The U.S. Congress wants answers on what has been apparent foot-dragging by the U.S. National Security Agency (NSA) in answering congressional questions about NSA forcing the U.S. National Institute of Standards and Technology (NIST) into incorporating a NSA-engineered back door into the Dual_EC_DRBG encryption algorithm standard developed for use in federal government computer systems and networks. On January 28, Democratic Senators Ron Wyden of Oregon and Cory Booker of New Jersey, along with eight of their Democratic colleagues in the House of Representatives—Tom Malinowski of New Jersey, Ted Lieu of California, Stephen Lynch of Massachusetts, Bill Foster of Illinois, Suzan DelBene of Washington, Yvette Clarke of New York, and Anna Eshoo of California—sent a letter to NSA director General Paul Nakasone requesting information on the forced introduction by NSA of the Dual_EC_DRBG algorithm into the products of Juniper Networks that permitted a massive breach of its customers’ systems in 2015, five years before a similar breach occurred with the products of SolarWinds, another vendor reliant on the same NSA-manipulated encryption algorithm.
The gist of the congressional inquiry into the role NSA may have played in manipulating the U.S. civilian government technical standards development and approval process is not the first time the legislative branch of government has smelled a rat when it comes to NSA inserting “Trojan horses” into standards developed for civilian government and commercial use. In the case of Dual_EC_DRBG, NSA’s zeal in providing itself with a hidden back door to spy on targeted computers and networks relying on the NIST standard may have boomeranged. Back doors of any nature in information technology products is a hack waiting to happen. There is also a suggestion that the U.S. Intelligence Community’s haste in blaming “Russian,” “Chinese,” “North Korean,” “Iranian,” and other hackers for the SolarWinds breach was to cover its own tracks in pushing for widespread use of an encryption standard for which it had implanted a serious security design flaw.
In their letter to Nakasone, the senators and representatives wrote, “The American people have a right to know why NSA did not act after the Juniper hack to protect the government from the serious threat posed by supply chain hacks. A similar supply chain hack was used in the recent SolarWinds breach, in which several government agencies, including the Departments of Commerce, Defense, Homeland Security, Justice and Treasury, were infected with malware contained in the updates to SolarWinds software that permitted access by hackers.
A problem in the U.S. government’s supply chain suggests that traditional configuration management controls were abandoned by NIST and NSA, as well as federal agency end-users when it came to approving the contracts with Juniper and SolarWinds for their services.
The history of NSA and civilian and commercial encryption standards is replete with examples of what is the subject of the current congressional probe into the Juniper Networks and SolarWinds events. In the 1990s, the NSA, with the backing of the Federal Bureau of Investigation (FBI), pushed for a backdoor in an encryption micro-circuit developed by NSA engineers. Marketed as the “Clipper Chip,” the backdoor technology that foresaw law enforcement holding, in escrow, the decryption mechanism immediately came under attack by privacy and civil liberties advocates, as well as major high-tech computer and telecommunications companies, including AT&T, Microsoft, and Apple. The Clipper Chip backdoor technology was developed in concert with a military contractor, Mykotronx.
Civilian government and commercial users of the 56-bit Data Encryption Standard (DES) algorithm, developed by IBM and issued as a federal standard in 1977 by the National Bureau of Standards, the forerunner of NIST, were content with its security and performance. It would later be discovered that an original 128-bit DES algorithm developed by IBM was scaled back to 56-bits under pressure from NSA. At the time, the code-breaking ability of NSA to crack a 128-bit DES would have taxed other code-breaking priorities, for example those employed against Soviet, Chinese, Israeli, and French diplomatic and military encryption codes. NSA believed it had mastered breaking international diplomatic, military, banking, and industrial encryption ever since it was able to install backdoor decryption capabilities in many Western commercial encryption products, including the Hagelin cipher machines that were produced by Crypto AG of Switzerland. Advances in encryption technology forced NSA to become more aggressive in its demand for a backdoor advantage in cracking encryption products, including the 250-bit RSA algorithm for commercial end-users and the freeware encryption product “Pretty Good Privacy” (PGP).
The Senate-House letter to NSA contains a paragraph that provides some insight into the NSA Dual_EC_DRBG Trojan horse algorithm that was implanted in Juniper Network’s products. That paragraph states, “Sometime between 2008 and 2009, Juniper added the algorithm to several of its products. Juniper made this change secretly, which it kept from the public until 2013. In response to a recent congressional investigation, the company confirmed that it added support for the algorithm ‘at the request of a customer,’ but refused to identify that customer or even confirm whether that customer was a U.S. government agency. According to Juniper, no one involved in the decision to use this algorithm still works for the company.” Based on NSA’s similar efforts in the past, two facts can be ascertained. The “customer” that made the request was, in fact, NSA, and the company employees involved in the decision to use the algorithm were temporary employees provided by NSA.
The FBI also saw sophisticated encryption systems in the hands of the public to be an impediment to its longstanding access to communications systems, with or without a court order. For many years, the FBI enjoyed unhindered access to Washington, DC’s analog phone system from its own remote access wiretapping room located in the Old Post Office on Pennsylvania Avenue, now the Trump International Hotel.
With the current congressional inquiry into NSA blaming various state actors for the Juniper/Solar Winds hacking, it appears that we have come full circle. Some thirty years ago, the NSA back door in question was the Clipper Chip. Today, it is Dual_EC_DRBG. In the early 1990s, the chief critic of NSA’S actions was Democratic Representative Jack Brooks of Texas, the chairman of the powerful House Judiciary Committee and a cigar-chomping protégé of House Speaker Sam Rayburn and President Lyndon Johnson. NSA was able to withstand the heat placed on it by the likes of Brooks. They obviously believe they will be able to obfuscate on the encryption backdoor issue with Wyden, Booker, and the Democratic House members.
There is every likelihood that the “damaging” hacks from unnamed actors abroad into U.S. federal, state, and local government networks and computer systems, as well as those in the private sector, have been carried out by U.S. Cyber Command personnel testing their backdoor Trojan horse capabilities. For every well-publicized hacker attack blamed on foreign players, the NSA and Cyber Command enjoy huge boosts in their operating budgets. Victims of hacking attacks also bear responsibility for their dilemmas. The rush to outsource computing capabilities and data storage to “cloud” operations brings about inherent security vulnerabilities. Those who began worrying about computer security risks in the late 1960s, including those working for the Central Intelligence Agency, would have gone ballistic if they lived long enough to see the CIA outsource its cloud computing requirements to Amazon.
So, who is ultimately at fault for the succession of major hacking events in the United States? The quote from Cassius in William Shakespeare’s “Julius Caesar” is germane, “The fault, dear Brutus, is not in our stars, but in ourselves.”
This article originally appeared in Strategic Culture Foundation on-line journal.
Wayne Madsen is a Washington, DC-based investigative journalist and nationally-distributed columnist. He is the editor and publisher of the Wayne Madsen Report (subscription required).