Pwnie Awards 2017

The 2016 Pwnie Award For Most Epic 0wnage

The Juniper Backdoor

Some Bad Ass Motherfuckers

Backdooring cryptographic routines makes them fragile, especially when you are trying to hide said backdoor as a neat coincidence between leaking a lot of key data, failing to use the normal default Q value, and just generally sucking at security engineering. We’re not saying Juniper was backdoored to start with, we’re just saying, hey, what a neat coincidence, and we respect the amount of work that went into that coincidence.

And the genius of the hackers who REBACKDOORED the backdoor is that all they had to do is change one simple number, the fake Q number, and nobody even noticed, because “Hey, we can’t decrypt that stream? Whatever. More where that came from.” is the standard SIGINT response.

Then later, they added an admin/password backdoor, just in case they didn’t have passive collection around a site, and wanted to get more active access.

Hat’s off to you, unknown (Russian) hackers.

There’s no CVE for this issue because CVE is dead.