The Department of Defense declined to discuss its relationship with Juniper.
The request prompted concern among some Juniper engineers, but ultimately the code was added to appease a large customer, the employees said. The algorithm had just become a federal standard at NSA’s behest, alongside three similar ones that weren’t mired in controversy, and the Pentagon tied some future contracts for Juniper specifically to the use of Dual Elliptic Curve, the employees said. The reason was that the Department of Defense, a major customer and NSA’s parent agency, insisted on its inclusion despite the availability of other, more trusted alternatives, according to the official and the three employees. intelligence official and three Juniper employees who were involved with or briefed about the decision.
►Juniper installed the NSA code - an algorithm with the unwieldy name Dual Elliptic Curve Deterministic Random Bit Generator - in NetScreen devices beginning in 2008 even though the company’s engineers knew there was a vulnerability that some experts considered a backdoor, according to a former senior U.S. He demanded answers in the last year from Juniper and from the NSA about the incident, in letters signed by 10 or more members of Congress.Īgainst that backdrop, a Bloomberg News investigation has filled in significant new details, including why Sunnyvale, California-based Juniper, a top maker of computer networking equipment, used the NSA algorithm in the first place, and who was behind the attack.
“As government agencies and misguided politicians continue to push for backdoors into our personal devices, policymakers and the American people need a full understanding of how backdoors will be exploited by our adversaries,” Senator Ron Wyden, a Democrat from Oregon, said in a statement to Bloomberg.
Juniper’s breach remains important - and the subject of continued questions from Congress - because it highlights the perils of governments inserting backdoors in technology products. NSA declined to address allegations about the algorithm. Security researchers have suggested that the algorithm contained an intentional flaw - otherwise known as a backdoor - that American spies could have used to eavesdrop on the communications of Juniper’s overseas customers.
The Juniper product that was targeted, a popular firewall device called NetScreen, included an algorithm written by the National Security Agency. intelligence agencies use to monitor foreign adversaries. But one crucial detail about the incident has long been known - uncovered by independent researchers days after Juniper’s alert in 2015 - and continues to raise questions about the methods U.S. Those intruders haven’t yet been publicly identified, and if there were any victims other than Juniper, they haven’t surfaced to date.