lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <AANLkTimyStTrU30Es6NC0RVDROWi+RYb_R1nJMmQTaWi@mail.gmail.com>
Date: Thu, 16 Dec 2010 18:55:21 -0500
From: musnt live <musntlive@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Perry explains OpenBSD backdoor more

http://blogs.csoonline.com/1296/an_fbi_backdoor_in_openbsd

Hello Robert,

I did not really intend for Theo to cross post that message to the
rest of the Internet, but I stand by my original email message to him
in those regards.

The OCF was a target for side channel key leaking mechanisms, as well
as pf (the stateful inspection packet filter), in addition to the
gigabit Ethernet driver stack for the OpenBSD operating system; all of
those projects NETSEC donated engineers and equipment for, including
the first revision of the OCF hardware acceleration framework based on
the HiFN line of crypto accelerators.

The project involved was the GSA Technical Support Center, a circa
1999 joint research and development project between the FBI and the
NSA; the technologies we developed were Multi Level Security controls
for case collaboration between the NSA and the FBI due to the Posse
Commitatus Act, although in reality those controls were only there for
show as the intended facility did in fact host both FBI and NSA in the
same building.

We were tasked with proposing various methods used to reverse engineer
smart card technologies, including Piranha techniques for stripping
organic materials from smart cards and other embedded systems used for
key material storage, so that the gates could be analyzed with
Scanning Electron and Scanning Tunneling Microscopy.  We also
developed proposals for distributed brute force key cracking systems
used for DES/3DES cryptanalysis, in addition to other methods for side
channel leaking and covert backdoors in firmware-based systems.  Some
of these projects were spun off into other sub projects, JTAG analysis
components etc.  I left NETSEC in 2000 to start another venture, I had
some fairly significant concerns with many aspects of these projects,
and I was the lead architect for the site-to-site VPN project
developed for Executive Office for United States Attorneys, which was
a statically keyed VPN system used at 235+ US Attorney locations and
which later proved to have been backdoored by the FBI so that they
could recover (potentially) grand jury information from various US
Attorney sites across the United States and abroad.  The person I
reported to at EOSUA was Zal Azmi, who was later appointed to Chief
Information Officer of the FBI by George W. Bush, and who was chosen
to lead portions of the EOUSA VPN project based upon his previous
experience with the Marines (prior to that, Zal was a mujadeen for
Usama bin Laden in their fight against the Soviets, he speaks fluent
Farsi and worked on various incursions with the CIA as a linguist both
pre and post 911, prior to his tenure at the FBI as CIO and head of
the FBI’s Sentinel case management system with Lockheed).  After I
left NETSEC, I ended up becoming the recipient of a FISA-sanctioned
investigation, presumably so that I would not talk about those various
projects; my NDA recently expired so I am free to talk about whatever
I wish.

Here is one of the articles I was quoted in from the NY Times that
touches on the encryption export issue:

In reality, the Clinton administration was very quietly working behind
the scenes to embed backdoors in many areas of technology as a counter
to their supposed relaxation of the Department of Commerce encryption
export regulations – and this was all pre-911 stuff as well, where the
walls between the FBI and DoD were very well established, at least in
theory.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