Tech company Juniper Networks recently announced that an unauthorized code was injected into its ScreenOS operating system which runs its VPN and firewall services.
Juniper Networks said that the malicious code can give attackers administrative access to devices running NetScreen and also decrypt VPN connections. Experts believe that the attack could have major consequences since the whole point of using a VPN connection is to keep connections secure, especially when using public Wi-Fi.
In a statement obtained by PC Mag, Juniper Networks said, "Once we identified these vulnerabilities, we launched an investigation into the matter, and worked to develop and issue patched releases for the latest versions of ScreenOS."
Juniper Networks reported the problem following an internal code review. The most important task now is finding the culprit. Speculations and rumors are currently pointing towards the National Security Agency, the secretive government agency with predilections for hacking switches, firewalls and routers.
Prior to the recent hack on Juniper Networks system, the company publicly announced that it did not work with the NSA in order to add backdoors into its system. In 2013, the company also claimed that its digital firewall was successfully penetrated by NSA specialists.
For now, NetScreen users running ScreeOS version 6.2.0r15 to version 6.2.0r18 and version 6.3.0r12 to version 6.3.0r20 are affected by the hack. Juniper Networks said that a patch has been released in order to fix the problem.
According to Venture Beat, the United States Department of Homeland Security is working with Juniper Networks in investigating the issue. Officials said that such a sophisticated attack can only be launched by a nation state or expertly trained criminals.