The government may have used compromised software for up to three years, exposing national security secrets to foreign spies, according to lawmakers and security experts.
Observers increasingly believe the software defect derived from an encryption “back door” created by the National Security Agency (NSA). Foreign hackers likely repurposed it for their own snooping needs.
The House Oversight Committee has launched an investigation into the matter, but specialists and former government officials say confidentiality concerns might prevent the public from ever knowing if a breach occurred.
“There’s a lot of very sketchy stuff here,” said Matthew Green, a cryptology expert from Johns Hopkins University who has been reverse-engineering the compromised code.
The software vulnerability was spotted in December, when Juniper Networks, which makes a variety of IT products widely used in government, said it had found unauthorized code in its ScreenOS product.
Security experts said the code had been intentionally altered, and Juniper acknowledged that the alteration could let hackers infiltrate networks and decrypt traffic.
One U.S. official compared the alteration to “stealing a master key to get into any government building,” according to CNN.