Jordan Robertson reports:
Days before Christmas in 2015, Juniper Networks Inc. alerted users that it had been breached. In a brief statement, the company said it had discovered “unauthorized code” in one of its network security products, allowing hackers to decipher encrypted communications and gain high-level access to customers’ computer systems.
Further details were scant, but Juniper made clear the implications were serious: It urged users to download a software update “with the highest priority.”
More than five years later, the breach of Juniper’s network remains an enduring mystery in computer security, an attack on America’s software supply chain that potentially exposed highly sensitive customers including telecommunications companies and U.S. military agencies to years of spying before the company issued a patch.
Read more on Yahoo.com. This is along and fascinating read.
And if you are on Twitter, Matthew Green has a great thread about this incident that begins here:
The story here, for those who may have forgotten 2015 (it was a long time ago!) is that the NSA inserted a backdoor into a major encryption standard and then leaned on manufacturers to install it. Thread. 1/
— Matthew Green (@matthew_d_green) September 2, 2021