Skip to main content

GCHQ and NSA found security holes in Juniper back in 2011

Just a few days after Juniper Networks unveiled it had malicious code in its VPNs, allowing third parties unobstructed monitoring of all passing data, The Intercept (opens in new tab) says British spies from the GCHQ found holes in Juniper’s firewall in 2011, with the help of the NSA.

The Intercept calls for a document entitled “Assessment of Intelligence Opportunity – Juniper,” as its source.

“While it does not establish a certain link between GCHQ, NSA, and the Juniper hacks, it does make clear that, like the unidentified parties behind those hacks, the agencies found ways to penetrate the “NetScreen” line of security products, which help companies create online firewalls and virtual private networks, or VPNs.”

Juniper also said the malicious code was sitting in its networks for at least three years.

“The threat comes from Juniper’s investment and emphasis on being a security leader,” the document says. “If the SIGINT community falls behind, it might take years to regain a Juniper firewall or router access capability if Juniper continues to rapidly increase their security.”

“The ability to exploit Juniper servers and firewalls,” the document says, “will pay many dividends over the years.”

Both GCHQ and NSA didn’t comment on the discovery, while Juniper said it “operates with the highest of ethical standards, and is committed to maintaining the integrity, security, and quality of our products. As we’ve stated previously … it is against established Juniper policy to intentionally include ‘backdoors’ that would potentially compromise our products or put our customers at risk. Moreover, it is Juniper policy not to work with others to introduce vulnerabilities into our products.”

Sead Fadilpašić is a freelance tech writer and journalist with more than 17 years experience writing technology-focussed news, blogs, whitepapers, reviews, and ebooks. And his work has featured in online media outlets from all over the world, including Al Jazeera Balkans (where he was a Multimedia Journalist), Crypto News, TechRadar Pro, and IT Pro Portal, where he has written news and features for over five years. Sead's experience also includes writing for inbound marketing, where he creates technology-based content for clients from London to Singapore. Sead is a HubSpot-certified content creator.