Last week Juniper Networks confirmed that it had discovered unauthorized code in its ScreenOS software which powers its firewalls, the unauthorized code could have compromised the entire system leading to VPN devices being decrypted without even leaving behind a trace of the attackers. This is troubling because Juniper Networks made software and communications equipment for major customers which include the United States government.
That’s really one of the major reasons why the FBI is reportedly investigating the breach of Juniper Networks software. There are concerns that the unauthorized code may have provided “backdoor entry” to a foreign government enabling it to tune into the communications of the United States government.
The company itself said that a “skilled attacker’ would be able to remove these entries from the local log file, “thus effectively eliminating any reliable signature that the device had been compromised.” It also confirmed that a second security issue had been discovered which would enable attackers to monitor VPN traffic and also decrypt it.
Since confirming these security issues Juniper Networks has released patches for both flaws, while mentioning that it hasn’t discovered any evidence that these security vulnerabilities were actually exploited by attackers.
Meanwhile the revelation is believed to have brought on an investigation by the FBI which is looking into the possibility of foreign governments using said vulnerabilities to tune into the communications of the U.S. government, another report mentions that the Department of Homeland Security is working with the FBI on this matter.