Image 01 Image 03

U.S. Congressman Warns of Data Breach ‘You Haven’t Heard About’

U.S. Congressman Warns of Data Breach ‘You Haven’t Heard About’

Meanwhile, Congress is being kept in the dark

A security breach discovered at a California-based software and hardware company has many officials worried, including U.S. Congressman Will Hurd of Texas.

Rep. Hurd expressed his concerns over the breach in a Wall Street Journal op-ed explaining that foreign hackers may “have been reading the encrypted communications of U.S. government agencies for the past three years.” Juniper Networks provides network equipment and routers to the U.S. government that are believed to be used by the Defense Department, FBI, Justice Department, and Treasury Department.

The company announced last month that an unauthorized backdoor had been been written into its ScreenOS software and that it may have occurred as early as 2013. Someone managed to gain access to Juniper’s systems and write “unauthorized code.” The added code or unauthorized backdoor “could allow a knowledgable attacker to gain administrative access.”

Juniper explained that it was not aware of “malicious exploitation” of the security vulnerabilities, but also said that hackers would have removed all trace of their activities, thus making any exploitation impossible to detect.

With the announcement, the company provided a patch and urged clients to install it immediately.

U.S. officials said it is not clear who added the unauthorized source code but suspect it was the work of a foreign government.

Rep. Hurd expressed the urgency of the situation and the government’s overall lack of transparency in addressing the breach:

“The federal government has yet to determine which agencies are using the affected software or if any agencies have used the patch to close the backdoor. Without a complete inventory of compromised systems, lawmakers are unable to determine what adversaries stole or could have stolen.

If government systems have yet to be fixed then adversaries could still be stealing sensitive information crucial to national security. The Department of Homeland Security is furiously working to determine the extent to which the federal government used ScreenOS. But Congress still doesn’t know the basic details of the breach.”

Hurd and 6 other members of the House Committee on Oversight and Reform penned a letter to 24 federal agency heads demanding a list of the systems using the affected Juniper products, as well as whether or not they have installed the patch. Hurd also sits on the House Homeland Security Committee and is chairman of an IT subcommittee.

The breach is a testament to the vulnerability of enabling backdoor access. Authorized backdoors are used by law enforcement to bypass encryption, but can open up an otherwise secure government interface to additional vulnerabilities it is unprepared for.

[Featured image: Wikimedia]

DONATE

Donations tax deductible
to the full extent allowed by law.

Comments

Hopefully they got all hitlery’s yoga emails.
Seriously, we’ve been under cyber attack forever. He may be underestimating the actual cost at only $100 million as he explains in the book.
http://www.amazon.com/CRACK99-Takedown-Million-Chinese-Software/dp/0393249549

CRACK99: The Takedown of a $100 Million Chinese Software Pirate

A former U.S. Navy intelligence officer, David Locke Hall was a federal prosecutor when a bizarre-sounding website, CRACK99, came to his attention. It looked like Craigslist on acid, but what it sold was anything but amateurish: thousands of high-tech software products used largely by the military, and for mere pennies on the dollar. Want to purchase satellite tracking software? No problem. Aerospace and aviation simulations? No problem. Communications systems designs? No problem. Software for Marine One, the presidential helicopter? No problem. With delivery times and customer service to rival the world’s most successful e-tailers, anybody, anywhere―including rogue regimes, terrorists, and countries forbidden from doing business with the United States―had access to these goods for any purpose whatsoever.

    bvw in reply to 4fun. | January 27, 2016 at 7:23 pm

    By the natural larceny impulses more prevalent in the Red Chinese Army then ours (despite Sergeant Bilko and Milo Minderbinder, etc.) their e-spy program was caught. Amazing.

What is going unsaid is that Juniper Systems put backdoors into their systems at the request of government agencies ,

All this talk of banning encryption especially by Fiorina, and no one asks the question. Is it more important that we keep our systems secure and keep our secrets, or compromise our enemies systems and get their secrets.

I know most people would say both, but that’s just not gonna happen if we insist that companies deliberately build security holes in their systems.

    Florina’s words “”One of the places we need help is to deal with all of these encrypted communications, you can’t outlaw encryption. Encryption protects American consumers from identity theft, and all the rest of it. But we have to be able to work around it where necessary to give our investigators the information they need. I’d ask the private sector’s help in that.” Dec 14th 2015 The Daily Dot (found via google “fiorina encryption”)

    That’s not banning encryption. That’s maybe a back door, maybe a punt through a system update cycle directed to a specific user’s phone.

      DaveGinOly in reply to bvw. | January 27, 2016 at 11:17 pm

      There is a “work around” for encryption, it’s called a subpoena. The government may get a warrant to intercept your communications, but that doesn’t mean it has a right to understand it. The fact the people have never before been able to secure their communications from government understanding reflects a previous lack of capability, not the absence of a right to secure communications. However, government has understood what it intercepts for so long that it now believes it can demand that your private communications should be transparent to them. If government wants to understand your encrypted communications, they can always subpoena the encryption key.

Hillary will use this as a defense for her server. Everything is hacked anyway…. at this point what difference does it make?

JimMtnViewCaUSA | January 27, 2016 at 9:59 pm

People don’t realize the huge numbers of foreign nationals working at these companies. Lots of Chinese, enormous numbers of Indians and significant numbers of Russians for starters.
I’ve read that the Chinese in particular use a strategy of “a thousand grains of sand”. Even if your ex-pats don’t cooperate much with requests for info, the shear number of small, insignificant facts can allow surprising Intel breakthroughs when coordinated.

Our government is so fixated on reading teen sexts and grandma’s cookie recipe that they forget they aren’t the only ones listening.

something doesn’t smell right. No way Juniper is doing this but no Cisco.

Well thank goodness they found the one and only backdoor and patched it, so something can never, ever happen again, no sir Senator…