Juniper Hacked

HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
Since I didn't see any buzz about it on here I figured I would post. Our company was notified on Friday about the security breach and shut down a few edge devices.
Newly discovered hack has U.S. fearing foreign infiltration - CNNPolitics.com
“The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln

Comments

  • greg9891greg9891 Member Posts: 1,184 ■■■■■■■□□□
    Nothing is 100 % secure these days. icon_cry.gif sad!
    Certs Gained 2020: CCNA
    Upcoming:

    Proverbs 6:6-11Go to the ant, you sluggard! Consider her ways and be wise, Which, having no captain, Overseer or ruler, Provides her supplies in the summer, And gathers her food in the harvest. How long will you slumber, O sluggard?
    When will you rise from your sleep? A little sleep, a little slumber, A little folding of the hands to sleep, So shall your poverty come on you like a prowler And your need like an armed man.
  • dustervoicedustervoice Member Posts: 877 ■■■■□□□□□□
    greg9891 wrote: »
    Nothing is 100 % secure these days. icon_cry.gif sad!
    Nothing has ever been 100% secure; there is no such thing.It would be interesting to see how the code got modified without Juniper knowing. Collusion perhaps or some stupid user clicking on links and documents. who still uses netscreen? An OS thats been defunct since 2004icon_rolleyes.gif
  • nman99nman99 Member Posts: 35 ■■□□□□□□□□
    Yeah, saw this on Friday I think, good job Juniper..
  • networker050184networker050184 Mod Posts: 11,962 Mod
    At least they found it. How many other compromised products are out there no on even knows about yet? That's the scary part.
    An expert is a man who has made all the mistakes which can be made.
  • chrisonechrisone Senior Member Member Posts: 2,219 ■■■■■■■■■□
    Before people start bashing a brand, this happens to cisco as well. I am a cisco guy but for the sake of this thread getting out of hand with nonsense, just know it happens to many vendors.
    Certs: CISSP, OSCP, CRTP, eCTHPv2, eCPPT, eCIR, LFCS, CEH, AZ-900, VHL:Advanced+, Retired Cisco CCNP/SP/DP
    2021 Goals
    Courses: eLearnSecurity - PTXv2 (complete), SANS 699: Purple Team Tactics (completed), PentesterLabs Pro (ongoing)
    EnCase Courses: DF120 (in progress), DF210, DF310
    Certs: AZ-500, SC-200 (fail 1st attempt), SC-300, SC-400, EnCE, Splunk Core Power User (passed), Splunk Enterprise Sys Admin
  • 636-555-3226636-555-3226 Member Posts: 976 ■■■■■□□□□□
    No fun if you don't post a Shodan search for it!
  • bigdogzbigdogz Member Posts: 876 ■■■■■■■■□□
    This is what happens when things are made in other countries.
  • HondabuffHondabuff Member Posts: 667 ■■■□□□□□□□
    Not so much a bashing post. I had a few old Netscreen devices that we inherited. The code on our boxes was older then the code that was effected. Looking at what the problem was, it looked like a backdoor was written into the code. Probably a pre production local admin account that was forgot about. Juniper really isn't that old of a company is it?
    “The problem with quotes on the Internet is that you can’t always be sure of their authenticity.” ~Abraham Lincoln
  • networker050184networker050184 Mod Posts: 11,962 Mod
    Juniper has been around for about 15-20 years now I believe. Netscreen was also an acquisition for them maybe 10 years ago.
    An expert is a man who has made all the mistakes which can be made.
  • Dakinggamer87Dakinggamer87 Gaming Tech Expert Silicon Valley, CAMember Posts: 4,016 ■■■■■■■■□□
    greg9891 wrote: »
    Nothing is 100 % secure these days. icon_cry.gif sad!

    Not as long as there are hackers...
    *Associate's of Applied Sciences degree in Information Technology-Network Systems Administration
    *Bachelor's of Science: Information Technology - Security, Master's of Science: Information Technology - Management
    Matthew 6:33 - "Seek the Kingdom of God above all else, and live righteously, and he will give you everything you need."

    Certs/Business Licenses In Progress: AWS Solutions Architect, Series 6, Series 63
  • wastedtimewastedtime Member Posts: 586 ■■■■□□□□□□
    The backdoor login info has been released. Due to how important this is SANS ISC raised from green to yellow threat level. I'm still curious as to what the VPN issue was and how this has gone unnoticed for so long. I would like to see that information.
  • alias454alias454 Member Posts: 648
    At least they found it. How many other compromised products are out there no on even knows about yet? That's the scary part.

