Oversight investigating possible backdoor in government networks
The House Oversight Committee is investigating the government’s use of a vulnerable technology that some fear could have allowed foreign governments to snoop on encrypted U.S. communications.
Late last week, the committee sent out letters to 24 departments and agencies asking about the compromised software.
{mosads}The inquiry comes after it was revealed in December that many government agencies had been using a security tool for years with an unauthorized backdoor planted in it.
Many immediately surmised that the nefarious code had been placed there by a foreign government with the hopes of infiltrating the entire U.S. government network.
One U.S. official described the situation to CNN as akin to “stealing a master key to get into any government building.”
Others noted the backdoor may have been repurposed from a tool the National Security Agency (NSA) had initially created.
The flaw, which apparently existed for at least three years, was in a virtual private network (VPN) software that is used to protect data.
The company behind the software, Juniper Networks, released a patch within days of announcing the defect, calling it the “highest priority” update. Juniper also decided in early January to no longer rely on an NSA-approved encryption algorithm, because of fears the NSA may have indirectly helped create the backdoor.
But the House Oversight Committee still wants to know exactly what government data may have been exposed, and whether agencies have appropriately updated their software.
The committee sent out letters to a wide range of agencies, from the Department of Defense, to the Department of Health and Human Services, to the State Department and the Office of Personnel Management, which suffered its own extensive hacks this past summer.
In the letter, the lawmakers ask which offices may have used the affected technology and whether any officials had discovered the vulnerability before Juniper announced it in mid-December.
In addition to Oversight Chairman Jason Chaffetz (R-Utah) and ranking member Elijah Cummings (D-Md.), the letter is signed by a number of the panel’s more tech-focused members.
Rep. Will Hurd (R-Texas), who heads the Subcommittee on Information Technology, signed on, as did his subpanel’s ranking member, Rep. Robin Kelly (D-Ill.), and vice chairman, Rep. Blake Farenthold (R-Texas).
Rep. Ted Lieu (D-Calif.), a vocal proponent of encryption, also signed the letter, as did Rep. Paul Gosar (R-Ariz.).
Copyright 2024 Nexstar Media Inc. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed..
