Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Logo
Logo
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity
    • Development
    • Servers

    OpenBSD Founder: NetSec Probably Contracted to Plant Backdoors

    By
    Brian Prince
    -
    December 22, 2010
    Share
    Facebook
    Twitter
    Linkedin

      The founder of the OpenBSD project said he believes a firm was “probably contracted” by the government to write backdoors in the OpenBSD Cryptographic Framework (OCF).

      The statement was made Dec. 21 by OpenBSD founder Theo de Raadt on the project’s mailing list in response to the ongoing discussion about allegations aired in an e-mail to de Raadt from former NetSec CTO Gregory Perry. In the e-mail, Perry claimed that roughly a decade ago, the FBI had developers plant backdoors and side-channel key leaks in OCF.

      “I believe that NETSEC [sic] was probably contracted to write backdoors as alleged,” de Raadt wrote. “If those were written, I don’t believe they made it into our tree. They might have been deployed as their own product.”

      During the past week, some have criticized Perry’s claims, and two people named in his initial e-mail have denied any involvement in the alleged plot. One of them, Jason Wright, noted in a message to the OpenBSD mailing list that the code he touched related “mostly to device drivers to support the framework.”

      “I don’t believe I ever touched isakmpd or photurisd (userland key management programs), and I rarely touched the ipsec internals (cryptodev and cryptosoft, yes),” Wright wrote Dec. 15.

      Perry, now CEO of GoVirtual Education, told eWEEK in an e-mail Dec. 15 that he stood by his allegations.

      “The FBI has been doing this for quite some time now, they have intentionally weakened the United States’ critical infrastructure for purposes of domestic and international surveillance,” Perry wrote. “God only knows what they are up to these days with their newfound legislative powers.”

      In his e-mail to de Raadt, Perry alleged the FBI “implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA [Executive Office for United States Attorneys], the parent organization to the FBI.”

      According to de Raadt, both Wright and developer Angelos Keromytis worked at NetSec, which has since been acquired by Verizon, and wrote code in “many areas we all rely on.”

      “After Jason left, Angelos (who had been working on the ipsec stack already for 4 years or so, for he was the ARCHITECT and primary developer of the IPSEC stack) accepted a contract at NETSEC and while travelling around the world) wrote the crypto layer that permits our ipsec stack to hand-off requests to the drivers that Jason worked on,” he wrote. “That crypto layer contained the…insecure idea of half-IV that the US govt was pushing at that time.”

      “Soon after his contract was over this was ripped out,” de Raadt continued. “Soon after this the CBC oracle problem became known as well in published papers, and ipsec/crypto moved towards random IV generation (probably not viable before this, since we had lacked a high-quality speedy PRNG… arc4random). I do not believe that either of these two problems, or other problems not yet spotted, are a result of clear malice. So far the issues we are digging up are a function of the time in history.”

      Brian Prince

      MOST POPULAR ARTICLES

      Big Data and Analytics

      Alteryx’s Suresh Vittal on the Democratization of...

      James Maguire - May 31, 2022 0
      I spoke with Suresh Vittal, Chief Product Officer at Alteryx, about the industry mega-shift toward making data analytics tools accessible to a company’s complete...
      Read more
      Cybersecurity

      Visa’s Michael Jabbara on Cybersecurity and Digital...

      James Maguire - May 17, 2022 0
      I spoke with Michael Jabbara, VP and Global Head of Fraud Services at Visa, about the cybersecurity technology used to ensure the safe transfer...
      Read more
      Applications

      Cisco’s Thimaya Subaiya on Customer Experience in...

      James Maguire - May 10, 2022 0
      I spoke with Thimaya Subaiya, SVP and GM of Global Customer Experience at Cisco, about the factors that create good customer experience – and...
      Read more
      Cloud

      IGEL CEO Jed Ayres on Edge and...

      James Maguire - June 14, 2022 0
      I spoke with Jed Ayres, CEO of IGEL, about the endpoint sector, and an open source OS for the cloud; we also spoke about...
      Read more
      Big Data and Analytics

      GoodData CEO Roman Stanek on Business Intelligence...

      James Maguire - May 4, 2022 0
      I spoke with Roman Stanek, CEO of GoodData, about business intelligence, data as a service, and the frustration that many executives have with data...
      Read more
      Logo

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2022 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×