Former contractor says FBI put back door in OpenBSD
IDG News Service - A former government contractor says that the FBI installed a number of back doors into the encryption software used by the OpenBSD operating system.
The allegations were made public Tuesday by Theo de Raadt, the lead developer in the OpenBSD project. DeRaadt posted an e-mail sent by the former contractor, Gregory Perry, so that the matter could be publicly scrutinized.
"The mail came in privately from a person I have not talked to for nearly 10 years," he wrote in his a posting to an OpenBSD discussion list. "I refuse to become part of such a conspiracy, and will not be talking to Gregory Perry about this. Therefore I am making it public."
No one has come forward to corroborate Perry's story, but the allegations are remarkable. If they're true -- and at present they're being greeted with skepticism by the security community -- they mean that the FBI may have developed secret ways to snoop on encrypted traffic and then hidden them in source code submissions accepted by OpenBSD.
Perry is now CEO with a VMware services company called GoVirtual, but 10 years ago -- when the backdoor code was allegedly added to OpenBSD's IPsec stack -- he was a government contractor working for the FBI, he said.
In an e-mail interview, Perry said that the back door code was developed to give the FBI a way to monitor encrypted communications within the U.S. Department of Justice. Perry says he worked with the FBI while he was chief technology officer at a company called Netsec, and was a contractor at the FBI's Technical Support Center, which was set up in the late 1990s to help law enforcement circumvent encryption techniques used by criminals.
There, Perry helped develop encryption cracking techniques, including what are known as side channel attacks -- these are ways of finding secret information by looking in unexpected places -- figuring out passwords by looking at the amount of time it takes the computer to process different characters, for example.
One project Perry worked on, a virtual private network (VPN) system used by the U.S. Department of Justice "later proved to have been backdoored by the FBI so that they could recover (potentially) grand jury information from various US Attorney sites across the United States and abroad," Perry said.
An FBI spokesman was unable to comment on the matter.
Perry said he sent the e-mail to de Raadt because his non-disclosure agreement with the FBI had expired.
Perhaps the most remarkable thing about the whole matter is that de Raadt decided to go public with claims that could undermine the credibility of his software. OpenBSD is open source software and its components are widely used in other Unix-based operating systems.
- 7 Elements of Radically Simple OS Migration OS migration is typically time-consuming and expensive. To make your next migration easy, follow these six recommendations when planning your project.
- Flying High on the Use of Red Hat Enterprise Linux Flybe was one of the 21 companies that were interviewed for quantitative results on their operations as part of an IDC ROI analysis....
- Who does NSS Labs "Recommend" for NGFW? In 2012, NSS Labs found that most available NGFW solutions "fell short in performance and security effectiveness." In 2013 NSS Labs noted "marked...
- 9 Essentials for a Complete Cloud-to-Cloud Backup Solution In 9 Essentials for a Complete Cloud-to-Cloud Backup Solution, we'll walk you through potential sources of data loss in the cloud and provide...
- Protecting Critical SaaS Data Before It's Too Late In this webinar, you'll hear how to avoid SaaS data loss through best practices from a panel of experts.
- What Does it Take to Deliver a Superior Customer Experience? The Two Top-Rated Online Retailers, B&H Photo and Crutchfield Electronics, Share Their Secrets Discuss practical CX tools and service methods such as contact center agents and the use of realtime speech analytics to help contact center... All Operating Systems White Papers | Webcasts