FBI Accused Of Decade-Old Cryptography Code Conspiracy

Aw.... you beat me to it!

www.abovetopsecret.com...

Great stuff!

you'd have to be born in another century to be this naive and not think that the c.i.a and the f.b.i don't have access to 99% of the "private" information and traffic of american based websites.

even if they can't be used in a court of law, or used for search warrants it would be able to lead these agencies on the right track to secure the necessary evidence to obtain warrants and charges.

don't believe me, open a facebook account, make it completely secure and private so no one can have access to any wall posts, don't add friends and then post that you are going to harm the president.

see how long it takes for the secret service to show up on your door.

reply to post by randomname


I have had a run in with the boys in black. My girlfriend says I am crazy, but she was asleep at the time. This incident happened about two days after I was googling some crazy militia websites and Islamic news sites.
I was heading to Holiday World and they let me know(by actions, not words) they were watching. I might make a thread on the incident.
But anyways, this is how I personally know "they" are filtering key words on the net. And if there is a pattern of material that falls into the whole defense sector, they just might dispatch a few local fellas your way. Believe me the filters work.

Additional update on the matter here: www.osnews.com...

Looks like the pocket protectors are off!!

Another denial of the claims here:

www.slashgear.com

One of the developers named in the OpenBSD backdoor allegations has denied any involvement, with Jason L. Wright arguing that the work he carried out on the OS related instead to device drivers and demanding an apology. Former OpenBSD coder Gregory Perry made claims earlier this month that the FBI had installed covert backdoor access into the popular open-source platform, so as to allow the bureau to monitor VPN and other traffic.

Some in the community have even offered up a bounty for anyone who can locate any evidence of Perry's claims in the released email.

OpenBSD IPSec backdoor allegations: triple $100 bounty

In case you hadn't heard: Gregory Perry alleges that the FBI paid OpenBSD contributors to insert backdoors into OpenBSD's IPSec stack, with his (Perry's) knowledge and collaboration.

If that were true, it would also be a concern for FreeBSD, since some of our IPSec code comes from OpenBSD.

I'm having a hard time swallowing this story, though. In fact, I think it's preposterous. Rather than go into further detail, I'll refer you to Jason Dixon's summary, which links to other opinions, and add only one additional objection: if this were true, there would be no “recently expired NDA”; it would be a matter of national security.

I'll put my money where my mouth is, and post a triple bounty:

Some interesting discussion of the matter can also be found here:

marc.info...

marc.info...


Some speculate that this is a big publicity stunt, which seems plausible though the allegations and folks being named seems to me to ripe for a potential lawsuit? If the allegations are false.. wouldn't the named be within their rights to take this to court to clear their names, and by doing so, also require the accuser to put his money where his mouth is.. ie:provide the evidence to substantiate his claims?

I am only speculating myself here.. but this is definitely an interesting story.

Here's another intriguing article on the subject of the OpenBSD security...

What can the OpenBSD IPsec backdoor allegations teach us?

...Ultimately, however, this situation should be taken as a source of lessons we can learn about securing our software, regardless of any holy wars over the security benefits of open source models of software development.

1. Do not trust government involvement in development of secure software. Whether the software is open source or closed, the governmental motivation remains the same: monitoring the activities and secrets of members of the public. Whether you believe their intentions are good (protecting us from terrorists) or corrupt (cracking down on peaceful dissidents), the result is that government is strongly motivated to violate individual privacy — which means compromising security technologies.

2. Prefer simple systems over complex systems. The more complex the system, the easier it is to hide problems in plain sight, whether those problems are hidden there by accident or by malicious intent. If these problems exist, the relative complexity of IPsec implementations in general surely contributed to the continuing obscurity of the backdoor code in the system...

Bugs Discovered in Audit of OpenBSD Code

The latest news...

www.itwire.com

The OpenBSD project has found two bugs during an audit of the cryptographic code in which, it has been alleged, the FBI, through former developers, was able to plant backdoors.

OpenBSD project head Theo de Raadt told iTWire: "We've been auditing since the mail came in! We have already found two bugs in our cryptographic code. We are assessing the impact. We are also assessing the 'archeological' aspects of this.."

While this doesn't confirm the allegations, we need to be patient while they finish the audit and origin of the bugs, an old adage comes to mind...

Where there's smoke?.....

Let me summarize this story:

1) This is an accusation that the FBI paid a software developer to put a backdoor into the IPSEC OpenBSD code. This is used worldwide in internet-connected devices, whether you're on Windows, Mac, Linux, your phone, or whatever system. It would allow people to snoop on the data you are sending.

2) This is only an accusation. No proof of concept code has been shown.

3) The guy alleged to have accepted the FBI bribe has denied this.

Right now, this is garbage, until it is proven.

a bit more from the source of the email that started this whole deal...

Developer defends claims of backdoors in OpenBSD

...An audit of the cryptographic code has commenced and de Raadt told iTWire yesterday that two bugs had been found.

