Meanwhile, Congress is being kept in the dark
A security breach discovered at a California-based software and hardware company has many officials worried, including U.S. Congressman Will Hurd of Texas.
Rep. Hurd expressed his concerns over the breach in a Wall Street Journal op-ed explaining that foreign hackers may “have been reading the encrypted communications of U.S. government agencies for the past three years.” Juniper Networks provides network equipment and routers to the U.S. government that are believed to be used by the Defense Department, FBI, Justice Department, and Treasury Department.
— Rep. Will Hurd (@HurdOnTheHill) January 27, 2016
The company announced last month that an unauthorized backdoor had been been written into its ScreenOS software and that it may have occurred as early as 2013. Someone managed to gain access to Juniper’s systems and write “unauthorized code.” The added code or unauthorized backdoor “could allow a knowledgable attacker to gain administrative access.”
Juniper explained that it was not aware of “malicious exploitation” of the security vulnerabilities, but also said that hackers would have removed all trace of their activities, thus making any exploitation impossible to detect.
With the announcement, the company provided a patch and urged clients to install it immediately.
U.S. officials said it is not clear who added the unauthorized source code but suspect it was the work of a foreign government.
Rep. Hurd expressed the urgency of the situation and the government’s overall lack of transparency in addressing the breach:
“The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor. Without a complete inventory of compromised systems, lawmakers are unable to determine what adversaries stole or could have stolen.
If government systems have yet to be fixed then adversaries could still be stealing sensitive information crucial to national security. The Department of Homeland Security is furiously working to determine the extent to which the federal government used ScreenOS. But Congress still doesn’t know the basic details of the breach.”
Hurd and 6 other members of the House Committee on Oversight and Reform penned a letter to 24 federal agency heads demanding a list of the systems using the affected Juniper products, as well as whether or not they have installed the patch. Hurd also sits on the House Homeland Security Committee and is chairman of an IT subcommittee.
The breach is a testament to the vulnerability of enabling backdoor access. Authorized backdoors are used by law enforcement to bypass encryption, but can open up an otherwise secure government interface to additional vulnerabilities it is unprepared for.
[Featured image: Wikimedia]