Allegations that the FBI surreptitiously placed a back door into the OpenBSD operating system have alarmed the computer security community, prompting calls for an audit of the source code and claims that the charges must be a hoax.
The report surfaced in e-mail made public yesterday from a former government contractor, who alleged that he worked with the FBI to implement “a number of back doors” in OpenBSD, which has a reputation for high security and is used in some commercial products.
Gregory Perry, the former chief technologist at the now-defunct contractor Network Security Technology, or NETSEC, said he’s disclosing this information now because his 10-year confidentiality agreement with the FBI has expired. The e-mail was sent to OpenBSD founder Theo de Raadt, who posted it publicly.
“I cashed out of the company shortly after the FBI project,” Perry told CNET today. “At that time there were significant legal barriers between domestic law enforcement and [the Department of Defense], and [this project] was in clear violation of that.” He said the project was a “circa 1999 joint research and development project between the FBI and the NSA,” which is part of the Defense Department.
The OpenBSD project, which was once funded by DARPA but had its funding yanked in 2003 for unspecified reasons, says that it takes an “uncompromising view toward increased security.” The code is used in Microsoft’s Windows Services for Unix and firewalls including ones sold by Calyptix Security, Germany’s Swapspace.de, and Switzerland’s Apsis GmbH.
In national security circles, it’s an open secret that the U.S. government likes to implant back doors in encryption products.
That’s what the FBI proposed in September, although it also claimed that the crypto-back doors would be used only through a legal process. So did the Clinton administration, in what was its first technology initiative in the early 1990s, which became known as the Clipper Chip.
(Credit:
Openbsd.org)
If implemented correctly using a strong algorithm, modern encryption tools are believed to be so secure that even the NSA’s phalanxes of supercomputers are unable to decrypt messages or stored data. One report noted that, even in the 1990s, the FBI was unable to successfully decrypt communications from some wiretaps, and a report this year said it could not decrypt hard drives using the AES algorithm with a 256-bit key.
E.J. Hilbert, a former FBI agent, indicated in a note on Twitter last night that the OpenBSD “experiment” happened but was unsuccessful.
The Justice Department did not respond to a request from CNET yesterday for comment.
NETSEC, the now-defunct contractor, boasted at the time that it was a top provider of computer security services to the Justice Department, the Treasury Department, the National Science Foundation, and unnamed intelligence agencies. A 2002 NSF document (PDF) says NETSEC was “a contractor that NSF utilizes for computer forensics” that performed an investigation of whether data “deleted from an internal NSF server” amounted to a malicious act or not.
A snapshot of the NETSEC Web page from August 2000 from Archive.org shows that the company touted its close ties with the NSA. The founders created the company to build “upon practices developed while employed at the National Security Agency (NSA) and Department of Defense (DoD), the methodologies utilized at NETSEC today are widely regarded as the best anywhere,” it says.
On the OpenBSD technical mailing list, reaction was concerned but skeptical. One post suggested that the best way to insert a back door would be to leak information about the cryptographic key through the network, perhaps through what’s known as a side channel attack. (A 2000 paper describes that technique as using information about the specific implementation of the algorithm to break a cipher, in much the same way that radiation from a computer monitor can leak information about what’s on the screen. Secure environments use TEMPEST shielding to block that particular side channel.)
A 1999 New York Times article written by Peter Wayner about the Clinton administration’s encryption policies, which quoted Perry about OpenBSD, noted that the “the Naval Research Lab in Virginia is using OpenBSD as a foundation of its new IPv6 project.”
Perry told CNET that he hired Jason Wright “at NETSEC as a security researcher, he was basically paid to develop full time for the OpenBSD platform.” In the e-mail to de Raadt, Perry added that “Jason Wright and several other developers were responsible for those back doors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC.”
Wright’s LinkedIn profile lists him as a “senior developer” at the OpenBSD project and a cybersecurity engineer at the Idaho National Laboratory, and previously a software engineer at NETSEC. He did not respond to a request for comment.
A decades-long push for back doors While the OpenBSD allegations may never be fully proved or disproved, it’s clear that the federal government has a long history of pressing for back doors into products or networks for eavesdropping purposes. The Bush administration-era controversy over pressuring ATT to open its network–in apparent violation of federal law–is a recent example.
