A former US Government contractor has claimed the FBI placed a number of backdoors into the OpenBSD operating system.
In an email made public on Tuesday, Gregory Perry former chief technologist at the now-defunct Network Security Technology (NETSEC) claimed a 10-year Non Disclosure Agreement (NDA) with the FBI had recently expired and he felt it was time to speak out. During his time at NETSEC Mr Perry was reportedly a consultant for the FBI's GSA Technical Support Center.
''I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF [OpenBSD Crypto Framework], for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI,'' he said.
The e-mail was sent to OpenBSD founder Theo de Raadt, who posted it publicly and washed his hands of what he believed to be a ''conspiracy''.
The mail came in privately from a person I have not talked to for nearly 10 years. I refuse to become part of such a conspiracy, and will not be talking to Gregory Perry about this. Therefore I am making it public so that
(a) those who use the code can audit it for these problems,
(b) those that are angry at the story can take other actions,
(c) if it is not true, those who are being accused can defend themselves,'' he said.
It is unclear if Mr Perry's claims have any merit - Mr de Raadt noted that the code in question has gone through many revisions in the decade since it was allegedly tampered with and the supposed backdoors may no longer exist.
On its website, OpenBSD is claimed to be a ''Multiplatform Ultra-Secure Operating System''.
Mr Perry named developer Jason Wright as one of several individuals responsible for implementing the backdoors.
''You would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC,'' he said.
Mr Wright yesterday angrily denied any involvement and categorically denied adding any backdoors to OpenBSD or the OpenBSD Crypto Framework.
''I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF),'' he said.
''I demand an apology from Greg Perry (cc'd) for this accusation. Do not use my name to add credibility to your cloak and dagger fairy tales.''
In a tweet, former FBI agent E.J. Hilbert, claimed the OpenBSD ''experiment'' occurred, but was unsuccessful.
6 Comments - Add comment