Did FBI Pay Developers to Incorporate Backdoors in Open Source Software?
3 min readEx-government consultant claims FBI incorporated backdoor technology in OpenBSD to intercept encrypted communications
By Tim Hallman
Editor, CoudyNews.com
Startling allegations were made public yesterday.
According to a private email sent to Theo de Raadt, the lead developer for OpenBSD, the U.S. Federal Bureau of Investigation paid developers to install a number of backdoors into the encryption software used by the OpenBSD operating system. OpenBSD is a Unix-based operating system that can be found all across the world on multitudes of varying computer systems.
The email was sent to de Raadt by former government consultant Gregory Perry, who is now the CEO of GoVirtual Education.
In Perry’s email, he alleges that the FBI bribed he and others to insert backdoors into the IPsec stack, giving the FBI a means to monitor encrypted communications.
Perry alleges that such installments originated around the year 2000, and therefore would have been sending private encrypted information to the FBI for nearly the past decade.
Perry claims he has just recently been afforded the ability to speak on the matter, as he was barred from doing so for ten years per a non-disclosure agreement with the FBI.
He said in his private email to de Raadt,
My NDA with the FBI has recently expired, and I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI. Jason Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC.”
De Raadt made the private email public yesterday, posting it to an Open BSD forum. De Raadt said he refuses to become part of such a conspiracy, and said he was making the email public so that, “(a) those who use the code can audit it for these problems, (b) those that are angry at the story can take other actions, (c) if it is not true, those who are being accused can defend themselves.”
De Raadt did however justify making the private communication public by citing that such government action, if true, overshadowed the “little ethic” of releasing a private communication.
In an email interview with Robert McMillan, Perry says,
I was the lead architect for the site-to-site VPN project developed for Executive Office for United States Attorneys, which was a statically keyed VPN system used at 235+ US Attorney locations and which later proved to have been backdoored by the FBI so that they could recover (potentially) grand jury information from various US Attorney sites across the United States and abroad. The person I reported to at EOSUA was Zal Azmi, who was later appointed to Chief Information Officer of the FBI by George W. Bush, and who was chosen to lead portions of the EOUSA VPN project based upon his previous experience with the Marines (prior to that, Zal was a mujadeen for Usama bin Laden in their fight against the Soviets, he speaks fluent Farsi and worked on various incursions with the CIA as a linguist both pre and post 911, prior to his tenure at the FBI as CIO and head of the FBI’s Sentinel case management system with Lockheed). After I left NETSEC, I ended up becoming the recipient of a FISA-sanctioned investigation, presumably so that I would not talk about those various projects; my NDA recently expired so I am free to talk about whatever I wish.”
Some are simply dismissing Perry’s claims, and speculation as to his motives has understandably run wild. According to some news reports, one person named in the matter has come out to refute Perry’s claims, saying he was never employed by the FBI.
Whether or not the allegations are true is not certain, and perhaps never will be. The backdoors, if actually implemented, would have been coded over ten years ago in software that has undergone continuous modifications.
1 thought on “Did FBI Pay Developers to Incorporate Backdoors in Open Source Software?”