Skip to main content

Sign up for our newsletter.

Quality journalism. Progressive values. Direct to your inbox.

'Normal' is killing us.

Donald Trump is out of the White House. COVID-19 is fading, at least in wealthier nations. The world, they say, is returning to “normal.” That’s the narrative that the corporate media is selling. But there’s a problem: “normal” is destroying our planet, threatening our democracies, concentrating massive wealth in a tiny elite, and leaving billions of people without access to life-saving vaccines amid a deadly pandemic. Here at Common Dreams, we refuse to accept any of this as “normal.” Common Dreams just launched our Mid-Year Campaign to make sure we have the funding we need to keep the progressive, independent journalism of Common Dreams alive. Whatever you can afford—no amount is too large or too small—please donate today to support our nonprofit, people-powered journalism and help us meet our goal.

Please select a donation method:

(Photo: AP)

If a Close US Ally Backdoored Juniper, Would NSA Tell Congress?

Marcy Wheeler

 by EmptyWheel

You may have heard that Juniper Networks announced what amounts to a backdoor in its virtual private networks products. Here’s Kim Zetter’s accessible intro of what security researchers have learned so far. And here’s some technical background from Matthew Green.

As Zetter summarizes, the short story is that some used weaknesses encouraged by NSA to backdoor the security product protecting a lot of American businesses.

They did this by exploiting weaknesses the NSA allegedly placed in a government-approved encryption algorithm known as Dual_EC, a pseudo-random number generator that Juniper uses to encrypt traffic passing through the VPN in its NetScreen firewalls. But in addition to these inherent weaknesses, the attackers also relied on a mistake Juniper apparently made in configuring the VPN encryption scheme in its NetScreen devices, according to Weinmann and other cryptographers who examined the issue. This made it possible for the culprits to pull off their attack.

As Green describes, the key events probably happened at least as early as 2007 and 2012 (contrary to the presumption of surveillance hawk Stewart Baker looking to scapegoat those calling for more security). Which means this can’t be a response to the Snowden document strongly suggesting the NSA had pushed those weaknesses in Dual_EC.

I find that particularly interesting, because it suggests whoever did this either used public discussions about the weakness of Dual_EC, dating to 2007, to identify and exploit this weakness, or figured out what (it is presumed) the NSA was up to. That suggests two likely culprits for what has been assumed to be a state actor behind this: Israel (because it knows so much about NSA from having partnered on things like StuxNet) or Russia (which was getting records on the FiveEyes’ SIGINT activities from its Canadian spy, Jeffrey Delisle).  The UK would be another obvious guess, except an Intercept article describing how NSA helped UK backdoor Juniper suggests they used another method.

Which leads me back to an interesting change I noted between CISA — the bill passed by the Senate back in October — and OmniCISA — the version passed last week as part of the omnibus funding bill. OmniCISA still required the Intelligence Community to provide a report on the most dangerous hacking threats, especially state actors, to the Intelligence Committees. But it eliminated a report for the Foreign Relations Committees on the same topic. I joked at the time that that was probably to protect Israel, because no one wants to admit that Israel spies and has greater ability to do so by hacking than other nation-states, especially because it surely learns our methods by partnering with us to hack Iran.

Whoever hacked Juniper, the whole incident offers a remarkable lesson in the dangers of backdoors. Even as FBI demands a backdoor into Apple’s products, it is investigating who used a prior US-sponsored backdoor to do their own spying.


© 2021 EmptyWheel.net
Marcy Wheeler

Marcy Wheeler

Marcy Wheeler writes the blog Emptywheel. and the "Right to Know" column for ExposeFactsorg. Her book, "Anatomy of Deceit: How the Bush Administration Used the Media to Sell the Iraq War and Out a Spy", provided a primer on the CIA Leak case surrounding Valerie Plame and her husband, Joe Wilson. She publishes at various outlets including the Guardian, Salon and the Progressive. Wheeler won the 2009 the Hillman Award for blog journalism.

This is the world we live in. This is the world we cover.

Because of people like you, another world is possible. There are many battles to be won, but we will battle them together—all of us. Common Dreams is not your normal news site. We don't survive on clicks. We don't want advertising dollars. We want the world to be a better place. But we can't do it alone. It doesn't work that way. We need you. If you can help today—because every gift of every size matters—please do. Without Your Support We Simply Don't Exist.

Lawmakers Tell Biden US Has 'Moral Obligation' to Ban Landmines

"If the United States takes these steps it will be welcomed around the world."

Andrea Germanos, staff writer ·


Report on ICE Reveals 'Cruelty and Coercion' Against Hunger Strikers

The U.S. agency's systemic response of "coercion and violence," said an ACLU attorney, "speaks to the inherently abusive and inhumane nature of immigration detention."

Jessica Corbett, staff writer ·


Proposed New Oil Field in Scotland Ahead of Glasgow Climate Talks Decried as 'Obscenity'

"If ministers are serious about facing up to the climate crisis they must end their support for climate wrecking fossil fuels at home and abroad."

Julia Conley, staff writer ·


'We're Not Going Away!' Nonviolent Protest Over Voting Rights Ends With Arrests in DC

"We're saying across this country, it's time for people... to march on these Senate offices," declared Rev. William Barber.

Jake Johnson, staff writer ·


Leaked IPCC Draft Climate Report 'Reads Like a 4,000-Page Indictment' of Humanity's Failure

"This is a warning of existential risk. Of survival. Of collapse," said Extinction Rebellion.

Andrea Germanos, staff writer ·