Report of FBI back door roils OpenBSD community

Allegations that the FBI surreptitiously placed a back door into the OpenBSD operating system have alarmed the computer security community, prompting calls for an audit of the source code and claims that the charges must be a hoax.

The report surfaced in e-mail made public yesterday from a former government contractor, who alleged that he worked with the FBI to implement "a number of back doors" in OpenBSD, which has a reputation for high security and is used in some commercial products.

Gregory Perry, the former chief technologist at the now-defunct contractor Network Security Technology, or NETSEC, said he's disclosing this information now because his 10-year confidentiality agreement with the FBI has expired. The e-mail was sent to OpenBSD founder Theo de Raadt, who posted it publicly.

"I cashed out of the company shortly after the FBI project," Perry told CNET today. "At that time there were significant legal barriers between domestic law enforcement and [the Department of Defense], and [this project] was in clear violation of that." He said the project was a "circa 1999 joint research and development project between the FBI and the NSA," which is part of the Defense Department.

The OpenBSD project, which was once funded by DARPA but had its funding yanked in 2003 for unspecified reasons, says that it takes an "uncompromising view toward increased security." The code is used in Microsoft's Windows Services for Unix and firewalls including ones sold by Calyptix Security, Germany's Swapspace.de, and Switzerland's Apsis GmbH.

In national security circles, it's an open secret that the U.S. government likes to implant back doors in encryption products.

That's what the FBI proposed in September, although it also claimed that the crypto-back doors would be used only through a legal process. So did the Clinton administration, in what was its first technology initiative in the early 1990s, which became known as the Clipper Chip.

If implemented correctly using a strong algorithm, modern encryption tools are believed to be so secure that even the NSA's phalanxes of supercomputers are unable to decrypt messages or stored data. One report noted that, even in the 1990s, the FBI was unable to successfully decrypt communications from some wiretaps, and a report this year said it could not decrypt hard drives using the AES algorithm with a 256-bit key.

E.J. Hilbert, a former FBI agent, indicated in a note on Twitter last night that the OpenBSD "experiment" happened but was unsuccessful.

The Justice Department did not respond to a request from CNET yesterday for comment.

NETSEC, the now-defunct contractor, boasted at the time that it was a top provider of computer security services to the Justice Department, the Treasury Department, the National Science Foundation, and unnamed intelligence agencies. A 2002 NSF document (PDF) says NETSEC was "a contractor that NSF utilizes for computer forensics" that performed an investigation of whether data "deleted from an internal NSF server" amounted to a malicious act or not.

A snapshot of the NETSEC Web page from August 2000 from Archive.org shows that the company touted its close ties with the NSA. The founders created the company to build "upon practices developed while employed at the National Security Agency (NSA) and Department of Defense (DoD), the methodologies utilized at NETSEC today are widely regarded as the best anywhere," it says.

On the OpenBSD technical mailing list, reaction was concerned but skeptical. One post suggested that the best way to insert a back door would be to leak information about the cryptographic key through the network, perhaps through what's known as a side channel attack. (A 2000 paper describes that technique as using information about the specific implementation of the algorithm to break a cipher, in much the same way that radiation from a computer monitor can leak information about what's on the screen. Secure environments use TEMPEST shielding to block that particular side channel.)

A 1999 New York Times article written by Peter Wayner about the Clinton administration's encryption policies, which quoted Perry about OpenBSD, noted that the "the Naval Research Lab in Virginia is using OpenBSD as a foundation of its new IPv6 project."

Perry told CNET that he hired Jason Wright "at NETSEC as a security researcher, he was basically paid to develop full time for the OpenBSD platform." In the e-mail to de Raadt, Perry added that "Jason Wright and several other developers were responsible for those back doors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC."

Wright's LinkedIn profile lists him as a "senior developer" at the OpenBSD project and a cybersecurity engineer at the Idaho National Laboratory, and previously a software engineer at NETSEC. He did not respond to a request for comment.

A decades-long push for back doors
While the OpenBSD allegations may never be fully proved or disproved, it's clear that the federal government has a long history of pressing for back doors into products or networks for eavesdropping purposes. The Bush administration-era controversy over pressuring AT&T to open its network--in apparent violation of federal law--is a recent example.

