Juniper Networks, a US government subcontractor, has been compromised in a hack that could have exposed countless classified communications over the past three years.
The hackers, who have yet to be officially identified, introduced code to create a backdoor on systems commonly used by government employees — many of whom presumably have high security clearances. According to Juniper, it looks like the malicious code could have been present as early as September 2012.
CNN quotes an anonymous government official who explains that it’s the hacking equivalent to “stealing a master key to get into any government building.” The sophistication of the back door’s installation and the targets lead the FBI to believe that it’s the work of a foreign government.
The breach is believed to be the work of a foreign government, U.S. officials said, because of the sophistication involved. The U.S. officials said they are certain U.S. spy agencies themselves aren’t behind the back door. China and Russia are among the top suspected governments, though officials cautioned the investigation hasn’t reached conclusions.
It’s not yet clear what if any classified information could be affected, but U.S. officials said the Juniper Networks equipment is so widely used that it may take some time to determine what damage was done.
Juniper has released a patch on Thursday that it is urging both US government and private companies to install immediately. The only thing we know for sure is that this is far from the first time that something like this has happened. Nor will it be the last.