Extended Subset
Mickey, an OpenBSD developer from that time period has published a rambling memoir entitled how I stopped worrying and loved the backdoor (A reference to the film Dr. Strangelove) in which he confirms that both Jason and Angelos were funded by netsec. He also makes the point that this served to fund OpenBSD and Theo indirectly as well. Many of his claims are verifiable by looking at the OpenBSD CVS commit history and honestly I’d noticed some of it myself and thought it was odd. He describes encounters with agents of various TLAs.
Probably the most straightforward interpretation of Mickey’s story simply confirms what we already knew: funny stuff was going on in the source tree at that time and people crossing international borders sometimes receive some heavy arm-twisting by the US government, even if they are American citizens such as Jacob Appelbaum and Moxie Marlinspike. It’s not hard to imagine that pressure being applied to someone seeking to continue working or studying in the US.
I was planning to let this particular dog lie (well, at least until I had a working exploit :-), but suddenly a New York Times article drops a clue which adds another unbelievable twist to the plot. They report that it was a joint US-Israeli hacking effort which developed the Stuxnet attack on Iran’s uranium enrichment centrifuges. (For all the hyperbole surrounding Stuxnet, everyone agrees it is the most effective and sophisticated targeted attack on a nation’s specific industrial process.) For its part, it was the US’s Idaho National Laboratory which provided significant background research into the security properties of Siemens industrial control “SCADA” systems like the ones which run Iran’s centrifuges. The INL slide deck really says it all, with diagrams and photos of US government security researchers testing out attack models against racks of Siemens gear of the same sort used in Iran.
But I’d remembered seeing Idaho National Laboratory once before - in Jason Wright’s CV. He’d written a paper for the U.S. Department of Homeland Security National Cyber Security Division, Control Systems Security Program entitled Recommended Practice for Securing Control System Modems. This was in January 2008, about the time the Stuxnet project is believed to have gotten going. In 2009, he published Time Synchronization in Heirarchical TESLA Wireless Sensor Networks pdf at a conference on Resilient Control Systems.
Jason Wright is a cyber security researcher at the Idaho National Laboratory working with SCADA and Process Control system vendors to secure critical infrastructure assets. He is also a semi-retired OpenBSD developer (also known as a “slacker”) responsible for many device drivers and layer 2 pieces of kernel code.
So we know Jason Wright was hacking on OpenBSD IPsec crypto code at the time the backdoor was alleged to have been added, and that he was pentesting Siemens SCADA systems at the time Stuxnet was being constructed and at the very same national nuclear research lab identified by the New York Times.