[Dailydave] Cyber Norms and the Juniper backdoor

Darkpassenger darkpassenger at unseen.is
Sun Dec 20 09:25:22 EST 2015 

let me point out that you are mixing two whole different area of
decision making here -- Cyber Policy and Warfare Strategy .

dont know anything about Juniper shit , but , your stress on "legal"
behavior norm of usg is the root of the evil in your point of view .
osint on sensible data out there simply proves usg and allies have
been doing very shady jobs when there is strategic value in a move
whether it is legal or not -- whatever we call the law . same thing
could be realized from other players -- .ru .cn .ir

although Stuxnet is still on some headlines i am going to take you
way too much back -- 1982 . take a look at book "at the abyss" or
here [1] for a more offensive reference to the incident . us army
fcked with ussr through Canadian fronts to hurt the reds by exploiting
natural gas pipes and a high ranking officer confesses that usg messed
with a commercial product for warfare advantages . so i'd say
it would be pretty close to usg's norm to do stuff of this same nature .
Regards
-dp

1 : slide 7 , 
https://cryptome.org/2015/10/parastoo-no-bullshit-attack.pdf

On 2015-12-18 06:24, Dave Aitel wrote:
> Recently Juniper announced they had two professional backdoors in their
> ScreenOS productline - one which allowed remote admin access and one
> which allowed for passive collection on VPN connections.
> 
> Twitter has, of course, exploded and many people are pointing at the 
> NSA
> or US Government as the culprits. *But nothing could be further from 
> the
> truth.* The USG could not legally covertly trojan the source code of a
> US company. And when the US trojans something, "Nobody but US" is the
> clear rule. I mean, "Nobody but US" is the only way to build a 
> backdoor,
> in any case. But the US is a stickler for it, and other countries are
> not. The Cisco interdiction pictures Snowden leaked are a clear
> indicator of our policy in this area: specificity when it comes to 
> targets.
> 
> More than that though, the US needs to stand up and declare from a
> policy perspective what the norm here is. Is trojaning a mass market
> product as out of bounds as the kinds of attacks that hit Sony 
> Pictures?
> If so, what are the consequences?  Keep in mind an attack like this
> could devastate Juniper's market value.
> 
> Imagine if we found out Microsoft Windows had been backdoored by the
> Chinese. Is that acceptable? Are we willing to say that we won't trojan
> Huawei routers? What WILL and WON'T we do in the future? We need to be
> clear about this. We should probably stop talking about export control
> for exploits for awhile and start developing a real and public cyber
> policy, if we want to succeed at our goals of a safer, more trustworthy
> Internet.
> 
> If we ask for legal backdoors in products, people are going to put
> illegal backdoors in them and there's nothing we can say about it. :(
> 
> -dave
> 
> 
> 
> _______________________________________________
> Dailydave mailing list
> Dailydave at lists.immunityinc.com
> https://lists.immunityinc.com/mailman/listinfo/dailydave

More information about the Dailydave mailing list