FBI Alleged To Have Backdoored OpenBSD's IPSEC Stack

Aggrajag and Mortimer.CA, among others, wrote to inform us that Theo de Raadt has made public an email sent to him by Gregory Perry, who worked on the OpenBSD crypto framework a decade ago. The claim is that the FBI paid contractors to insert backdoors into OpenBSD's IPSEC stack. Mr. Perry is coming forward now that his NDA with the FBI has expired. The code was originally added ten years ago, and over that time has changed quite a bit, "so it is unclear what the true impact of these allegations are" says Mr. de Raadt. He added: "Since we had the first IPSEC stack available for free, large parts of the code are now found in many other projects/products." (Freeswan and Openswan are not based on this code.)

But but but

[igreaterthanu]

Many eyes makes FOSS software invulnerable to this sort of attack?

Not trying to troll here, but seriously people should be doing more audits, especially themselves.

If this has been there for ten years, then this is ten years too late in spotting it.

Re:But but but

[MichaelSmith]

I doubt the situation would be any better if OpenBSD had been commercial and closed source. Who's to say the same back door isn't in Tru64, HP-UX and AIX?

Re:But but but

[igreaterthanu]

Commercial is different though, with FOSS I and (everyone else should for that matter), expect that there are no backdoors and it does exactly what it says it does.

That is supposed to be one of the biggest "selling points" of FOSS.

Re:But but but

[Sycraft-fu]

Actually it would likely be harder. In the case of OSS, all you have to do is get people to contribute to the code. The FBI doesn't really have to be sneaky about it at all, other than that the people don't reveal who they work for. They could even lie about who they are as it is all done over the net anyhow. If it gets discovered, well no big deal really. I mean it is free and open, nobody made them accept those contributions. There's no legal problems that I can see.

In the case of a company, you have to either subvert or plant employees there. Doing that without a court order would be illegal. It also has to go on undetected, of course, and that is much harder since the employee works physically at the company. Then there's the problem that if it becomes known, you may have a lawsuit on your hands, or congressional inquiry, and so on. Big companies wield a lot of power and would likely not be amused in the slightest.

However what the GP is really saying overall is that if this turns out to be true (please note I am doubtful of that) it shows a weakness in the "many eyes" idea. That mantra is repeated over and over by OSS advocates almost like an incantation, that because something is open it means that all sorts of people are looking it over and there won't be anything evil in it. That is not the case, of course. Some OSS stuff is well audited, some is not. If this proves to be true it would show that even the pretty well audited stuff is not immune, that just having the source out in the open is not enough to guarantee security.

Re:But but but

[gnapster]

So what you are saying is, your OpenBSD box is running a version that is missing 60% of the timeline where edits could have been made to break this backdoor?

Re:But but but

[igreaterthanu]

Crackers don't like sharing their audit results for free.

Re:But but but

[Opportunist]

One of the biggest selling points of FOSS is that you can audit it at leisure, without having to go to the maker, give them a GOOD reason why you'd want to audit the source and sign NDAs with blood.

Unaudited, FOSS is just as well audited as closed source. Duh.

In other words, as long as everyone's too lazy/cheap/dumb to actually DO an audit, yes, FOSS is by no means more secure than CSS.

Re:But but but

[Haeleth]

That mantra is repeated over and over by OSS advocates almost like an incantation

I constantly see people claim that OSS advocates use this argument. I can't remember the last time I saw an actual OSS advocate actually using it.

Really you are fighting something of a straw man. Nobody with a clue has ever claimed that "many eyes" is some kind of magical guarantee of security. It is not news that high-profile OSS code can contain very serious flaws; just think of the Debian OpenSSL incident!

Re:But but but

[thePowerOfGrayskull]

Of course... your comment serves to underscore the importance of open source. While GP noted that it *should* have been caught in OpenBSD,.. at least the potential for it to have been caught was there. If it's in Linux as well, we'll know very soon since it's reasonably certain that people are looking now. If it's in MS products... well, that's something we'll never know.

Re:But but but

[sjames]

Use the source! There's no need to wonder, pick a likely function, audit it, and post your results!

