Security Bugs in Widely-Used Juniper System Might Have Been Planted by Foreigners

There is a concern that hackers working for a nation state were able to spy on the encrypted communications of the federal government and companies for the past several years.

The breach involved hackers installing a backdoor on computer equipment, U.S. officials told CNN.

Juniper disclosed the existence of the security vulnerabilities on Dec. 17, and issued an emergency security patch.

The security fix is intended to seal the backdoor, which the attackers created in order to remotely log into commonly-used VPN networks to eavesdrop on communications that were supposed to be secure.

Homeland Security Department officials are now trying to determine how many affected systems are in use on federal networks.

U.S. officials said it's not clear how the Juniper source code was altered, whether by an outside attacker or an insider.  

Juniper said that someone managed to get into its systems and write "unauthorized code" that "could allow a knowledgeable attacker to gain administrative access."

One U.S. official described the situation as akin to "stealing a master key to get into any government building."

Such access would allow the hacker to monitor encrypted traffic on the computer network and decrypt communications.

The work to alter millions of lines of source code is sophisticated. The program was compromised for three years before Juniper uncovered it during a routine review in recent weeks.

China and Russia are among the top suspected governments, though officials cautioned the investigation hasn't reached conclusions.

“It's not yet clear what if any classified information could be affected, but U.S. officials said the Juniper Networks equipment is so widely used that it may take some time to determine what damage was done,” CNN reports.