Theo de Raadt: Backdoors in network stack

Help and discussion about non-Linux operating systems

Moderators: ChrisThornett, LXF moderators

Theo de Raadt: Backdoors in network stack

Postby PLan » Wed Dec 15, 2010 1:56 am

I have received a mail regarding the early development of the OpenBSD IPSEC stack. It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack, in particular the IPSEC stack. Around 2000-2001.

Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products. Over 10 years, the IPSEC code has gone through many changes and fixes, so it is unclear what the true impact of these allegations are.

The mail came in privately from a person I have not talked to for nearly 10 years. I refuse to become part of such a conspiracy, and will not be talking to Gregory Perry about this. Therefore I am making it public so that -

(a) those who use the code can audit it for these problems,
(b) those that are angry at the story can take other actions,
(c) if it is not true, those who are being accused can defend themselves.

Of course I don't like it when my private mail is forwarded. However the "little ethic" of a private mail being forwarded is much smaller than the "big ethic" of government paying companies to pay open source developers (a member of a community-of-friends) to insert privacy-invading holes in software.

Rest of e-mail ...


Be interesting to see how deep the rabbit hole goes. :shock:
User avatar
PLan
 
Posts: 68
Joined: Fri Apr 08, 2005 5:18 pm

Postby ollie » Wed Dec 15, 2010 2:33 am

If the code was developed in the US I can guarantee the NSA required a "backdoor", exactly the same as all encryption developed in the US. Read "Crypto" by Stephen Levy and you'll start to understand the attitude of the US government. This will also help you understand the persecution of Julian Assange over WikiLeaks.
User avatar
ollie
Moderator
 
Posts: 2749
Joined: Mon Jul 25, 2005 11:26 am
Location: Bathurst NSW Australia

Postby PLan » Wed Dec 15, 2010 2:54 am

I've read Crypto, though not sure how much of it I can remember ... :?


According to the e-mail from Gregory Perry the backdoors were implemented under direction from the FBI (don't think the NSA is mentioned). I take your point about the US government though I'm not sure this is in the same vein as something like the Clipper chip.
User avatar
PLan
 
Posts: 68
Joined: Fri Apr 08, 2005 5:18 pm

Postby ollie » Wed Dec 15, 2010 6:49 am

From what I've read the NSA try to stay out of sight and get the other agencies to do the actual dirty work. The NSA make statements like - "The US must secure the Internet" Gen. Keith Alexander, Director NSA 7 Sep 2010. Yet they want it insecure enough that they can access all information at any time and get upset when people don't want them snooping around.
User avatar
ollie
Moderator
 
Posts: 2749
Joined: Mon Jul 25, 2005 11:26 am
Location: Bathurst NSW Australia

Postby donoreo » Wed Dec 15, 2010 2:53 pm

This was the FBI and 10 years ago or something like that. Back then NSA was "No Such Agency" :) so it may have been the NSA working through the FBI.

This message will self destruct.
I cannot deny anything that I did not say.
User avatar
donoreo
LXF regular
 
Posts: 788
Joined: Mon Apr 11, 2005 1:49 pm
Location: Toronto, Ontario, Canada

Postby Dutch_Master » Wed Dec 15, 2010 11:31 pm

donoreo wrote:This was the FBI and 10 years ago or something like that. Back then NSA was "No Such Agency" :) so it may have been the NSA working through the FBI.

This message will self destruct.
No it doesn't :P It's on weekileeks now ;)
Dutch_Master
LXF regular
 
Posts: 2451
Joined: Tue Mar 27, 2007 1:49 am

Re: Theo de Raadt: Backdoors in network stack

Postby bobthebob1234 » Thu Dec 16, 2010 12:15 am

PLan wrote:Be interesting to see how deep the rabbit hole goes. :shock:



its not deeper than my hole. My hole is the biggest rabbit hole in the universe. :D
For certain you have to be lost to find the places that can't be found. Elseways, everyone would know where it was
User avatar
bobthebob1234
LXF regular
 
Posts: 1373
Joined: Thu Jan 03, 2008 9:38 pm
Location: A hole in a field

Postby PLan » Fri Dec 17, 2010 10:16 pm

Denials all around -

Yesterday, we reported on the allegations made by Gregory Perry. He claims that 10 years ago, several developers were paid by the FBI to implement hidden backdoors into OpenBSD's IPSEC stack. This has prompted a lot of speculation about the allegations' validity, and less than 24 hours later, it has descended into one person's word against that of others. Update: Jason Wright, too, denies all the allegations. "I will state clearly that I did not add backdoors to the OpenBSD operating system or the OpenBSD crypto framework (OCF). [...] It is a baseless accusation the reason for which I cannot understand."

OSNews article ...


:shock:
User avatar
PLan
 
Posts: 68
Joined: Fri Apr 08, 2005 5:18 pm

Postby ollie » Thu Dec 23, 2010 1:28 am

And more news that it may in fact be true - Allegations of OpenBSD Backdoors May be True, Updated - from "Linux Journal".

Don't trust the US to do anything for the rest of the world - they are only interested in making massive profits for US corporations, many of whom have vested military interests, at the detriment of everyone else.
User avatar
ollie
Moderator
 
Posts: 2749
Joined: Mon Jul 25, 2005 11:26 am
Location: Bathurst NSW Australia

Postby johnhudson » Fri Dec 24, 2010 9:25 am

johnhudson
LXF regular
 
Posts: 881
Joined: Wed Aug 03, 2005 1:37 pm


Return to Other OS

Who is online

Users browsing this forum: No registered users and 0 guests