https://www.muckrock.com/foi/united-states-of-america-10/foia-fbi-openbsd-70084/
Earlier this year I FOIAed the FBI for details on allegations of backdoor installed
in the IPSEC stack in 2010, originally discussed by OpenBSD devs
(https://marc.info/?l=openbsd-tech=129236621626462 …) Today, I got an
interesting but unexpected responsive record:
https://www.muckrock.com/foi/united-states-of-america-10/foia-fbi-openbsd-70084/ …
#FOIAfriday
The record I was provided by the FBI was created Sept. 2002, and details a
separate investigation into an operation tiled 'OPERATION 0DAY COMPUTER
INTRUSIONS':
https://cdn.muckrock.com/foia_files/2019/07/19/Ecd74aeb090e009e1ede26e1a0fe860c184bb6797_Q52218_R348013_D2256726.pdf
…
To my knowledge there are no other public agency records available regarding
this.
There are a lot of redactions here, but it looks like the focus here might have
been an exploit that lead also to the following OpenSSH vuln:
https://web.archive.org/web/20080622172542/www.iss.net/threats/advise123.html …
"OpenBSD was compromised through the internet host http://cvs.openbsd.org or
http://ftp.openbsd.org ,.. [REDACTED] claimed on IRC channel [REDACTED] which he connects
to from internet hosts in Australia, to have committed the hack."
https://twitter.com/RooneyMcNibNug/status/1152329067707928583
