Tuesday, December 14, 2010

FBI Accused Of Decade-Old Cryptography Code Conspiracy

Taylor Buley writes on Forbes.com:

You might not have heard of OpenBSD, but the free operating system is at the root of many computers and virtual private networks worldwide. So too is the FBI — that is, if you believe a new accusation that surfaced on a public OpenBSD mailing list.


Theo de Raadt, founder of OpenBSD, forwarded an emailed accusation that the FBI tampered with OpenBSD’s Internet protocol security code around 2000 to 2001. The allegation was sent to de Raadt in a private email from Gregory Perry, who claims to have been at one point an FBI consultant and chief technologist at a network security company called NETSEC, which was apparently an early backer of OpenBSD.


“My NDA with the FBI has recently expired, and I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the [OpenBSD cryptographic framework],” he wrote to de Raadt. “Jason Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC.”


If true, Perry’s accusation — that the FBI paid programmers to slip in code that would leak private encryption keys — would prove to be quite the bombshell. But either way the truth will be hard to come by, a fact that will likely only add to the conspiracy.


More here.

1 Comments:

At Wed Dec 15, 07:55:00 AM PST, Blogger Lippard said...

A few helpful links:

Theo DeRaadt's email, which includes Greg Perry's email with the original allegations:
http://marc.info/?l=openbsd-tech&m=129236621626462&w=2

Scott Lowe denies ever working for the FBI:
http://blog.scottlowe.org/2010/12/14/allegations-regarding-fbi-involvement-with-openbsd/

As does another Scott Lowe:
http://www.itworld.com/open-source/130820/openbsdfbi-allegations-denied-named-participant

Possibly relevant information about Greg Perry's credibility:
http://www.bop.gov/iloc2/InmateFinderServlet?Transaction=IDSearch&needingMoreList=false&IDType=IRN&IDNumber=61547-065&x=98&y=17

 

Post a Comment

<< Home