back to article Remember that backdoor in Juniper gear? Congress sure does – even if networking biz wishes it would all go away

A backdoor in Juniper's networking gear could provide key evidence in the case against government-mandated Feds-only access – yet the manufacturer has failed to produce a report on the matter, prompting US lawmakers to take action. A cross-party group of senators and House representatives today sent an open letter [PDF] to …

  1. Anonymous Coward
    Big Brother

    Backdoor scorecard

    Cisco - yes

    Juniper - yes

    Huawei - no

    1. Yet Another Anonymous coward Silver badge

      Re: Backdoor scorecard

      They aren't backdoors. We knew they were there - they're front doors

    2. theblackhand

      Re: Backdoor scorecard

      Correction:

      Cisco - yes

      Juniper - yes

      Huawei - YES

      All part of the same NSA TAO group exploits revealed by Der Spiegel. Just because Huaweis firewall products aren't as popular in the west doesn't make them invulnerable.

      1. Anonymous Coward
        Anonymous Coward

        Re: Backdoor scorecard

        OK, that's interesting. Do you have a link for that? No problem if it's in German.

        1. JetSetJim

          Re: Backdoor scorecard

          Apparently there's a backdoor via the Lawful Intercept Gateway, if you believe the Americans. They claim to have shared detailed info with the UK and Germany.

          FWIW, the Lawful Intercept Gateway is not supposed to be usable by the manufacturer, and is used for law enforcement personnel to trace individuals in the network as well as listen to their calls and see info about their data sessions. Assuming this is correct, it allows the manufacturer to initiate their own traces, bypassing law enforcement procedures.

          Saying that, it seems a bit of a stretch. The network equipment from all manufacturers allow for blanket collection of all information from all calls which is then written to file and can be used to analyse the network for performance issues. At the same time, you can scrape it for IMSIs if you were naughty - but in a lot of networks there are protections in place for casual IMSI fishing (at least encrypting the IMSIs, plus restricting access and auditing IMSI filtered queries). If there's a backdoor ftp then these files would be accessible (although the operator might notice the surge in bandwidth when the files are transferred).

          1. Anonymous Coward
            Anonymous Coward

            Re: Backdoor scorecard

            "FWIW, the Lawful Intercept Gateway is not supposed to be usable by the manufacturer"

            This isn't lawful intercept.

            And I would disagree with your characterisation of lawful intercept - it is clearly documented on all major vendors sites - it defines roles but doesn't guarantee they aren't abused. Naturally it provides auditing and other logging to show you are playing fairly but it assumes telcos are playing fairly to avoid wire tapping charges.

      2. Anonymous Coward
        Anonymous Coward

        Re: Backdoor scorecard

        I don't think you understand what a 'backdoor' is?

        unless you are suggesting that Huawei created a backdoor for the NSA to spy on its wn kit - that would be a little ironic.

        1. Anonymous Coward
          Anonymous Coward

          Re: Backdoor scorecard

          "unless you are suggesting that Huawei created a backdoor for the NSA to spy on its wn kit - that would be a little ironic"

          From reading other el Reg articles,I think it's more that Huawei created a few catflaps for testing but forgot remove or secure them and allowing any of the neighbourhood's tomcats to raid your fridge

        2. Snake Silver badge

          Re: Backdoors

          A "backdoor" is relative to the location of the "house". If two people are using P2P encryption between 2 devices, yet the ISP connecting them together can decrypt the channel, then it could be said that the P2P encryption from the perspective of the user has a "backdoor".

          The viewpoint is in the eye of the beholder, and what level of connection security was expected. Anything that can come in from an unexpected direction of connection to intercept data can be seen as a "backdoor", and that perception of direction depends upon the device's use.

          1. teknopaul

            Re: Backdoors

            A backdoor is deliberatly made. Not a flaw.

            Nowt to do with direction.

            1. Anonymous Coward
              Anonymous Coward

              Re: Backdoors

              And who made the back door?

              The TAO ASA/Netscreen/Huawei modifications all appear to have been implanted in-transit.

              The Netscreen encryption flaw mentioned in this article appears to have been carried out by someone working on the elliptic curve encryption code. Russia published information about avoiding certain RSA encryption codes (and US manufacturers disabled them) after they seemed to be vulnerable to brute force.

      3. theblackhand

        Re: Backdoor scorecard

        So many downvotes....

        Reference: https://en.wikipedia.org/wiki/File:NSA_HALLUXWATER.jpg

        If you are downvoting security references based on limited knowledge, maybe it's not knowledge but just biases and rumour? The NSA TAO leaks aren't exactly secret.

        1. Anonymous Coward
          Anonymous Coward

          Re: Backdoor scorecard

          That is not a Huawei backdoor that is an NSA insertion of a backdoor into a Huawei product using physical access or previously unknown software bugs and is not in the device from the manufacturer.

          For a claim of XYZ has a backdoor then XYZ would have to have inserted the backdoor themselves or be complicit in the introduction of that backdoor.

          If the ability to find insecurities in a product by nation level actors is counted as something having a backdoor then pretty much everything has or could have a backdoor. However it would b described as a vulnerabilty not a backdoor.

  2. John Savard

    Peace and Quiet

    Perhaps the NSA has advised Juniper that it can't disclose certain aspects of this matter, due to considerations of national security. Of course, it's a pity they couldn't have also told the Congressmen involved this.

    1. Maelstorm Bronze badge

      Re: Peace and Quiet

      The thing to consider here is that certain members of Congress do have top secret security clearances, such as those individuals on the intelligence oversight committee. The NSA cannot override a congressional subpoena. They can take it to court to get it squashed if there is something truly sensitive, but I doubt that.

      1. Snake Silver badge

        Re: Peace and Quiet

        Ave that's the total irony of our current crony totalitarianism: the very organisation (Congress) that created the entity (NSA) can be told that they (Congress) has no right to access data created by said entity (NSA), and be brought to court to try to enforce that belief.

        I thought this was a democracy, where the electorate or their appointed representatives have final word on everything that occurs. Thanks to pro-authoritarian GOP support, I guess we were very, very wrong.

        1. jason_derp

          Re: Peace and Quiet

          "I thought this was a democracy, where the electorate or their appointed representatives have final word on everything that occurs."

          You must be American. You guys have been redefining democracy for over a century now. If you thought that was how your country worked, you need to get out more.

        2. JohnSheeran

          Re: Peace and Quiet

          "I thought this was a democracy, where the electorate or their appointed representatives have final word on everything that occurs. Thanks to pro-authoritarian GOP support, I guess we were very, very wrong."

          It's actually a representative republic. If it were a democracy it would all need to go through the people. Since that's not workable at our current scale (or just about any scale) we have a republic. "We" are very, very, wrong about a lot of things.

          1. teknopaul

            Re: Peace and Quiet

            A representative republic is (meant to be) a representative democracy.

            Still a democracy.

            What you actually have in the states is rather less democratic than a representative republic ought to be, not because its a republic, but because the democracy has been corrupted, by Republicans arguing with Democrats.

  3. Anonymous Coward
    Anonymous Coward

    Love the way they are now openly admitting "government-mandated Feds-only backdoors" in American equipment.

    The house of cards is crumbling more every day.

    1. Doctor Syntax Silver badge

      "The house of cards is crumbling more every day."

      It won't be allowed to interfere with business as usual.

    2. JohnSheeran

      I think it's funny that the evidence against American companies having government mandated back doors is fully accepted but other countries doing the same thing is rejected. Especially when the other countries in question are known and accepted oppressors and human rights violators.

      There is no moral high ground when it comes to this sort of thing. It's most likely sour grapes from the US government that they don't have the same back doors into Huawei that China does.

  4. Maelstorm Bronze badge

    And here we go again...

    Perhaps this needed to happen to prove that government access only backdoors in software and equipment does not work and end the entire backdoored encryption debate. Having flawed encryption is worse than having no encryption at all because flawed encryption creates a false sense of security. Experts have testified before Congress indicating that the science says no.

  5. Julz
    Black Helicopters

    Sneeky

    Bits of code in firewalls and routers, pah. I remember the days of whole rooms in data centers that only special 'GPO' staff were allowed to enter. That's a proper back door.

    1. This post has been deleted by its author

    2. Doctor Syntax Silver badge

      Re: Sneeky

      "That's a proper back door."

      It's not a back door, it's a back room.

    3. John Jennings

      Re: Sneeky

      Pity that was the room where the kettle was - behind the door marked with 'beware of the leopard'*

      *Spurious Douglas Adams reference

  6. MarkET

    Switches and routers

    If someone already has that level of access it's game over, with or without backdoors.

    I remember the 'locked doors' of a certain telecom provider whilst testing Telex / digital interfaces a number (large) years ago...

    1. Anonymous Coward
      Anonymous Coward

      Re: Switches and routers

      It's game over for metadata. I wouldn't dream of transferring a sensitive file over my own network without encryption, let alone someone else's.

  7. David Shaw

    I’m surely not the only ‘GPO’ engineer to have plugged a handset into a circuit and checked for quality, left it plugged in and only occasionally listened? Some very foreign languages on those circuits....

    Trouble is this trunk access node / distribution node was at Vauxhall Cross, Sarf Lundon, and it’s now had an american Embassy built on top of it, is that a big backdoor, or a big frontdoor?

    Edit: actually, I suppose just knowing how many NKT wave division multiplexing fibres they had installed is a national s...

  8. batfink

    Clearly

    Juniper kit should be removed from all networks, now its shown to be insecure. The US should be refusing to share intelligence with any country still using it. Hello? Hello?

  9. Anonymous Coward
    Anonymous Coward

    The "experts" tell me that private ciphers are "very weak".......

    ....and it turns out that the same is true of public encryption too. Is any cipher safe. Perhaps mine is?

    *

    04RU1mSp0hL903Vg0v2X06Wm0TUn05fu0xCg1cCs

    0bkE1ahr1ZKV1EfO0bF=07PR0Njl0xHL18T90iMD

    0AmI1SnH1QIW1Kb807DC0iKG1afM0exx0q7g1kMG

    1VIh0VPG0X5k1XCF1JcE0yug0jBp11R919ME0wDg

    0nMO07XT1ci90b$c1Iab109n08bK0KuU02kO1I1e

    1jo60pmH0yDw01IT0Pir1bd81U=k0Uyh03RK0SFP

    1bqo0h3M0ckD0H=f0=6106Nx1YPD1N1w1JG31MhO

    1UNk13$c0PLf1Grw1Lhe1XY50nKQ1gBZ0mWo0W6c

    1j0Z0x7s0PaV0fA60Wj31avM0fRL1HTX179F

    *

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like