NSA: We’ve learned our lesson after foreign spies used one of our crypto backdoors – but we can’t say how exactly

Originally written for and posted on The Register. This should be a major wake up call to just how much of your data is not just being collected, but monitored and analyzed, and not even from our own agencies. If you’re not getting serious and having a realistic look at how to communicate off-grid, you’re in for a serious wakeup call. This ain’t the 90s or the late 2000s. Stop acting like it. – NCS

It’s said the NSA drew up a report on what it learned after a foreign government exploited a weak encryption scheme, championed by the US spying agency, in Juniper firewall software.

However, curiously enough, the NSA has been unable to find a copy of that report.

On Wednesday, Reuters reporter Joseph Menn published an account of US Senator Ron Wyden’s efforts to determine whether the NSA is still in the business of placing backdoors in US technology products.

Wyden (D-OR) opposes such efforts because, as the Juniper incident demonstrates, they can backfire, thereby harming national security, and because they diminish the appeal of American-made tech products.

But Wyden’s inquiries, as a member of the Senate Intelligence Committee, have been stymied by lack of cooperation from the spy agency and the private sector. In June, Wyden and various colleagues sent a letter to Juniper CEO Rami Rahim asking about “several likely backdoors in its NetScreen line of firewalls.”

Juniper acknowledged in 2015 that “unauthorized code” had been found in ScreenOS, which powers its NetScreen firewalls. It’s been suggested that the code was in place since around 2008.

The Reuters report, citing a previously undisclosed statement to Congress from Juniper, claims that the networking biz acknowledged that “an unnamed national government had converted the mechanism first created by the NSA.”

Wyden staffers in 2018 were told by the NSA that a “lessons learned” report about the incident had been written. But Wyden spokesperson Keith Chu told Reuters that the NSA now claims it can’t find the file. Wyden’s office did not immediately respond to a request for comment.

The reason this malicious code was able to decrypt ScreenOS VPN connections has been attributed to Juniper’s “decision to use the NSA-designed Dual EC Pseudorandom Number Generator.”

The company has yet to clarify exactly why it made that decision. Juniper did not respond to a request for comment.

When former NSA contractor Edward Snowden leaked agency secrets in 2013, Reuters reported that years earlier security firm RSA, now part of storage biz EMC, had accepted a $10m contract with the NSA to use Dual Elliptic Curve, or Dual EC, encryption. RSA at the time denied some of the claims without disputing the existence of the contract.

The NSA had been keen to see Dual EC adopted and worked with the US Commerce Department to promote it. But in 2007, two Microsoft researchers reported there were serious flaws with the Dual Elliptic Curve Deterministic Random Bit Generator that led it to produce weak cryptography. By 2014, US standards agency NIST withdrew support for Dual EC.

Juniper at some point between 2008 and 2009 appears to have added Dual EC support to its products at the request of “a single customer,” widely believed to be the NSA.

After Snowden’s disclosures about the extent of US surveillance operations in 2013, the NSA is said to have revised its policies for compromising commercial products. Wyden and other lawmakers have tried to learn more about these policies but they’ve been stonewalled, according to Reuters.

The NSA also declined to provide backdoor policy details to Reuters, stating that it doesn’t share “specific processes and procedures.” The news agency says three former senior intelligence officials have confirmed that NSA policy now requires a fallout plan with some form of warning in the event an implanted back door gets discovered and exploited.