US congressional probe to investigate who placed the backdoor code into Juniper’s firewall software
The US Congress has launched an investigation after the discovery of backdoor code in firewalls belonging to Juniper Networks last month.
Juniper warned its customers that a “recent code review” had uncovered an “unauthorised” backdoor code in its NetScreen firewalls that could allow spying on VPNs.
That discovery prompted rival Cisco to also check all of its products for any unauthorised backdoor code. Juniper has already patched the backdoor.
The US investigation into the matter will be conducted by the House Committee on Oversight and Government Reform, according to Reuters.
The initial purpose of the probe is to determine which US government agencies, many of which use Juniper gear, may have been compromised because of this backdoor vulnerability.
But it seems that the investigation will also examine the origin of the backdoor and whether any US intelligence agency, such as the National Security Agency (NSA), played a role in the matter.
The head of the committee’s technology subcommittee is Republican Congressman Will Hurd, who told Reuters that the committee would also probe the origins of the breach. If it turns out that a backdoor was included at a US government agency’s request, he said, that should help change the policy debate.
Both the NSA and Juniper did not respond to a request for comment.
Who Did It?
The discovery of the “unauthorised” VPN-breaking code will no doubt raise questions as to who placed the code there. Fingers will likely be pointed at the NSA in light of the Edward Snowden revelations, but it is also possible that a foreign entity was involved.
Edward Snowden has previously revealed that NSA agents had intercepted network gear from Cisco Systems as it was shipped to a customer, and had installed covert firmware.
The tech industry is firmly opposed to governmental backdoors and indeed attempts by law enforcement to weaken or compromise their systems in any way. But vulnerabilties in tech kit are not exactly uncommon.
It remains to be seen whether this congressional probe will be able to uncover who was actually responsible for the Juniper backdoor.
Are you a security pro? Try our quiz!