The recent breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were behind the infiltration. They may have been able to spy on the encrypted communications of the U.S. government and private companies for the past three years.
The cyber-attack involved hackers installing a back door on computer equipment, U.S. officials said, and the FBI is investigating the breach. Juniper has issued an emergency security patch that it urged customers to use to update their systems “with the highest priority.”
The main issue is that sophisticated hackers who compromised the equipment could use their access to get into any company or government agency that used it, which a U.S. official described it as “stealing a master key to get into any government building.”
Due to the level of sophistication involved, the breach is believed to be the work of a foreign government, U.S. officials said. China and Russia are among the top suspected governments, though officials cautioned the investigation hasn’t reached conclusions.
It’s not yet clear what if any classified information could be affected, but U.S. officials said the Juniper Networks equipment is so widely used that it may take some time to determine what damage was done.
Juniper Networks’ security fix is intended to seal a back door that hackers created in order to remotely log into commonly used VPN networks to spy on communications that were supposed to be among the most secure.
Juniper said that someone managed to get into its systems and write “unauthorized code” that “could allow a knowledgeable attacker to gain administrative access.”
Such access would allow the hacker to monitor encrypted traffic on the computer network and decrypt communications.
Juniper sells computer network equipment and routers to big companies and to U.S. government clients such as the Defense Department, Justice Department, FBI and Treasury Department. On its website, the company boasts of providing networks that “US intelligence agencies require.”
The company said it was also issuing a security fix for a separate bug that could allow a hacker to launch denial-of-service attacks on networks.