Congress wants to know if agencies were compromised by the backdoor in Juniper gear (and where it came from)

The House Committee on Oversight and Government Reform has asked dozens of agencies in the US government to disclose whether they used switches made by Juniper, the disgraced US network technology giant that had at least two backdoors inserted into the software for one of its most popular product-lines.

Word of the backdoors came to light in late December, when the company announced that it would remediate the vulnerabilities immediately. However by early January it was clear that the company had deliberately left some fo the vulnerabilities intact, accompanied by evidence that Juniper had assisted someone — likely a US government agency — in compromising its products. The next day, the company finally announced that it would comprehensively remove the compromised code.

Rep. Will Hurd (R-TX) chairs the technology subcommittee of Oversight and Government Reform, and is a former CIA operative. He is behind the probe, and says that he is also interested in discovering whether a US government agency is responsible for the backdoors themselves (cough NSA cough).

The earliest Juniper back door identified by researchers used a technique widely attributed to the NSA…

U.S. law enforcement and intelligence agencies have long lobbied in vain for legislation that would require technology companies to provide back doors in equipment that use encryption technology. They say they need such access to conduct authorized wiretaps and other types or surveillance…

"How do we understand the vulnerabilities that created this problem and ensure this kind of thing doesn't happen in the future?" Hurd said. "I don't think the government should be requesting anything that weakens the security of anything that is used by the federal government or American businesses."

Congress to probe Juniper 'back door' exposure, possible U.S. involvement
[Joseph Menn/Reuters]