July 29, 2014
Hot Topics:
RSS RSS feed Download our iPhone app

Did the FBI Pay OpenBSD Developers for Backdoors into IPsec?

  • December 17, 2010
  • By Developer.com Staff

A developing story reported by Phoronix alleges that the FBI paid OpenBSD developers to insert backdoors into the IPsec stack. According to the report, OpenBSD's Theo de Raadt recently received an email from former NetSec CTO Gregory Perry informing de Raadt about the FBI's effort 10 years ago to monitor the site-to-site VPN traffic via IPsec backdoors.

"My NDA with the FBI has recently expired," Perry, now the CEO of GoVirtual Education said, "and I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI. Jason Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC."

De Raadt said he didn't want to get involved in a conspiracy, but he thought it was important to let everyone know that there could possibly be suspicious code still in IPsec, so he published the email from Perry in its entirety.

"Over 10 years," de Raadt said, "the IPSEC code has gone through many changes and fixes, so it is unclear what the true impact of these allegations are."


View Article


Tags: IPSec, OpenBSD

Originally published on http://www.developer.com.


Comment and Contribute

 


(Maximum characters: 1200). You have characters left.

 

 


Sitemap | Contact Us

Rocket Fuel