Just shy of a week after Juniper revealed vulnerabilities in its firewall operating system, partners said a document saying that the NSA exploited the flaws to gain backdoor access to VPN connections has them concerned.
The document, provided by whistleblower Edward Snowden and published Wednesday by The Intercept, indicates that the NSA has cooperated with British counterpart GCHQ to exploit vulnerabilities in Juniper NetScreen firewall devices running the ScreenOS operating system.
The document release and the report come on the heels of almost a week of rumors that two vulnerabilities detailed by Juniper in its ScreenOS firewall operating system, including a vulnerability to decrypt VPN connections, could be linked to the NSA. Partners said the rumors and the latest document release have them on edge.
"It's a scary document for sure," said one partner executive, who did not want to be identified. "It makes you think how much of this is really going on and if Juniper has any say whatsoever in all this."
In a statement to CRN, Juniper, Sunnyvale, Calif., denied any knowledge of any NSA involvement.
"Juniper Networks operates with the highest of ethical standards, and is committed to maintaining the integrity, security, and quality of our products," a Juniper spokesperson said in an email. "As we've stated previously in a Juniper Security Advisory, it is against established Juniper policy to intentionally include 'backdoors' that would potentially compromise our products or put our customers at risk. Moreover, it is Juniper policy not to work with others to introduce vulnerabilities into our products."
Partners said they were getting more concerned calls from customers about the vulnerabilities, but that they were in general giving Juniper the benefit of the doubt when it comes to whether Juniper had intentionally become involved with the NSA.
"I don't think Juniper would play any role in something like this willingly," said one executive, who did not want to be identified. "Juniper is not going to hurt our company, but the NSA or these [foreign spy agencies] can, with something like this."
Dominic Grillo, executive vice president of Atrion Communications, a Branchburg, N.J.-based solution provider and longtime Juniper partner, agreed.