JuniperJuniper CEO Rami Rahim
It isn't yet known if the code was altered by a Juniper employee or outside interference.
Towards that end, security experts have warned that the "backdoor entry" resulting from the insertion of "unauthorized" code in Juniper's VPN software could have enabled a foreign government to snoop on the U.S. government's
communications.
USA officials are concerned that sophisticated hackers who were able to compromise this equipment could use it to get access into any business and or government agency that was using it.
The sophistication of the back door's installation and the targets lead the Federal Bureau of Investigation to believe that it's the work of a foreign government.
Speaking on the condition of anonymity, a senior USA official told Reuters on Friday that the Department of Homeland Security is working closely with Juniper as they probe into the matter. The officials said they are sure that spy agencies in the USA are not behind this back door.
It is not clear yet what or if any classified data was affected, but officials in the US said the Juniper Networks equipment is used so widely that it might take quite some time before a determination is made to what was the extent of damage. "The administration remains committed to enhancing our national cybersecurity by raising our cyber defenses, disrupting adversary activity, and effectively responding to incidents when they occur".
On Thursday, the Department of Homeland Security's U.S. Computer Emergency Response Team issued a short notice on its website, advising Juniper customers to install the update.
Juniper's notice to customers did not say whether the company was aware of how the code was inserted in the software. Juniper said in its warning that "a skilled attacker would likely remove these entries from the local log file, thus effectively eliminating any reliable signature that the device had been compromised". If encrypted communications were being monitored, "There is no way to detect that this vulnerability was exploited", according to the Juniper security alert.
The work to alter millions of lines of source code is sophisticated. Jupiter also plans to launch a security fix for another issue that can allow hackers to launch denial-of-service attacks on computer networks, CNN reports.