOTE   Company filing of SEC Form 13D -- investor purchases 5% or more shares notification -- indicative of possible 'activist investor' target 'activist hedge funds' -- term to describe hedge funds that: -- buy large public company shares -- seek to obtain seats on company's board -- aim to effect major changes in company -- attracted to companies that are: -- mismanaged -- have excessive costs -- could be run ore profitably as private company -- or other problem seen as fixable, to add value   'ACTIVIST INVESTORS'  TAKE-OVER MERCHANTS Paul Singer Carl Icahn Kirk Kerkorian Bill Ackman Eddie Lampert Nelson Peltz ============ 1 -- https://en.wikipedia.org/wiki/Juniper_Networks 2 -- http://techcrunch.com/2010/02/23/juniper-networks-fund/ 3 -- http://www.investopedia.com/terms/a/activist-investor.asp 4 -- https://business.highbeam.com/3094/article-1G1-19746999/startup-snags-40m-bid-redefine-routers 5 --  Juniper Networks Reaches Pact With 'Activist' Hedge Fund http://www.nytimes.com/2015/02/25/business/dealbook/juniper-networks-reaches-pact-with-activist-hedge-fund.html?_r=0 Mainframe aka  'big iron' -- high-performance computer -- large-scale computing -- large orgs for critical apps -- bulk data processing -- defined by high availability -- (ie higher than norm performance for higher than normal period) -- typically used in apps where downtime costly or catastrophic -- RAS (reliability, availability & serviceability) characteristic -- can run multiple operating systems -- pioneered virtualisation -- virtual machine mode (OS's running as if distinct computers) -- single mainframe eliminates conventional servers {I think} -- designed to handle very high volume input / output (I/O) -- emphasis on:  throughput computing -- subsidiary hardware (channels, periphery processors) - manage I/O devices -- CPU freed for high-speed memory MARKET SHARE - MAINFRAMES -- IBM mainframes:  90% market share -- software apps to manage performance -- 2010:  mainframe technology = less than 3% of IBM's revenues MARKET SHARE - MAINFRAMES SOFTWARE -- IBM - USA multinational, Revenue:  US$92.793 billion (2014) -- BMC - USA, Revenue:  US$2.172 billion (FY 2012) -- Computware  - USA, Revenue: private company -- CA Technologies - USA, multinational, Revenue: US$4.515 billion (2014) -- early models: -- punched cards, tape, magnetic tape -- batch mode operations (eg billing) -- 1970s  acquired interactive user interfaces -- operated as time-sharing computers -- able to then run batch processing + support of users -- early user access by special terminals -- later, from personal computers FURTHER HISTORY -- early manufacturers - IBM & the Seven Dwarfs     Burroughs     UNIVAC     NCR     Conctrol Data     Honeywell     General Electric     RCA -- Notable non-USA manufacturers Germany: Siemens Telefunken Britain: ICL Italy: Olivetti Japan: Fujitsu Hitachi Oki NEC Soviet Union -- close copies of IBM mainframes -- examples: BESM series Strela (ie 'arrow') 1980s, minicomputer-based systems -- more sophisticated -- displaced lower-end mainframes -- lower ends (aka 'departmental computers') - eg DEC VAX 1990s, servers based on microcomputer designs -- cheaper -- greater control -- interface terminals re mainframes eventually replaced by PCs Emerging Markets -- esp. People's Republic of China -- spurring innovation -- eg unified high volume transaction processing database / multiple industry access -- (eg banking, insurance, credit reporting, govt) 2012, NASA (space) powered down its last mainframe (IBM System z9) Supercomputers -- measured in - floating point operations per second (FLOPS) -- measured in (more recently) - traversed edges per second or TEPS -- frontline of current processing capacity -- esp. speed of calculation-- scientific & engineering probs (high-performance computing) versus Mainframes -- measured in millions of instructions per second (MIPS) -- data crunching & number crunching -- transaction processing -- {microprocessor-based servers & online networks also transaction process} HYBRID  Gameframe - 2007 -- hybrid computer system -- first used online video games industry -- blend of technologies & architectures for supercomputers & mainframes -- high computing power & high throughput -- Hoplon (Brazilian, multiplayer online games) & IBM joint project 2007 -- game server system -- offload of computation-intensive tasks from expensive CPU cycles of System z -- to economical 'Cell blades' (PowerXCell multicore processors) -- https://en.wikipedia.org/wiki/Gameframe Mainframe info source https://en.wikipedia.org/wiki/Mainframe_computer System z --  ie - IBM z Systems -- family name used by IBM for all of its mainframe computers throughput -- rate of production of processing https://en.wikipedia.org/wiki/Throughput  {I'm stopping here, or the look-ups could go on forever ... lol} FEEDTROUGH: NSA Exploit of the Day https://www.schneier.com/blog/archives/2014/01/feedtrough_nsa.html ---------------------- ꕤ ---------------------- COMMENT Wow, who's responsible? I'm going with NSA, even though I don't know what I'm talking about.  lol But if past history is anything to go by, it's likely an NSA infiltration, I think. ꕤ