FBI Planted Backdoors To Spy Internet, Claims Collaborator

Ten years ago, the FBI paid a company to plant "a number of backdoors" in OpenBSD IPSEC stack, a secure communication protocol that is used in sites all around the internet. At least, that's what the person who did it claims:

I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN (Virtual Private Network) encryption system implemented by EOUSA (Executive Office for United States Attorneys), the parent organisation to the FBI.

This is also probably the reason why you lost your DARPA funding, they more than likely caught wind of the fact that those backdoors were present and didn't want to create any derivative products based upon the same.

Those are the words of NETSEC's former Chief Technology Officer Gregory Perry in a mail sent to the OpenBSD project leader Theo de Raadt. In a nutshell, if the allegations are true, everyone using this communication protocol could have been exposed to the FBI's electronic spies.

Theo de Raadt sent the mail to the OpenBSD community, which has already started the hunt for the FBI backdoors allegedly placed by Perry's NETSEC developers:

It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack. Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products. Over 10 years, the IPSEC code has gone through many changes and fixes, so it is unclear what the true impact of these allegations are.

The problem, however, may be a lot bigger than that. If this has happened once, how many more of these backdoors exist in other allegedly secure protocols and internet tools? [Ars Technica]

Trending Stories Right Now