OpenWrt vs Defense positions

Peter Naulls peter at chocky.org
Mon May 15 07:43:25 PDT 2023 

On 5/7/23 13:19, Hauke Mehrtens wrote:

> 
> I check from time to time which companies in the US are looking for OpenWrt 
> experts [0] to get an overview who is using it. About 10% to 30% of these job 
> offers require clearance. It looks like the US military and US intelligence 
> community is using OpenWrt. Once I saw a job offer where someone was looking for 
> a person who has experience in writing exploits for OpenWrt and DD-WRT in the 
> Washington, D.C. area, this scared me a bit, normally I do not have the NSA in 
> my thread model. Someone from BAE Systems (largest defence contractor in Europe) 
> was also contacting us at OpenWrt some years ago with questions about the license.
> 
> I hope that these companies use OpenWrt mostly to provide Internet access for 
> their soldiers and it is not part of any real weapon system.
> As OpenWrt is now used by many vendors I think the intelligence agencies around 
> the world are interested in exploits fro OpenWrt.

I'm now getting at least two queries a week from recruiters regarding
(non-OpenWrt) but embedded Linux positions building weapons systems.  My usual
reply is that "firing missiles at people doesn't improve the world". That's
hippy idealism of course, but it's still my stance.

(My current involvement in OpenWrt is providing cell/internet access to first
responders; my knowledge of military internet or whatever is zero apart from the 
the obvious history).

> I heard a rumor some years ago that one of the biggest OpenWrt installation was 
> at the fence between the US and Mexico, but I have no prove that this is true.
> 

Yes, and regarding security as we usually mean in the software stance, and 
whether the rumor is true or not, OpenWrt is widely deployed. It doesn't take
very much paranoia at all to think that there are government departments
in various countries keeping track of issues with embedded Linux in general
and OpenWrt in particular.  It also doesn't take much of a stretch to image
they have at least some info on major OpenWrt contributors such as yourself
or people who have long expressed interest in embedded Linux security, although
certainly in my case, it would be short and boring.

More information about the openwrt-devel mailing list