FBI Accused Of Decade-Old Cryptography Code Conspiracy

This is one for the computer experts here.. If this information is true, it shows that the FBI actively engaged in creating their own backdoors in open sourced software? I am no expert on this for sure, and the article does say that this was back in 2000-01, but flash forward to now.. post PATRIOT act.. and wonder how much further the agency has gone since those days...

blogs.forbes.com

You might not have heard of OpenBSD, but the free operating system is at the root of many computers and virtual private networks worldwide. So too is the FBI — that is, if you believe a new accusation that surfaced on a public OpenBSD mailing list.

Theo de Raadt, founder of OpenBSD, forwarded an emailed accusation that the FBI tampered with OpenBSD’s Internet protocol security code around 2000 to 2001.

a snippet from the email leaked...

Allegations regarding OpenBSD IPSEC

...At that same time I also did some consulting for the FBI,
for their GSA Technical Support Center, which was a cryptologic
reverse engineering project aimed at backdooring and implementing key
escrow mechanisms for smart card and other hardware-based computing
technologies.

My NDA with the FBI has recently expired, and I wanted to make you
aware of the fact that the FBI implemented a number of backdoors and
side channel key leaking mechanisms into the OCF, for the express
purpose of monitoring the site to site VPN encryption system
implemented by EOUSA, the parent organization to the FBI...

A 'Trojan-Horse' Operating System?

Most interesting... most curious... most.... NOT surprising....excited for more info...

Here's another article discussing this released information...

www.computerworld.com

...One project Perry worked on, a virtual private network (VPN) system used by the U.S. Department of Justice "later proved to have been backdoored by the FBI so that they could recover (potentially) grand jury information from various US Attorney sites across the United States and abroad," Perry said.

An FBI spokesman was unable to comment on the matter.

Perry said he sent the e-mail to de Raadt because his non-disclosure agreement with the FBI had expired.

Perhaps the most remarkable thing about the whole matter is that de Raadt decided to go public with claims that could undermine the credibility of his software. OpenBSD is open source software and its components are widely used in other Unix-based operating systems...

I love the FBI response... uh... no comment.. (blindsided them?)

How long until we hear the spun story from the government?

Once again, these are allegations from an email, but this sure doesn't look good at the moment..

reply to post by JacKatMtn


Of course they paid programmers to put back doors into the software. The Government paid other programmers to place backdoor vote rigging code in the Diebold voting machines. I would not be surprised if the government asked Micro$oft to either monitor all Windows OS PCs, or gave the government the 'keys' to the back- and/or front-doors to spy on everyone. There is no privacy anymore, we gave it up for the illusion of security. Now, we have neither. At least some, if not a lot of us "humans" are waking up to the fact and are saying, "no more".

The first bit of controversy over the released email...

Storm over OpenBSD back door

...This has been vehemently denied by Lowe in his own blog and he pointed out that there's another tech author called Scott Lowe. This Lowe, who works for a college in Missouri, is keeping his own counsel for the moment...

Here are the 2 Scott Lowe's blog disclaimers denying an association with the FBI...

Allegations Regarding FBI Involvement with OpenBSD

Let’s get right to the point and set the record straight: I am not, nor have I ever been, affiliated with or employed by the FBI or any other government agency.

Clarification regarding FBI conspiracy discussion

As is the case with the “other” Scott Lowe, I am not, nor have I ever been, affiliated with or employed by the FBI or any other government agency.

reply to post by JacKatMtn



Nice thread as for any open source put out there for the benefit of the so called Internet free information exchange, well....i simply kinda smile at that thought.

Nothing is given for free in life and if it is, then be very careful.

John Young of Cryptome...

cryptome.org

..Strong stuff, naming names, very unusual, likely to lead to professional suicide. Smells like a hoax or a competitor smear. We wrote last night the alleged author of the allegations for confirmation but have not received an answer...

It will be interesting to see if Cryptome gets a response to their email..

Originally posted by Skada
reply to post by JacKatMtn

 

Of course they paid programmers to put back doors into the software. The Government paid other programmers to place backdoor vote rigging code in the Diebold voting machines. I would not be surprised if the government asked Micro$oft to either monitor all Windows OS PCs, or gave the government the 'keys' to the back- and/or front-doors to spy on everyone.

Well, they did just that. I am a PC repairman. I have tried many times to get rid of, or change name/properties of this file. It cannot be successfully done.

How NSA access was built into Windows

Did NSA Put a Secret Backdoor in New Encryption Standard?