    Not trying to pick on Juniper or any other company for that matter but isn't it time to start asking some tough questions? How do we stop it? As consumers of these products, how do we as an industry start to make it known we won't stand for poor practices or poor quality products? At some point, some liability is going to have to shift back to the companies pushing this stuff out into the market. Does this constitute gross negligence? I think to Juniper's credit they released their initial announcement pretty quickly but similar to Target, that doesn't make me sleep any better.

    Again. this is not specific to Juniper or Cisco or any other company
    https://isc.sans.edu/forums/diary/Infocon+Yellow+Juniper+Backdoor+CVE20157755+and+CVE20157756/20521/
    Malicious Cisco router backdoor found on 79 more devices, 25 in the US | Ars Technica
    https://www.fireeye.com/blog/threat-research/2015/09/synful_knock_-_acis.html
    When a single e-mail gives hackers full access to your network | Ars Technica

    http://www.computerworld.com/article/2921388/network-security/insecure-routers-hacked-yet-again.html
    http://w00tsec.blogspot.com/2015/11/arris-cable-modem-has-backdoor-in.html
    “I do not seek answers, but rather to understand the question.”
  • Params7Params7 Member Posts: 254
    And Cisco devices have been known to be bugged by NSA before they get shipped internationally:
    Photos of an NSA
  • JDMurrayJDMurray MSIT InfoSec CISSP SSCP GSEC EnCE C|EH Cloud+ CySA+ CASP+ PenTest+ Security+ Surf City, USAAdmin Posts: 12,273 Admin
    There was a SANS Webcast released with early technical details on the Juniper vulnerabilities (you will need a free account on sans.org to view it): https://www.sans.org/webcasts/juniper-screenos-backdoor-101482/


    The podcast Security Now! (Episode 539, 12/22/2015) by Steve Gibson (www.grc.com/securitynow.htm) contains an in-depth explanation of the Juniper vulnerabilities. The discussion is from 00:26:45 to 00:59:10 in the video stream.

    Show page: https://twit.tv/shows/security-now/episodes/539?autostart=false
    Show notes (PDF): https://www.grc.com/sn/SN-539-Notes.pdf

    The following links will become available after the holidays:
    Show archive: https://www.grc.com/securitynow.htm#539
    Show transcript (PDF): https://www.grc.com/sn/sn-539.pdf
  • DevilWAHDevilWAH Member Posts: 2,997 ■■■■■■■■□□
    Alias454,

    I dont think you can call it gross negligence, this is what happens when people develop things, especially when code is shared so much as it is now. You get one tiny chunk of code amongst thousands that when you implement are thought to be secure. then going forward you have to keep track of every line of code and insure it is not now a know exploit. this is a massive task when like windows for example you have over 50,000,000 lines of code. First of all you have to hope the coders have recorded every thing they have done and that you have people reviewing the current list of know exploites and comparing them to your products.

    This is a never ending job, so all companies need to balance time spent on securing there code with developing and making a profit.

    We should expect them to do a good job but we know that some times they will fail, this is why its important to insure security in our organisations is good and we dont simple assume that devices and technologies out of the box will protect us.
    • If you can't explain it simply, you don't understand it well enough. Albert Einstein
    • An arrow can only be shot by pulling it backward. So when life is dragging you back with difficulties. It means that its going to launch you into something great. So just focus and keep aiming.
  • varelgvarelg Banned Posts: 790
    DevilWAH wrote: »
    Alias454, ]

    This is a never ending job, so all companies need to balance time spent on securing there code with developing and making a profit.

    We should expect them to do a good job but we know that some times they will fail, this is why its important to insure security in our organisations is good and we dont simple assume that devices and technologies out of the box will protect us.
    Devices and technologies that protect out of the box is actually how they are marketed and why they are bought by people. People buy them and install them so they don't have to think of looking over their back all the time and want tol be able to focus on their business.
    Doing a good job on software development: typical open-source developer skips on testing and documentation all the time so other developers (and companies) see how FOSS gets away with it and think "if they are getting away with non-documentation and absence of testing, why shouldn't we?"
  • varelgvarelg Banned Posts: 790
    bigdogz wrote: »
    This is what happens when things are made in other countries.
    NSA is an agency of the government of which country again?
    Even the title is laughable- foreign intervention- and coming from... CNN?! The leader in balanced reporting...icon_thumright.gif
    How many breaches of security that were attributed to foreign hackers were actually later proven to come from NSA itself? Which agency pressed disk major disk manufacturers into installing rootkits as firware in their products? With a "watchdog" like this there's no need of foreign intervention.
Sign In or Register to comment.