Following the recent SolarWinds hack, members of Congress asked the NSA to explain how they protect the government from supply chain attacks. The SolarWinds hack has affected multiple organizations and left many questions unanswered. How did hackers manage to breach the company? Why did they carry out the attack? And could it happen again?
SolarWinds sells software that allows you to monitor your computer networks, and is used by many institutions and companies in the US and beyond. Hackers inserted malicious code into a legitimate software update, which was then installed by 18,000 clients. This malicious update allowed perpetrators to monitor networks and intercept the communications of the infected organizations. Researchers believe that the attack started in early 2020 and that the malicious code resided on some systems for months.
The hack impacted US institutions like NASA, the State Department, the Secret Service, and the Department of Homeland Security. Large corporations like Ford, Microsoft, and CISCO were also compromised. US intelligence officials claimed the hack was most likely perpetrated by Russian operatives.
It’s still hard to tell what kind of information was accessed. Since there is an ongoing investigation, new details are revealed every week. Reports say that 30% of the companies affected by the hack had no connection to SolarWinds, meaning that this security vulnerability extends beyond the malicious software update.
The SolarWinds hack is not the first time hackers have used third-party software suppliers as a way to infiltrate government networks.
Let’s go back to 2015, when the company Juniper Networks revealed a flaw in their encryption algorithm. Juniper’s devices are widely used by the US government and corporations, so officials were worried that hackers could have decrypted their communications.
It’s unknown how Juniper’s source code was altered, but the hackers created a “backdoor” which gave them unauthorized access to the software. The attackers were also able to wipe security logs, making it almost impossible to detect their presence.
Although we still don’t know how the backdoor was created, some speculation actually points to the NSA. The encryption algorithm used by Juniper Networks was originally created by the NSA and given to the National Institute of Standards and Technology. Sometime between 2008 and 2009, Juniper Networks added that algorithm to several of its products.
Researchers have speculated that the NSA might have inserted the backdoor to the algorithm, not realizing that it would later be discovered and exploited by hackers.
While we still don’t know how hackers altered the code of SolarWinds software, many point to the Juniper Networks incident as a precursor to the recent hack. The NSA has been promoting the use of encryption backdoors for many years. They claim that it would help in their investigations and would be used only when necessary.
Most tech companies are not in favor of this and many have warned that having a backdoor would put everyone’s security at risk.
In the letter addressed to the NSA, members of Congress questioned whether the agency knew about the encryption backdoor in the Juniper Networks products. They also asked whether they actually had the legal authority to add a backdoor of this kind.
While there is no proof yet that SolarWinds software contained a backdoor, some congress members suspect that this might be the case.
The Juniper Networks and SolarWinds attacks have proven that neither big enterprises nor government institutions are safe from hackers. It also makes us question the intentions of the NSA and the companies that collaborate with it. One thing’s for sure: this won’t be the last time we see this kind of an incident.
Follow the encryption backdoor debate and sign-up for our monthly newsletter below.