News

Consultant Alleges FBI Had Backdoors Installed into OpenBSD

A former FBI consultant claims the FBI had backdoors installed in the OpenBSD operating system to allow the agency to eavesdrop on virtual private networks used by U.S. attorneys nearly a decade ago. However, one of the developers accused of installing those backdoors has vigorously denied those claims.

Gregory Perry, now CEO of GoVirtual Education, made the allegation Dec. 11 in a personal e-mail to OpenBSD founder Theo de Raadt, who published it three days later on the OpenBSD Tech mailing list.

"That message sent to Theo was not intended for public consumption but rather as a call to audit the OpenBSD codebase, which has been used to create derivative products in the thousands," Perry told this reporter.

Jason Wright, a developer named by Perry as one of those who inserted backdoor software and who now is an engineer at the Energy Department's Idaho National Laboratory, denied the allegation in his own posting, calling it a "cloak and dagger fairy tale."

"I will state clearly that I did not add backdoors to the OpenBSD operating system or the Open BSD crypto framework," he wrote. "I welcome an audit of everything I committed to OpenBSD's tree."

Wright demanded an apology from Perry and chastised de Raadt for publishing the accusation with no warning to him.

De Raadt in his posting agreed that publishing a personal message was troublesome. "However, the ‘little ethic' of a private mail being forwarded is much smaller than the ‘big ethic' of government paying companies to pay open-source developers to insert privacy-invading holes in software."

The backdoor was supposedly included in the IPSEC stack that provides cryptography for VPNs. Access to cryptographic keys could allow an eavesdropper to decipher VPN traffic.

About the Author

William Jackson is the senior writer for Government Computer News (GCN.com).

Featured

  • Azure Active Directory Proxy Service Now Supports SAML Identity

    Microsoft announced on Tuesday that the Azure Active Directory (AD) Proxy service now works with applications that use the Security Assertion Markup Language (SAML) 2.0 for user authentications.

  • How To (Safely) Run Untrusted Applications in Windows 10

    The new Sandbox feature in Windows 10 lets organizations run potentially risky executables in isolation, without having to set up a virtual machine.

  • Office 365 App Activations Getting Streamlined for End Users

    Microsoft plans to ease the Office 365 app installation experience for end users, starting as early as next month, for organizations using some monthly subscription plans, according to a Monday announcement.

  • Nebula

    With $1 Billion Investment, Microsoft Sets Sights on 'Artificial General Intelligence'

    A $1 billion investment from Microsoft promises to turbocharge the efforts of research outfit OpenAI around artificial general intelligence (AGI).

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.