You might not have heard of
OpenBSD, but the free operating
system is at the root of many
computers and virtual private
networks worldwide. So too is
the FBI — that is, if you believe a
new accusation that surfaced on
a public OpenBSD mailing list.
Theo de Raadt, founder of
OpenBSD, forwarded an emailed
accusation that the FBI tampered
with OpenBSD’s Internet
protocol security code around
2000 to 2001. The allegation was
sent to de Raadt in a private
email from Gregory Perry, who
claims to have been at one point
an FBI consultant and chief
technologist at a network
security company called NETSEC,
which was apparently an early
backer of OpenBSD.
“My NDA with the FBI has
recently expired, and I wanted to
make you aware of the fact that
the FBI implemented a number
of backdoors and side channel
key leaking mechanisms into the
[OpenBSD cryptographic
framework],” he wrote to de
Raadt. “Jason Wright and several
other developers were
responsible for those backdoors,
and you would be well advised
to review any and all code
commits by Wright as well as the
other developers he worked with
originating from NETSEC.”
If true, Perry’s accusation — that
the FBI paid programmers to slip
in code that would leak private
encryption keys — would prove
to be quite the bombshell. But
either way the truth will be hard
to come by, a fact that will likely
only add to the conspiracy.
OpenBSD is freely distributable
and has come to play a role in
all kinds of different software
over the last decade. There is
likely a record of all the code
pushed by the accused ex-
OpenBSD developers, even going
back as far as 2000. However, de
Raadt notes that because of
OpenBSD’s early and decade-old
software legacy, even if the
alleged backdoors exist the code
would likely to have evolved
significantly over time (though
not necessarily in a way that
would eliminate the security
holes).
Auditing that code for FBI
backdoors would be painful as
such code would have
presumably been designed not
to be found. But such an
investigation is the first of de
Raadt’s stated reasons for
forwarded the private email: “I
refuse to become part of such a
conspiracy,” he wrote.
“Therefore I am making it public
so that… those who use the code
can audit it for these problems.”
The tenth item on the list of FBI
priorities states the agency’s aim
to “Upgrade technology to
successfully perform the FBI’s
mission.” An in-depth look at
OpenBSD’s code might show
exactly how far the FBI is willing
to take that mandate.
No comments:
Post a Comment