FBI installed backdoors in OpenBSD crypto claims Contractor

[nsane.forums]

Possible decade of spying rocks open source community

OpenBSD's founder Theo de Raadt, has published an email he received from Gregory Perry, currently chief executive officer of GoVirtual Education, but a former chief technology officer at NETSEC who contributed money and code to the OpenBSD project.

A contractor's claims that the FBI installed backdoors in the encryption in OpenBSD have rocked the open source world and caused mass confusion.He claims that he and other NETSEC staff installed backdoors and code vulnerabilities into OpenBSD at the behest of the FBI ten years ago. Now that his non-disclosure agreement with the FBI had expired Perry said he was contacting de Raadt to let him know the code needed to be checked."This is why several inside FBI folks have been recently advocating the use of OpenBSD for VPN and firewalling implementations in virtualized environments," the email reads.

"For example Scott Lowe is a well respected author in virtualisation circles who also happens top be on the FBI payroll, and who has also recently published several tutorials for the use of OpenBSD VMs in enterprise VMware vSphere deployments."

He also suggests that the reason DARPA stopped funding OpenBSD was that is became aware of the holes and didn't want any products that had the same flaws. de Raadt said he would be taking no further action but would leave the decision up to the community.

"I don't like it when my private mail is forwarded. However the "little ethic " of a private mail being forwarded is much smaller than the "big ethic" of government paying companies to pay open source developers (a member of a community-of-friends) to insert privacy-invading holes in software," he wrote.

Several of the people mentioned in Perry's email have denied involvement in any such scheme and the open source community is investigating the truth behind them. However, one former FBI computer security agent has confirmed parts of Perry's story.

"I was one of the few FBI cyber agents when the coding supposedly happened. Experiment yes. Success No," tweeted ex-FBI Cyber Crime agent E.J. Hilbert.

View: Original Article

[DKT27]

Quite shocking. :mellow:

The first thing FBI would try to do here is to bury the topic beneath the carpet. But if the claims come true, I see a worldwide protest from the developers.

[irefay]

"Experiment yes. Success No."

So does that mean that they played around with it but it didnt actually get implemented?

Also, how in the world does a back door get put in open source code and go undetected for a decade?