Louis Tordella, the longest-serving deputy director of the NSA, acknowledged overseeing a similar project to intercept telegrams as recently as the 1970s. It relied on the major telegraph companies, including Western Union, secretly turning over copies of all messages sent to or from the United States.
“All of the big international carriers were involved, but none of ’em ever got a nickel for what they did,” Tordella said before his death in 1996, according to a history written by L. Britt Snider, a Senate aide who became the CIA’s inspector general.
The telegraph interception operation was called Project Shamrock. It involved a courier making daily trips from the NSA’s headquarters in Fort Meade, Md., to New York to retrieve digital copies of the telegrams on magnetic tape.
Like the eavesdropping system authorized by President Bush, Project Shamrock had a “watch list” of people in the U.S. whose conversations would be identified and plucked out of the ether by NSA computers. It was intended to be used for foreign intelligence purposes.
Then-President Richard Nixon, plagued by anti-Vietnam protests and worried about foreign influence, ordered that Project Shamrock’s electronic ear be turned inward to eavesdrop on American citizens. In 1969, Nixon met with the heads of the NSA, CIA and FBI and authorized a program to intercept “the communications of U.S. citizens using international facilities,” meaning international calls, according to James Bamford’s 2001 book titled “Body of Secrets.”
Nixon later withdrew the formal authorization, but informally, police and intelligence agencies kept adding names to the watch list. At its peak, 600 American citizens appeared on the list, including singer Joan Baez, pediatrician Benjamin Spock, actress Jane Fonda, and the Rev. Martin Luther King Jr.
Another apparent example of NSA and industry cooperation became public in 1995. The Baltimore Sun reported that for decades NSA had rigged the encryption products of Crypto AG, a Swiss firm, so U.S. eavesdroppers could easily break their codes.
The six-part story, based on interviews with former employees and company documents, said Crypto AG sold its compromised security products to some 120 countries, including prime U.S. intelligence targets such as Iran, Iraq, Libya and Yugoslavia. (Crypto AG disputed the allegations.)
MOSCOW (Reuters Life!) – Russian spy Anna Chapman showed up at President Dmitry Medvedev’s showcase science park on Tuesday, the latest in a long line of celebrities invited to add a touch of glamour to Moscow’s answer to Silicon Valley.
Wearing a knee-length black dress, with a green velvet corset, Chapman said she was enjoying life since the spy scandal which led to her arrest and expulsion from the United States alongside nine other Russian sleeper agents.
The redhead capitalised on her popular “sexy spy” image with a photoshoot and interview in the November issue of the Russian edition of Maxim magazine, where she appeared in lace and leather and waxed poetic about her love of romantic men.
When asked whether she was pleased with her new job as a banking advisor, she told Reuters: “Well, yes.”
Wikipedia founder Jimmy Wales was also present on Tuesday to speak with Russian government leaders about the science park.
California Governor Arnold Schwarzenegger came to Russia in October to give a public endorsement to the project, which has also attracted a multi-million dollar investment from Microsoft.
Chapman became one of Russia’s most famous spies when photographs she posted on social networking site Facebook were plastered across the front pages of tabloid newspapers around the world.
Although celebrated by the Kremlin and Russian media, the Russian spy ring was reported to have failed to secure any major intelligence before their arrests.
Medvedev awarded the group of spies the country’s highest state honours in October.
(Reporting by Alexei Anishchuk, Writing by Thomas Grove, editing by Paul Casciato)
GDC 2011 organizers have revealed an initial set of Artificial Intelligence Summit talks for the February/March 2011 event, including talks from Rockstar, Double Fine, Electronic Arts and Blizzard notables.
The always-popular summit, taking place on February 28th and March 1st during Game Developers Conference 2011 at the Moscone Center in San Francisco, will feature panels and lectures from more than two dozen of the top game AI programmers in the industry.
Organized as a collective effort by the AI Game Programmers Guild, this event promises to “give you an inside look at key architectures and issues within successful commercial games, as well as let you eavesdrop on conversations, debates, and rants on how game AI can move forward.”
