OpenBSD IPSEC stack Audited For FBI Backdoors
Federal government agency accused of paying open source developers to inject surveillance-friendly holes in operating systems.
OpenBSD is an ultra-secure, freely available, multi-platform BSD-based UNIX-like operating system, believed to be highly secure. A recent email sent to BSD project leader Theo de Raadt, however, suggests that NETSEC developers helped the FBI plant "a number of backdoors" in the OpenBSD cryptographic framework approximately a decade ago. According to Ars Technica, this disturbing information was revealed by former NETSEC CTO Gregory Perry who says that his nondisclosure agreement with the FBI has expired, allowing him to finally bring the issue to the attention of OpenBSD developers. Perry also claims that knowledge of the FBI's backdoors played a role in DARPA's decision to withdraw millions of dollars of grant funding from OpenBSD in 2003.
"'It is alleged that some ex-developers (and the company they worked for) accepted US government money to put backdoors into our network stack,' de Raadt wrote. 'Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products. Over 10 years, the IPSEC code has gone through many changes and fixes, so it is unclear what the true impact of these allegations are.'"