While doing consulting work for the FBI's GSA Technical Support Center, Perry learned that the bureau had paid several open source developers to implement hidden backdoors into OpenBSD. Perry claims he waited ten years to make the news public to avoid prosecution as he was under a no disclure agreement (NDA) with the FBI.
"My NDA with the FBI has recently expired, and I wanted to make you aware of the fact that the FBI implemented a number of backdoors and side channel key leaking mechanisms into the OCF, for the express purpose of monitoring the site to site VPN encryption system implemented by EOUSA, the parent organization to the FBI," Perry details in the email, "Jason Wright and several other developers were responsible for those backdoors, and you would be well advised to review any and all code commits by Wright as well as the other developers he worked with originating from NETSEC."De Raadt takes the allegations very seriously and wants the OpenBSD IPSEC code to be audited as soon as possible.
"This is also why several inside FBI folks have been recently advocating the use of OpenBSD for VPN and firewalling implementations in virtualized environments," he adds, "For example Scott Lowe is a well respected author in virtualization circles who also happens top be on the FBI payroll, and who has also recently published several tutorials for the use of OpenBSD VMs in enterprise VMware vSphere deployments."
Source: OS News