Quote:Members of Congress are demanding the U.S. National Security Agency (NSA) reveal what it knows about the 2015 Juniper Networks supply-chain delivery breach. In a letter sent by U.S. Senator Ron Wyden and nine additional members of Congress, the lawmakers demand a full account of the NSA-designed encryption algorithm compromised in 2015.
Sparking the inquest is the massive SolarWinds supply-chain attack. In their letter sent last week to the NSA, lawmakers suggest the spy agency is lacking effective oversight of software supply-chains relied upon by the U.S. government and private industry.
“In 2015, Juniper revealed a security breach in which hackers modified the software the company delivered to its customers,” a Wyden statement read. “Researchers subsequently discovered that Juniper had been using an NSA-designed encryption algorithm, which experts had long argued contained a backdoor, and that the hackers modified the key to this backdoor.”
A chief bone of contention among lawmakers is the allegation that the NSA’s “Dual_EC_DRBG” algorithm – submitted to National Institute of Standards and Technology (NIST) – contained an encryption backdoor for the spy agency. The move, lawmakers suggest, concerns Congress because it appears to be a tacit endorsement of weak encryption.
“The American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies were compromised with malware snuck into the company’s software updates,” the members wrote.
Read more: https://threatpost.com/solarwinds-nsa-en...on/163561/
![[-]](https://www.geeks.fyi/images/collapse.png)