Perry said he had sent a private email to de Raadt, urging him to perform a source code audit of the OpenBSD Project based upon the allegations contained within the mail.

"Theo then sent, without my permission and against my wishes, the entire contents of that email with my contact particulars to a public listserver, which ignited this firestorm of controversy that I am now seemingly embroiled in," he said.

"If I had this to do over again, I would have sent an anonymous postcard to WikiLeaks probably."...

reply to post by JBA2848


Cofee is a joke, people hype stuff up to much with out knowing what it is.

www.microsoft.com...


So we have tptb wanting to shut down the internet but it's the one way they can snoop on everything we do sort it out people.

Originally posted by aivlas
reply to post by JBA2848

 

Cofee is a joke, people hype stuff up to much with out knowing what it is.

www.microsoft.com...

edit on 18-12-2010 by aivlas because: (no reason given)

So we have tptb wanting to shut down the internet but it's the one way they can snoop on everything we do

sort it out people.

edit on 18-12-2010 by aivlas because: (no reason given)

Curious cat here, but why would you say that cofee is a joke, lets face it, there are far more hard core and stealthy codes out there that would make cofee seem like it was designed from the stone age. But and i mean but, cofee as a stand alone software was very much lets say, a default software out of the box for a purpose, it was when you tweaked it that it brought out its functions, myself, i enjoy using well i did up until a year ago, backtrack.

Originally posted by senselessgarbage
Let me summarize this story:

1) This is an accusation that the FBI paid a software developer to put a backdoor into the IPSEC OpenBSD code. This is used worldwide in internet-connected devices, whether you're on Windows, Mac, Linux, your phone, or whatever system. It would allow people to snoop on the data you are sending.

2) This is only an accusation. No proof of concept code has been shown.

3) The guy alleged to have accepted the FBI bribe has denied this.

Right now, this is garbage, until it is proven.

1) Many military contracts are awarded to civilian companies and not talked about due to national security.

2) I dont mean to sound rude but perhaps you have been living on another planet, do you honestly believe that interception on a digital level cannot be achieved through a remote means, if so, then i would be very cautious as to how and what ever business you decide to conduct across the internet.

3). No comment purely because i cannot prove or deny any such transaction therefore my opinion on this particular point is null an void.

Originally posted by c00kbook
A random number generated in software can never truly be random as there is always code used to generate the "random" number. If you have access to this code your job is alot easier.

Bingo, give the man his prize please.

reply to post by tristar


People hyped it up to be this amazing tool when it really isn't, it's just an easy to use thing for police to use with little training, you can get all the functionality of cofee from other apps

Originally posted by aivlas
reply to post by tristar

 

People hyped it up to be this amazing tool when it really isn't, it's just an easy to use thing for police to use with little training, you can get all the functionality of cofee from other apps

edit on 19-12-2010 by aivlas because: (no reason given)

Agreed, then again that was its original purpose, for lower level tech police to be able to plug and play so to speak.

www.slashgear.com

OpenBSD project chief Theo de Raadt has said that he accepts contracting firm NETSEC “was probably contracted to write backdoors” into the open-source platform, but believes none of the exploit code made it into the eventual tree. The comments come as early investigations are made into OpenBSD code following allegations by an ex-NETSEC programmer that the FBI paid to have backdoor access installed into the OS.

This story isn't over, and I wonder has anyone seen any coverage of this on the TV? I may have missed it since it is the holiday season, but personally I haven't heard a peep since the allegations appeared a week ago..

Now we have Theo hinting that the allegations of backdoors is most likely true. In an earlier article it mentioned that the audit could take weeks, and after only one, and the bugs found, he is comfortable to make that assessment..

here's the direct link to Theo's assessment:

marc.info...

and be sure to check out Maxmars thread for more on this current conspiracy..

www.abovetopsecret.com...

reply to post by JacKatMtn


Sorry Jack, I probably should have added my post here.... shall I cross-post it?

reply to post by Maxmars


Not necessary Max, I added the link so folks can follow your thread as well, that was a jaw dropper you posted earlier.. I don't think this story is even close to being over..

reply to post by JacKatMtn


I was very surprised, I figured once ARSTecnica dropped the story, it would dissapear.... I'm gald it didn't.

This one has some of the elements of a good spy novel ...


Also... for the skeptics, the proof of concept and enough meat has been provided to render the usual 'debunker' shuffle moot.

If this is true (and it is looking like it is likely given Theo's latest thoughts) then this has ramifications far beyond the events of 2001.

It was always possible that a law enforcement agency would attempt to subvert crypto, but if this is the first real example of it happening to an open-source project like this (if there are previous examples, let me know) - then it means we basically can not trust any system to be secure.

Worse still, it means supposedly secure systems could be intercepted by other Governments/entities, if they discovered flaws yet didn't say anything.

It is one thing to weaken crypto so they can read it, but it also means others can too.