I have a feeling that this is how these agencies skirt the law: agency X is not allowed to do "A", so it helps agency B do it, and share the findings with X. And vice versa. So the GCHQ spies on Americans willy-nilly, and the Americans spy on Brits, with full knowledge of each other.
Worth considering: every serious SIGINT agency probably had this capability against Netscreen VPNs. If you do a lot of network infiltration, these boxes are among the most useful targets; unlike routers running JunOS, the VPN concentrators have a large outside-the-packet-filter attack surface, and everyone runs them.<p>It'd be surprising if NSA and GCHQ didn't have similarly powerful capabilities against all the current VPN products.
> ...it does make clear that, like the unidentified parties behind those hacks, the agencies found ways to penetrate the “NetScreen” line of security products...<p>It does? Sounds like this is a rather normal, expected, analysis. They're just reviewing products; probably they already had similar capabilities on IOS and wanted to make sure they could handle other targets or a shift in the market. This does not sound like getting backdoors placed, at all.<p>I hate to be suspicious or cynical here, but is this just The Intercept being opportunistic? Is there any reason to relate this to the recent "unauthorized code" issues?
Did The Intercept just publish a document about Juniper insecurity that they've had since 2013, or had they already published this?<p>If they hadn't already published it, why not? It could have done some good before, but does no good now.
Seems like a prime opportunity for a class action lawsuit. Juniper was selling a class of products that categorically did not do what it claimed. What would be interesting is their method of defense. As was pointed out to me in an earlier thread, companies have legal immunity when assuring the intelligence community with their work.[1] But Juniper already claims that they do not assist third parties to compromise their products. So they would either need to change their statements or be ineligible for this defense.
Not sure about whether it's subversion or basic hacking. You should assume, though, that they might have hacks in any common product that can be used for a security bypass. Here's why: IT markets usually become oligopolies where a few players products are all over the place. Firewalls, routers, VPN's, OS's on desktop, OS's on mobile, net configuration, build systems... handfuls of implementations in each dominate in market share. So, rather than beating everything, you can focus on 0-days in a tiny few to beat almost everyone [that matters to a TLA].<p>Another side of this coin is that they'll add to their hitlist whatever they encounter the most. They probably run into Juniper firewalls all the time. So, it's higher priority. Using high-quality, but lower-priority-to-them, components reduces you risk of being hit by them. So, one of my recommendations is to build/use strong systems, use diverse components of good quality, and obscure the workings of both at the interface. They'll trip your alarms trying to figure out what you're using before they hack you.
So how long has Glen Greenwald and others with access to the Snowden cache known about this?<p>There was only one Snowden cache. If the document was provided by Snowden, did we hear about it earlier?<p>Who has access to the Snowden cache now? Do we know?
Interesting that Juniper merely claims that putting in a backdoor or working with others to do the same is against their policy. They seem to be avoiding saying a very simple, clear statement: "We never have and never will intentionally compromise the security of or put backdoors into our products, whether for ourselves or on behalf of a third party". That they can't come out and say that makes their claims suspect.