Former contractor says FBI put back door in OpenBSD
IDG News Service - A former government contractor says that the FBI installed a number of back doors into the encryption software used by the OpenBSD operating system.
The allegations were made public Tuesday by Theo de Raadt, the lead developer in the OpenBSD project. DeRaadt posted an e-mail sent by the former contractor, Gregory Perry, so that the matter could be publicly scrutinized.
"The mail came in privately from a person I have not talked to for nearly 10 years," he wrote in his a posting to an OpenBSD discussion list. "I refuse to become part of such a conspiracy, and will not be talking to Gregory Perry about this. Therefore I am making it public."
No one has come forward to corroborate Perry's story, but the allegations are remarkable. If they're true -- and at present they're being greeted with skepticism by the security community -- they mean that the FBI may have developed secret ways to snoop on encrypted traffic and then hidden them in source code submissions accepted by OpenBSD.
Perry is now CEO with a VMware services company called GoVirtual, but 10 years ago -- when the backdoor code was allegedly added to OpenBSD's IPsec stack -- he was a government contractor working for the FBI, he said.
In an e-mail interview, Perry said that the back door code was developed to give the FBI a way to monitor encrypted communications within the U.S. Department of Justice. Perry says he worked with the FBI while he was chief technology officer at a company called Netsec, and was a contractor at the FBI's Technical Support Center, which was set up in the late 1990s to help law enforcement circumvent encryption techniques used by criminals.
There, Perry helped develop encryption cracking techniques, including what are known as side channel attacks -- these are ways of finding secret information by looking in unexpected places -- figuring out passwords by looking at the amount of time it takes the computer to process different characters, for example.
One project Perry worked on, a virtual private network (VPN) system used by the U.S. Department of Justice "later proved to have been backdoored by the FBI so that they could recover (potentially) grand jury information from various US Attorney sites across the United States and abroad," Perry said.
An FBI spokesman was unable to comment on the matter.
Perry said he sent the e-mail to de Raadt because his non-disclosure agreement with the FBI had expired.
Perhaps the most remarkable thing about the whole matter is that de Raadt decided to go public with claims that could undermine the credibility of his software. OpenBSD is open source software and its components are widely used in other Unix-based operating systems.
- Best iPhone, iPad Business Apps for 2014
- 14 Tech Conventions You Should Attend in 2014
- 10 Desktop Apps to Power Your Windows PC
- How to Add New Job Skills Without Going Back to School
- Slideshow: 7 security mistakes people make with their mobile device
- iOS vs. Android: Which is more secure?
- 11 sure signs you've been hacked
Red Hat Enterprise Linux - The Original Cloud Operating System
Linux adoption is growing against a number of measures, such as the
number of supercomputers that run Linux and the size of the contributing...
- What Datapipe customers need to know about the new PCI DSS 3.0 compliance standard This handy quick reference outlines what PCI DSS 3.0 is, who needs to be compliant and how Alert Logic solutions address the new...
- The 12 PCI DSS 3.0 requirements addressed by Peer 1 Hosting This handy quick reference outlines the 12 PCI DSS 3.0 requirements, who needs to be compliant and how Alert Logic solutions address the...
- Partners in Mobile Device Management: AirWatch & CDW When it comes to Mobile Device Management, it's not just what you know. It's who you know. That's why CDW partners with industry...
- Four Myths of High-Productivity App Dev Debunked Debunk the main myths surrounding high-productivity application development and how both platforms have overcome them.
- Redefine Your IT Operations: Remote Office IT Has Never Been Simpler Join us to see why PC Pro named Dell PowerEdge VRTX the "2013 Server of the Year." PowerEdge VRTX may be just what... All Operating Systems White Papers | Webcasts