Dailydave mailing list archives

Re: Cyber Norms and the Juniper backdoor

From: Darkpassenger <darkpassenger () unseen is>
Date: Sun, 20 Dec 2015 06:25:22 -0800

let me point out that you are mixing two whole different area of
decision making here -- Cyber Policy and Warfare Strategy .

dont know anything about Juniper shit , but , your stress on "legal"
behavior norm of usg is the root of the evil in your point of view .
osint on sensible data out there simply proves usg and allies have
been doing very shady jobs when there is strategic value in a move
whether it is legal or not -- whatever we call the law . same thing
could be realized from other players -- .ru .cn .ir

although Stuxnet is still on some headlines i am going to take you
way too much back -- 1982 . take a look at book "at the abyss" or
here [1] for a more offensive reference to the incident . us army
fcked with ussr through Canadian fronts to hurt the reds by exploiting
natural gas pipes and a high ranking officer confesses that usg messed
with a commercial product for warfare advantages . so i'd say
it would be pretty close to usg's norm to do stuff of this same nature .
Regards
-dp

1 : slide 7 ,https://cryptome.org/2015/10/parastoo-no-bullshit-attack.pdf


On 2015-12-18 06:24, Dave Aitel wrote:

Recently Juniper announced they had two professional backdoors in their
ScreenOS productline - one which allowed remote admin access and one
which allowed for passive collection on VPN connections.

Twitter has, of course, exploded and many people are pointing at theNSAor US Government as the culprits. *But nothing could be further fromthe

truth.* The USG could not legally covertly trojan the source code of a
US company. And when the US trojans something, "Nobody but US" is the

clear rule. I mean, "Nobody but US" is the only way to build abackdoor,

in any case. But the US is a stickler for it, and other countries are
not. The Cisco interdiction pictures Snowden leaked are a clear

indicator of our policy in this area: specificity when it comes totargets.


More than that though, the US needs to stand up and declare from a
policy perspective what the norm here is. Is trojaning a mass market

product as out of bounds as the kinds of attacks that hit SonyPictures?

If so, what are the consequences?  Keep in mind an attack like this
could devastate Juniper's market value.

Imagine if we found out Microsoft Windows had been backdoored by the
Chinese. Is that acceptable? Are we willing to say that we won't trojan
Huawei routers? What WILL and WON'T we do in the future? We need to be
clear about this. We should probably stop talking about export control
for exploits for awhile and start developing a real and public cyber
policy, if we want to succeed at our goals of a safer, more trustworthy
Internet.

If we ask for legal backdoors in products, people are going to put
illegal backdoors in them and there's nothing we can say about it. :(

-dave



_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

_______________________________________________
Dailydave mailing list
Dailydave () lists immunityinc com
https://lists.immunityinc.com/mailman/listinfo/dailydave

Current thread:

Cyber Norms and the Juniper backdoor Dave Aitel (Dec 18)
- Re: Cyber Norms and the Juniper backdoor Arrigo Triulzi (Dec 18)
- Re: Cyber Norms and the Juniper backdoor Darkpassenger (Dec 20)