Oversight investigating possible backdoor in government networks

Oversight investigating possible backdoor in government networks
© Getty Images

The House Oversight Committee is investigating the government’s use of a vulnerable technology that some fear could have allowed foreign governments to snoop on encrypted U.S. communications.

Late last week, the committee sent out letters to 24 departments and agencies asking about the compromised software.


The inquiry comes after it was revealed in December that many government agencies had been using a security tool for years with an unauthorized backdoor planted in it.

Many immediately surmised that the nefarious code had been placed there by a foreign government with the hopes of infiltrating the entire U.S. government network.

One U.S. official described the situation to CNN as akin to "stealing a master key to get into any government building."

Others noted the backdoor may have been repurposed from a tool the National Security Agency (NSA) had initially created.

The flaw, which apparently existed for at least three years, was in a virtual private network (VPN) software that is used to protect data.

The company behind the software, Juniper Networks, released a patch within days of announcing the defect, calling it the “highest priority” update. Juniper also decided in early January to no longer rely on an NSA-approved encryption algorithm, because of fears the NSA may have indirectly helped create the backdoor.

But the House Oversight Committee still wants to know exactly what government data may have been exposed, and whether agencies have appropriately updated their software.

The committee sent out letters to a wide range of agencies, from the Department of Defense, to the Department of Health and Human Services, to the State Department and the Office of Personnel Management, which suffered its own extensive hacks this past summer.

In the letter, the lawmakers ask which offices may have used the affected technology and whether any officials had discovered the vulnerability before Juniper announced it in mid-December.

In addition to Oversight Chairman Jason ChaffetzJason ChaffetzTop Utah paper knocks Chaffetz as he mulls run for governor: ‘His political career should be over’ Boehner working on memoir: report Former GOP lawmaker on death of 7-year-old migrant girl: Message should be ‘don't make this journey, it will kill you' MORE (R-Utah) and ranking member Elijah Cummings (D-Md.), the letter is signed by a number of the panel’s more tech-focused members.

Rep. Will Hurd (R-Texas), who heads the Subcommittee on Information Technology, signed on, as did his subpanel’s ranking member, Rep. Robin Kelly (D-Ill.), and vice chairman, Rep. Blake FarentholdRandolph (Blake) Blake FarentholdFormer Texas lawmaker Blake Farenthold resigns from lobbying job Congress sends bill overhauling sexual harassment policy to Trump's desk Senate approves bill reforming Congress's sexual harassment policy MORE (R-Texas).

Rep. Ted Lieu (D-Calif.), a vocal proponent of encryption, also signed the letter, as did Rep. Paul GosarPaul Anthony GosarMcCarthy, allies retaliate against Freedom Caucus leader On The Money: Trump says he won't declare emergency 'so fast' | Shutdown poised to become longest in history | Congress approves back pay for workers | More federal unions sue over shutdown The 7 Republicans who voted against back pay for furloughed workers MORE (R-Ariz.).