Advisors for the much-anticipated Summit include Intrinsic Algorithm’s Dave Mark, author of the book “Behavioral Mathematics for Game AI”, and Nintendo of America’s Steve Rabin.
With a final set of lectures to be announced soon, a number of major talks have been revealed on the Summit homepage and the AI Summit section of GDC’s Schedule Builder. Highlights include the following:
– ‘AI Unplugged: How Experienced Devs Think Through AI’ sees sequential microlectures from notables including Blizzard’s Brian Schwab, Double Fine’s Chris Jurney, Rockstar Leeds’ Brett Laming and more, building on the premise that “designing good AI depends upon analyzing the specific behavior or problem that needs to be addressed and decomposing it in such a way that it can be dealt with in the first place.”
In the panel, the Summit presents experienced game AI designers and programmers “with examples of typical (or odd!) game behaviors and watch as they walk through the process of tackling the problem — long before the programming suite is ever opened.”
– In ‘AI Pr0n: Maximum Exposure of Your Debug Info!’, developers, including Big Huge Games’ Michael Dawe and Electronic Arts/The Sims Division’s Rez Graham “will expose the creative and unique approaches they used to visualize the complexity of their AI for debugging and development.”
The speakers will deal with the “very difficult task” of debugging complex AI, with the description noting: “Often the best approach involves visualizing the data and the relationships instead of staring at code. After all, nothing is more revealing than getting a peek at all that private activity going on behind closed doors!”
– The session ‘People in Your Pocket: High-Quality AI on Mobile Devices’ sees discussion on “AI-driven people simulators with low-fi graphical fidelity but hi-fi behavioral fidelity”, featuring Black White/The Sims 3 AI designer Richard Evans, who is now working on “an unannounced text-based simulation”, as well as Ngmoco’s Andrew Stern (Touch Pets) and noted interactive fiction developer Emily Short.
More information on GDC 2011’s AI Summit — part of the UBM TechWeb Game Network, as is this website — which can be attended via All-Access or Summit-specific GDC 2011 passes, is available on its official webpage.
Every time I get to travel with a group to more exotic places, one of the inevitable questions asked is the location of the nearest flea market or place where – to use the vernacular – “”kabutingtings” (almost literally: knick-knacks or odds ends) can be found. The Saturday fleas markets of Rome and Amsterdam come to mind. But there was also this rather seedy open market right in the middle of a Hanoi square where I found a great selection of East bloc watches – sturdy rather than fancy – selling for only $2 – 5 each, and a gem of a Praktika German camera with a Zeiss lens no less. Of course, the original makers of Zeiss optics transferred to West Germany then, and I guess the factory left behind just went on making camera lenses using the venerable name.
But when it comes to gadgets, there is only one place in the world that has it all – the gadget heaven that is Akihabara in a northern section of Tokyo. In my first visit there sometime in the 60s, the place was a warren of shops with probably one or two larger buildings containing yet more shops. But the impression was one of total chaos, with all kinds of electronic doodads on sale, with a product-selection available to suit even the most discriminating or ridiculous demand or craving. It has been some time since I have had a chance to visit the place, and so, this early, I am planning on visiting the district again, but with a wiser agenda of spending more than just a day over there. Based on reports I have read, the place has grown by leaps and bounds, and has actually gone mainstream. Even respectable manufacturers find it an honor to have their products on display over there side by side with the inevitable funky or almost useless gadgets. Trust the Japanese inventiveness and imagination to come up with gadgets you never knew you needed – or maybe, didn’t need but bought anyhow because they were so “cute”.
Well-known electronics or consumer manufacturers often showcase their products in Akihabara first before foisting them on the general public. Maybe to test market reaction in one of the world’s most gadget-crazy environments, one whose buyers get bored real fast with a product or a technology and look immediately for the next trend.
Toshiba, for example, is ready with a line-up of Tablet PCs that seem to cover the three main operating systems: Android, Chrome, and Windows 7. Maybe they are still smarting over losing out to the Blue-Ray technology of Sony in another area, and don’t want to be left out in the cold this time. Meanwhile, Google is said to be bringing out a laptop (the CR-48) for testing the Chrome OS further, making this an exciting battle to see which system wins out in the end.