But has it been confirmed?

[brunes69]

Why engage in mass speculation? Check out the code from the time period in question and audit it for a back door. I don't know why everyone should get up in arms over an allegation that may very well be unfounded.

Re:But has it been confirmed?

If the backdoor was done well, it may be impossible to confirm. Not that this is how it was done, but many encryption routines define lots and lots of constants. Random large primes and that sort of thing. You could assume that these constants were chosen for cryptographically sound reasons, and you might be right. You could also assume that these constants were created using an external "secret key", and that anyone with this secret key would be able to decrypt data, and you might be right. Or maybe it's just designed to look like a programming error i.e. if(uid=0) { ... }. Plausible deniability is the name of the game; we may be able to fix the problem by re-writing the code from scratch, but we may never be able to say whether there was a problem in the orginal code to begin with.

Not likely

It would be the NSA doing this and they wouldn't require a NDA that would expire. Such an agreement would be that it never would be revealed. Sounds like a hoax.

Could be hard

[Sycraft-fu]

You have to remember that something like that wouldn't be in the code with a /*evil shit goes here*/ before it. To have survived it would need to be well hidden. The idea that you can just look at code and find problems is false. I mean were that the case, no software would ever have any bugs.

So to find it could take a lot of work, even when you know there is something to look for.

This presumes, of course, there IS something to look for and this isn't just some guy making shit up. I'm leaning more towards that option since I don't see why the FBI wouldn't have a longer NDA. Classified material is generally done for 50 years, and something like that would surely be classified.

Hmm.. now interesting

[rtfa-troll]

So; this is going to be interesting. Imagine there were no back doors; how would you prove it? Want to discredit OpenBSD; that's how you would do it. Assume there are backdoors; now we have the first known clear example of illegally placed malware by a US Govt. group. The FBI is not the NSA, but they definitely have access to good people. Assume this was rogue players. Warrentless wiretapping against US Govt. lawyers! In the absence of any pointer to relevant code, I would go with it being FUD, but I expect to be proved wrong..

Re:Hmm.. now interesting

[Martin+Blank]

If it is true, it was submitted as source code, subject to review, accepted by the community, and installed by users. I see nothing illegal here.

I also don't see where it's necessarily warrantless wiretapping. Sure, it could be used for that, but this kind of thing could also absolutely be used for warranted wiretapping. The FBI goes to a judge, gets a warrant, captures the traffic, and decrypts it using the backdoor. Again, nothing illegal.

There are ethical issues with intentionally subverting such a project, but I don't see legal issues such as you claim.

Re:Hide yo keys, hide yo passwords

[Opportunist]

Sure gonna. You left your fingerprint and all you are so dumb. You are really dumb. For real.

(I can't believe how well this fits...)

Re:42 Grams.

[TheLink]

The code obfuscation competitions won't be good examples - since obfuscated code looks hard to understand, which would make it more noticeable to auditors, or even "normal programmers" looking at the code.

It'll be stuff like "The Underhanded C Contest": http://underhanded.xcott.com/?page_id=17

Or this: http://www.debian.org/security/2008/dsa-1576
Or "accidentally" leave in a few exploitable buffer overflows or other "normal" bugs.

As for over reliance on "many eyes", just relying on it is over-reliance. The "many eyes" claim is not applicable when it comes to _security_ bugs.

There are many eyes, but they're all "watching TV". They'll notice if a bug crashes their DVR or causes image corruption, other than that no.

There are only very few skilled experienced eyes auditing the code, and not all of those are on the "defending" side.

Re:Oh shit...

[JeffSh]

While funny, it misses the bigger picture of the OpenBSD stack/code being hidden in other devices, especially vpn/firewall appliances.

Re:You pay for corruption.

[NiceGeek]

In fact if someone like Assange would have pulled this crap back then, he'd have found himself with a fatal necktie.

Re:Only two remote holes...

[skids]

99.99% of code can be cleaned by talented enough audit freaks. Crypto code is in the other 0.01%. Proper cryptography development requires doctorate level mathematics skills.