It’s possible the bug was put there by a nation-state, he says, but “I would guess that it is just as likely that this is a human error and someone put something in ignorantly or for debugging that they forgot to take out.”
“People have been quick to say that this is linked to the NSA/InfoSec community in the [U.S. government], but I seriously doubt that. ... This was something IN the code, and it was introduced in the last few years after the product was REALLY mature.”
But the wording of the Juniper announcement – it pins the problem on “unauthorized code” – makes Pironti think it was an implant, software placed in the operating system intentionally to facilitate attacks. “Unauthorized code, to me, means an implant. It’s not like someone fat-fingered an entry.”
Sign up for CIO Asia eNewsletters.