Is Microsoft Working With The NSA?? Windows apparently has a backdoor for NSA

the FBI and the others.
think of us all as the enemy!
so they are enemy.
never forget that.

they're doing it better these days coz they don't even need to have a backdoor into the OS.

IT Business

Infowars

At first this sounds great: if an owner loses a laptop it can be remotely disabled to ensure no sensitive data is compromised. But essentially we are giving up control of our computers and putting that control in another’s hands.

Well you should look into COFFE the USB hack tool Microsoft and the NSA created and you will see how its done by the pros. They quit doing easter eggs in the software and went high tech. And encryption software is a joke. The venders must give the NSA the ability to hack it in order to sell it in the US. You have to use multiple encryption software to make it safe from them.

Microsoft also hands out Gold series Windows software to the US government showing ways to hack Windows. And will include up dated hack tools with the Gold Series disk if new versions were created. A military email was sent out talking about the Jack The Ripper software was safe on the Gold disk. There antivirus software had to be altered to let the disk work on there computers.

I would say they have added a small program to the CPU. that lets them have a back door.
that would be almost impossible to find.
so you dont stand a chance.

An organization that specializes in deception and information mining installed backdoor's into an operating system in order to gain personal information about users.

I'm having a hard time believing this. It just doesn't make sense.

"If" this is confirmed, this is "huge" news and will have big impact.
The openssl coded concerned here, have been widely used in many other softwares.

But we need other confirmation than the original leaker of this information.

FYI, the guy who leaked this info is old CEO of the NetSec company, and a fbi consultant.
He have emailed this info "now", to the main developper of OpenBSD, because his 10 Years of "privacy" contract have ended few days ago.

I will follow this news closely ..

On twitter (here) : via @ejhilbert : I was one of the few FBI cyber agents when the coding supposedly happened. Experiment yes. Success No.

Originally posted by digit78
"If" this is confirmed, this is "huge" news and will have big impact.
The openssl coded concerned here, have been widely used in many other softwares.

But we need other confirmation than the original leaker of this information.

FYI, the guy who leaked this info is old CEO of the NetSec company, and a fbi consultant.
He have emailed this info "now", to the main developper of OpenBSD, because his 10 Years of "privacy" contract have ended few days ago.

I will follow this news closely ..

It won't be huge news. MOst people don't even conceptualize the technology that they use. "Back door" to them is some abstract concept that Big Brother should have access through.

I wish you were right. We need some people to see the ground breaking news for what it is. Maybe then Julian Assange wouldn't still be in jail.

Originally posted by digit78
On twitter (here) : via @ejhilbert : I was one of the few FBI cyber agents when the coding supposedly happened. Experiment yes. Success No.

Thats a classic example of dividing. "Kneed to know or desinfo about the trajectory)

On guy makes a piece, they tell him it gets canceled.
One other make a piece,they tell him its canceled
etc

At the end a small group put the pieces together, and voila..another "secret system/device/software" is born.

Anyone doubting that certain interested parties are both sufficiently motivated and capable of this kind of thing should look into the history of Crypto A/G from Zug, Switzerland.
Being in network security myself I have always had suspicions about Checkpoint's SIC "Secure Internal Communication" protocol.
Checkpoint firewalls are widely used in the industry and the various components; enforcement, management and logging modules all communicate using a proprietary unpublished protocol. The protocol is used for pushing new rulesets out to firewalls collecting logged events etc...
Checkpoint is an Israeli company. Speculation runs wild in me on this one.

Another caveat with most encryption systems is with the Random Number Generators used to produce hashing functions.
A random number generated in software can never truly be random as there is always code used to generate the "random" number. If you have access to this code your job is alot easier. I read years ago that the NSA crypto labs co-developed these RNG's for various unix distros and most probably holds the seeds in escrow.
Well, what did you expect?

Plot thickens? someone finally got hold of the author of the email, and while he said he didn't wiash for it to be made public but he stands behind what he said...

blogs.csoonline.com

...The OCF was a target for side channel key leaking mechanisms, as well as pf (the stateful inspection packet filter), in addition to the gigabit Ethernet driver stack for the OpenBSD operating system; all of those projects NETSEC donated engineers and equipment for, including the first revision of the OCF hardware acceleration framework based on the HiFN line of crypto accelerators.


The project involved was the GSA Technical Support Center, a circa 1999 joint research and development project between the FBI and the NSA; the technologies we developed were Multi Level Security controls for case collaboration between the NSA and the FBI due to the Posse Commitatus Act, although in reality those controls were only there for show as the intended facility did in fact host both FBI and NSA in the same building...

Please check the link for more... It's times like these that I wish I understood all the computer lingo ..