But if all you want is the latest in massage chairs, or a really good back-scratcher that does it all, or a gadget that can listen in to cellphone conversations – then you need not look any further. These and many more gadgets guaranteed to bust your wallet are available at a price.
You think I am kidding? Well, one product I saw featured in an online publication showcased the ultimate in fountain pens. Now, what does a fountain pen do other than write? Why, the inventors who drive Akihabara found that some people actually want a pen that can also double as a voice recorder, with MP3 playback available plus as much as 4G storage capacity. Bet you never thought of that particular use for a fountain pen, right? And we have to thank the wonderful people of Thanko, who also make spy pens and other similar gadgets, for this innovative pen. The Thanko voice recording pen is available right now – in Japan, but especially in Akihabara.
Now, I think I really want to get that spy pen instead….or will my choice be the device that will allow me to eavesdrop on cellphone conversations? Perhaps this latter one should be a gift to any number of gossip-mongers who inhabit coffee shops to exchange the latest in sordid tales.
Former Wellington Chamber of Commerce chief executive, diplomat and Government adviser Charles Finny has been named by WikiLeaks as the United States’ top Kiwi contact.
But Mr Finny denied being a spy and said the “key contact” mentions were flattering. He is quoted often in the US diplomatic cables controversially made public by website WikiLeaks, and in a cable from May 19, 2006, was singled out as a “close [US] embassy contact”.
“I am regularly talking to embassies, high commissions and journalists in New Zealand and around the world, in areas where I have expertise,” Mr Finny said.
“I don’t want to be big-headed about it but I do know quite a lot about what goes on in some parts of the world and also about international organisations and how they operate. I am regularly consulted all over the world.”
Mr Finny is employed by public relations company Saunders Unsworth and works with domestic and international clients on tertiary education policy, international trade, aviation policy, infrastructure policy and government procurement.
He has spent much of his life studying and working overseas, living in the US, Britain, Hong Kong, Singapore, China and Taiwan.
Before joining Saunders Unsworth in July, he spent five years as Wellington Chamber of Commerce chief executive. He previously had 22 years’ experience in international trade, economics and diplomacy, serving in the Foreign Affairs and Trade Ministry, the Trade and Industry Department and the Department of the Prime Minister and Cabinet.
He is also a member of the Victoria University Council and was an unsuccessful candidate for the Greater Wellington regional council in this year’s elections.
Mr Finny said he often saw important embassy contacts at functions in Wellington.
“You see them at cocktail parties, you have lunches occasionally and sometimes they formally call on you … once every four or five months. But you would probably see them once a week at cocktail parties.
“I would say I speak most often to the Australians and the Americans and I also do work for the New Zealand Government from time to time.”
The US embassy was less keen to discuss Mr Finny. “We do not comment on materials, including classified documents, which may have been leaked,” spokeswoman Janine Burns said.
“Any unauthorised disclosure of classified information by WikiLeaks has harmful implications for the lives of identified individuals that are jeopardised in other countries, but also for global engagement among and between nations.
“While we cannot speak to the authenticity of any documents provided to the press, we can speak to the diplomatic community’s practice of cable writing. Cables reflect the internal day-to-day analysis and candid assessments that feed the governments’ foreign relations deliberations.
“These cables are often preliminary and incomplete expressions of foreign policy, and they should not be seen as having standing on their own or as representing US policy.”
Mr Finny’s main area of expertise is international trade negotiations in Asia. “We just talk about what’s going on and what’s happening in various places around the world,” he said.
He “absolutely” was not a spy. “I talk to lots of people across the business community, the diplomatic community, international organisations and media.”
Do you want safety for you and your family? How about we build a fence too keep all the dangerous people outside, and we will put barbed wire on it to keep people climbing over, and electrified cables to keep people digging under it, and guard towers to see anyone approaching it, with machine guns to scare the dangerous people off and make sure they cannot get in. and the the fence will ring your house to keep the dangerous people out and the safe people safely inside, and we cannot risk your safety by ever letting you out.
(Credit: