Government Backdoors in OpenBSD?

by Ostatic Staff - Dec. 14, 2010

We've all heard rumors of backdoors for governments or rogue elements of governments in Microsoft Windows systems, but did we ever think we might find it in the Open Source world? Well, according to Theo de Raadt, renowned Open Source developer, that just might be the case.

de Raadt stated in a post to the openbsd-tech mailing list that former OpenBSD developers accepted funding from the Federal Bureau of Investigations to write backdoors into the OpenBSD IPSEC network stack. IPSEC is a set of tools that provide security and encryption of connections. According to the source around 2000-2001 "the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI." He also alleged this might be the real reason de Raadt lost DARPA funding for developing OpenSSH and OpenBSD, which was previously believed to be because of de Raadt's publicly stated opposition to the US occupation of Iraq.

Gregory Perry, CEO of GoVirtual Education and de Raadt's source, further stated that this was the reason the FBI has been "advocating the use of OpenBSD for VPN and firewalling implementations in virtualized environments."

de Raadt has suggested an audit of the IPSEC stack, but wonders if much of the nefarious code (if it ever existed) is left after such a long period of time. Jonathan Corbet, Linux kernel developer and author, said, "It will be interesting to see if the forthcoming audit turns up anything, or whether it is simply a strange FUD campaign." If present, one has to wonder why no one has found evidence of it as of yet.

OpenBSD was born in 1995 after de Raadt departed the NetBSD project. The Unix-like operating system has been in development since with the latest version released November 2010.