Lawmakers grill NSA on years-old breach in the wake of massive Russian hack

Lawmakers grill NSA on years-old breach in the wake of massive Russian hack
© Greg Nash

A group of House and Senate Democrats led by Sens. Ron WydenRonald (Ron) Lee WydenThe first Southern state legalizes marijuana — what it means nationally A bold fix for US international taxation of corporations Democrats offer competing tax ideas on Biden infrastructure MORE (D-Ore.) and Cory BookerCory BookerThe first Southern state legalizes marijuana — what it means nationally Top Democrat calling for expansion of child care support When it comes to the Iran nuclear deal, what's a moderate Democrat to do? MORE (D-N.J.) this week grilled the National Security Agency (NSA) on a years-old breach of a company that potentially compromised the federal government in a similar way to the recently uncovered breach of IT group SolarWinds. 

The lawmakers sent a letter to the NSA on Thursday seeking answers on the breach of Juniper Networks as the federal government continues to grapple with the fallout from the discovery of the Russian hacking of SolarWinds, which compromised many federal agencies for the past year. 

“[T]he American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks,” the lawmakers wrote. “A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the company’s software updates.” 


The breach of Juniper Networks, revealed in 2015, involved investigators finding unauthorized code in one of the company’s products, with hackers making changes to an algorithm first created by the NSA that was used by Juniper, and customers compromised by the malicious code delivered in software updates. Federal agencies were among the company's customers, including the Department of Defense. 

The incident mirrored the recent SolarWinds breach. Federal officials believe Russia is behind a hack on SolarWinds software updates that allowed hackers to access the networks of up to 18,000 of the company’s customers for at least a year. Agencies that have confirmed they were impacted include the Commerce, Defense, Homeland Security, Justice and Treasury departments. 

The lawmakers on Thursday noted that Juniper has previously stated its belief that a nation state was also involved in its own security breach, which had been ongoing since 2012 when it was discovered. 

“This means that for approximately three years, a sophisticated adversary, possibly a foreign government, likely controlled a backdoor in Juniper’s products which could be used to decrypt communications to or from the many U.S. business and government agencies that were using Juniper’s products,” the lawmakers wrote. 

The lawmakers grilled the NSA on steps it had taken since 2015 to ensure that supply chain hacks, like the Juniper software breach, could not impact federal agencies, and why the NSA was unable to prevent the SolarWinds incident.


A spokesperson for the NSA declined to comment on the letter, which was co-signed by Democratic Reps. Tom MalinowskiThomas (Tom) MalinowskiMo Brooks calls Capitol rioters 'fools' House lawmakers fired up for hearing with tech CEOs Obama ties Biden priorities to ObamaCare anniversary: 'We've still got more work to do' MORE (N.J.), Pramila JayapalPramila Jayapal10 Democrats join NAACP lawsuit against Trump The strategy Biden needs to pass his infrastructure plan Gosar's siblings ratchet up criticism over Capitol riot MORE (Wash.), Ted LieuTed W. LieuMarjorie Taylor Greene offers bills to fire Fauci, ban vaccine passports Gaetz, on the ropes, finds few friends in GOP Five of the oddest moments from Carlson-Gaetz interview MORE (Calif.), Stephen LynchStephen Francis LynchUS wasted billions of dollars in Afghanistan: watchdog House Oversight requests Secret Service briefing on threats of extremist violence in wake of Capitol riot The Hill's Morning Report - Presented by Facebook - Republicans squeeze Biden with 0 billion COVID-19 relief alternative MORE (Mass.), Bill FosterGeorge (Bill) William FosterLawmakers say manufacturers are in better position to handle future pandemics Lawmakers grill NSA on years-old breach in the wake of massive Russian hack Hillicon Valley: WhatsApp delays controversial privacy update | Amazon hit with antitrust lawsuit alleging e-book price fixing | Biden launches new Twitter account ahead of inauguration MORE (Ill.), Suzan DelBeneSuzan Kay DelBeneTo encourage innovation, Congress should pass two bills protecting important R&D tax provision Lawmakers reintroduce legislation to secure internet-connected devices Hillicon Valley: House approves almost billion in cyber, tech funds as part of relief package | Officials warn of 'widespread' exploit of Microsoft vulnerabilities | Facebook files to dismiss antitrust lawsuits MORE (Wash.), Yvette ClarkeYvette Diane ClarkeHillicon Valley: Twitter will not allow Trump account archive on platform | Commerce Dept. still weighing approach to Huawei, TikTok | Dating apps work to reinvent amid COVID-19 pandemic Key House leader to press for inclusion of cybersecurity in infrastructure bill Biden risks first major fight with progressives MORE (N.Y.) and Anna EshooAnna Georges EshooBiden clean electricity standard faces high hurdles House Democrats introduce carbon pricing measure House Democrats target HHS 'sunset' rule with Congressional Review Act MORE (Calif.).

Reuters reported last year that Wyden previously led a separate letter sent to Juniper Networks asking about the status of the company’s investigation into the 2015 incident. 

“Juniper’s experiences can provide a valuable case study about the dangers of back doors, as well as the apparent ease with which government back doors can be covertly subverted by a sophisticated actor,” Wyden and multiple other bipartisan lawmakers wrote to Juniper in June, according to Reuters.