Louis Tordella, the longest-serving deputy director of the NSA, acknowledged overseeing a similar project to intercept telegrams as recently as the 1970s. It relied on the major telegraph companies, including Western Union, secretly turning over copies of all messages sent to or from the United States.

"All of the big international carriers were involved, but none of 'em ever got a nickel for what they did," Tordella said before his death in 1996, according to a history written by L. Britt Snider, a Senate aide who became the CIA's inspector general.

The telegraph interception operation was called Project Shamrock. It involved a courier making daily trips from the NSA's headquarters in Fort Meade, Md., to New York to retrieve digital copies of the telegrams on magnetic tape.

Like the eavesdropping system authorized by President Bush, Project Shamrock had a "watch list" of people in the U.S. whose conversations would be identified and plucked out of the ether by NSA computers. It was intended to be used for foreign intelligence purposes.

Then-President Richard Nixon, plagued by anti-Vietnam protests and worried about foreign influence, ordered that Project Shamrock's electronic ear be turned inward to eavesdrop on American citizens. In 1969, Nixon met with the heads of the NSA, CIA and FBI and authorized a program to intercept "the communications of U.S. citizens using international facilities," meaning international calls, according to James Bamford's 2001 book titled "Body of Secrets."

Nixon later withdrew the formal authorization, but informally, police and intelligence agencies kept adding names to the watch list. At its peak, 600 American citizens appeared on the list, including singer Joan Baez, pediatrician Benjamin Spock, actress Jane Fonda, and the Rev. Martin Luther King Jr.

Another apparent example of NSA and industry cooperation became public in 1995. The Baltimore Sun reported that for decades NSA had rigged the encryption products of Crypto AG, a Swiss firm, so U.S. eavesdroppers could easily break their codes.

The six-part story, based on interviews with former employees and company documents, said Crypto AG sold its compromised security products to some 120 countries, including prime U.S. intelligence targets such as Iran, Iraq, Libya and Yugoslavia. (Crypto AG disputed the allegations.)

Court Rebuffs Obama on Warrantless Cell-Site Tracking
By David Kravets December 15, 2010 | 3:52 pm | Categories: Surveillance, privacy

A federal appeals court on Wednesday rejected the Obama administration’s contention that the government is never required to get a court warrant to obtain cell-site information that mobile-phone carriers retain on their customers.

The decision by the 3rd U.S. Circuit Court of Appeals is one in a string of court decisions boosting Americans’ privacy (.pdf) in the digital age — rulings the government fought against. The most significant and recent decision came Tuesday, when a different federal appeals court said for the first time the government must obtain a court warrant for an internet service provider to grant the authorities access to a suspect’s e-mail.

The case that concluded Wednesday concerns historical cell-site location information, which carriers usually retain for about 18 months. The data identifies the cell tower the customer was connected to at the beginning of a call and at the end of the call — and is often used in criminal prosecutions and investigations.


“Prosecutors across the country use the statute in criminal investigations to obtain a wide range of evidence,” (.pdf) the administration told the Philadelphia-based 3rd Circuit.

The Stored Communications Act, the appeals court ruled in September, granted judges the discretion to require a warrant under the Fourth Amendment for the government to obtain the cell-site information. It was the first appellate court to reach that conclusion, despite a handful of lower-court decisions freeing the government from that requirement.

The Obama administration urged the appellate court to reconsider its position, an offer the court declined Wednesday without commenting on the merits.

The administration has also asked the U.S. Court of Appeals for the District of Columbia Circuit to reverse its August ruling requiring court warrants to affix GPS devices to vehicles to track their every move. The administration said Americans should expect no privacy “in the totality of his or her movements in public places.”

The appellate court’s answer is pending.

Photo: Keithius/Flickr

See Also:

Feds Can Search, Seize P2P Files Without Warrant
Warrant Needed to Get Your E-Mail, Appeals Court Says
Spam Suspect Uses Google Docs; FBI Happy
Caught Spying on Student, FBI Demands GPS Tracker Back
Appeals Court Guts Landmark Computer-Privacy Ruling
Feds: Privacy Does Not Exist in ‘Public Places’
FCC’s Warrantless Household Searches Alarm Experts
Yahoo Beats Feds in E-Mail Privacy Battle
Feds Warrantlessly Tracking Americans’ Credit Cards in Real Time