Category: NSA

Jan 10 2016

Juniper drops NSA-developed code following new backdoor revelations

(credit: Juniper)

Juniper Networks, which last month made the startling announcement its NetScreen line of firewalls contained unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks, said it will remove a National Security Agency-developed function widely suspected of also containing a backdoor for eavesdropping.

The networking company said in a blog post published Friday that it will ship product releases in the next six months that remove the Dual_EC_DRBG random number generator from NetScreen firewalls. Security researchers have known since 2007 that it contains a weakness that gives knowledgeable adversaries the ability to decrypt encrypted communications that rely on the function. Documents provided by former NSA subcontractor Edward Snowden showed the weakness could be exploited by the US spy agency, The New York Times reported in 2013.

A month after the NYT report was published, Juniper officials wrote in a knowledge base article that NetScreen encryption couldn't be subverted by the weakness because Dual_EC_DRBG wasn't the sole source for generating the random numbers needed to ensure strong cryptography. The Juniper post said NetScreen also relied on a separate random number generator known as ANSI X.9.31 that made it infeasible to exploit the Dual_EC_DRBG weaknesses. Random number generators are a crucial ingredient in strong cryptography. Their role is similar to the shaking of dice at a craps table and ensure that keys contain enough entropy to make them infeasible to guess or predict.

Read 5 remaining paragraphs | Comments

Jan 10 2016

Juniper drops NSA-developed code following new backdoor revelations

(credit: Juniper)

Juniper Networks, which last month made the startling announcement its NetScreen line of firewalls contained unauthorized code that can surreptitiously decrypt traffic sent through virtual private networks, said it will remove a National Security Agency-developed function widely suspected of also containing a backdoor for eavesdropping.

The networking company said in a blog post published Friday that it will ship product releases in the next six months that remove the Dual_EC_DRBG random number generator from NetScreen firewalls. Security researchers have known since 2007 that it contains a weakness that gives knowledgeable adversaries the ability to decrypt encrypted communications that rely on the function. Documents provided by former NSA subcontractor Edward Snowden showed the weakness could be exploited by the US spy agency, The New York Times reported in 2013.

A month after the NYT report was published, Juniper officials wrote in a knowledge base article that NetScreen encryption couldn't be subverted by the weakness because Dual_EC_DRBG wasn't the sole source for generating the random numbers needed to ensure strong cryptography. The Juniper post said NetScreen also relied on a separate random number generator known as ANSI X.9.31 that made it infeasible to exploit the Dual_EC_DRBG weaknesses. Random number generators are a crucial ingredient in strong cryptography. Their role is similar to the shaking of dice at a craps table and ensure that keys contain enough entropy to make them infeasible to guess or predict.

Read 5 remaining paragraphs | Comments

Dec 15 2015

Fact-checking the debate on encryption

As politicians and counter-terrorism officials search for lessons from the recent attacks in Paris and San Bernardino, California, senior officials have called for limits on technology that sends encrypted messages.

It's a debate that has repeatedly recurred for more than a decade.In the 1990s, the Clinton Administration directed technology companies to store copies of their encryption keys with the government. That would have given the government a "backdoor" to allow law enforcement and intelligence agencies easy access to encrypted communications. That idea was dropped after sharp criticism from technologists and civil liberties advocates.

More recently, intelligence officials in Europe and the United States have asserted that encryption hampers their ability to detect plots and trace perpetrators. But many have questioned whether it would be practical or wise to allow governments widespread power to read encrypted messages.

Read 36 remaining paragraphs | Comments

Oct 26 2015

Top German official infected by highly advanced spy trojan with NSA ties

A diagram of the Regin platform. (credit: Kaspersky Lab)

German Chancellor Angela Merkel may not be the only high-ranking leader from that country to be spied on by the National Security Agency. According to a report published over the weekend, German authorities are investigating whether the head of the German Federal Chancellery unit had his laptop infected with Regin, a highly sophisticated suite of malware programs that has been linked to the NSA and its British counterpart, the Government Communications Headquarters.

As Ars reported almost 12 months ago, Regin is among the most advanced pieces of malware ever discovered, with dozens of modules that can be used to customize attacks on targets in the telecommunications, hospitality, energy, airline, and research industries. Its technical DNA bears some resemblance to previously discovered state-sponsored malware, including the espionage trojans known as Flame and Duqu, as well as Stuxnet, the computer worm and trojan that the US and Israel reportedly unleashed to disrupt Iran's nuclear program.

According to research published last year by security firm Kaspersky Lab, Regin was used to infect more than 100 targets and has been active since 2008. Kaspersky Lab researchers went on to say that the targets included Belgacom, the partly state-owned Belgian telecom, and Jean-Jacques Quisquater, a prominent Belgian cryptographer. Documents leaked by former NSA subcontractor Edward Snowden have further linked Regin to the NSA, specifically to an NSA attack tool dubbed QWERTY. According to German magazine Der Spiegel, QWERTY is a keylogging plugin that's part of a much larger framework described in Snowden-leaked documents as WARRIORPRIDE. The takeaway is that Regin and WARRIORPRIDE are the same thing.

Read 3 remaining paragraphs | Comments