Bonum Certa Men Certa

Edward Brocklesby (ejb) & Debian: Hacking expulsion cover-up in proximity to Oxford and GCHQ

posted by Roy Schestowitz on Jun 06, 2024,
updated Jun 24, 2024

Reprinted with permission from Daniel Pocock.

As written previously, I don't believe that Debian Developers can be expelled as such because the relationship between us is a relation of joint authorship.

Nonetheless, from time to time it is necessary to remove somebody's access to Debian infrastructure due to concerns about their integrity and other poor behavior. The first case of this was Shaya Potter, for WaReZ operations.

There is a pattern that has become very easy to see: if somebody is expelled in a very public manner then it is due to backstabbing by the corrupt leadership. The expulsion of Jacob Appelbaum based on falsified harassment claims was the most prominent example of backstabbing. On the other hand, when the leadership has failed to protect the security of the Debian distribution, the whole affair gets covered up. The expelled person is free to go elsewhere.

The most dramatic case that has been hidden from the public is that of Edward Brocklesby (ejb). Looking at Shaya Potter, we could follow his career path after his departure from Debian. Edward Brocklesby simply disappeared into obscurity. Did he even exist at all or was Edward Brocklesby a fake name for somebody who we don't really know?

The second notable point about the case of Edward Brocklesby is the list of packages he was maintaining. His package list was discussed after his exclusion:

Subject: Re: ejb's old packages--who want to adopt them?
Date: Tue, 25 Apr 2000 10:05:15 +0100
From: Steve McIntyre <>
To: Anthony Fok <>

On Tue, Apr 25, 2000 at 09:14:42AM +0100, Anthony Fok wrote: > >According to Joey's earlier post, here are the packages that ejb left >behind: > > archie, csh, eggdrop, gcc-m68k-gnu, hx, mh, mh-paper, mig-m68k-gnu, > pmake, sac, simh, simh-rsts-images, simh-unix-images, ssh2 > >Hope we can all pitch in and pick up one or two of them. Otherwise, >they'd have to be orphaned -> debian-qa, definitely before potato is >out, otherwise the bug reports would be unattended to.
I'll take pmake; we occasionally use it at work and it would be painful to lose it.
-- Steve McIntyre, Allstor Software My PC page "Can't keep my eyes from the circling sky, "Tongue-tied & twisted, Just an earth-bound misfit, I..."

While discussing ejb's packages, nobody seemed to notice that these are just the packages that a serious bad guy would want to put backdoors into: shells, compilers and even the ssh2 package. There was incredible complacency about this.

In hindsight, it seems even more odd that the person maintaining those packages has simply vanished. In other words, the person maintaining those packages for a number of years may have been using a fake name.

This is the reality of security on Debian: the package maintainers may be fast at copying security patches from upstream and getting them released but they can't really understand what they are looking at. By excluding talented developers and dumbing down with groupthink, they reduce the amount of adult scrutiny on situations like this.

The failure of anybody to notice the risk of backdoors in those binaries is one of many glaring oversights in the EJB case.

Another thing people failed to notice is that Brocklesby was living in close proximity to the A40, that is the road from Oxford to the GCHQ office at Cheltenham. GCHQ doesn't publish a list of their employees in the free and open source software space, nonetheless, it is widely accepted that such people exist.

Edward J Brocklesby, Debian, Una P Brocklesby, Oxford

The IETF records show us he was interested in the development of standards for IRC.

His interest in standards or any other public activity seems to cease completely within a short time of the discovery of his activities around Debian.

The next big red flag in the way Debian handled the Edward Brocklesby affair is that they failed to immediately restrict his access to Debian infrastructure. For some weeks they engaged in a debate with him on the debian-private (widely leaked) secret cubby house. He almost fooled them to allow him to keep his access privileges.

The BBC obtained a secret tape recording of Kim Philby talking to Stasi agents.

In 1963, an MI6 colleague came to confront him with new evidence pointing to his work for the Soviets.

Philby bluffed and stalled.


Philby finishes with one piece of advice to the spies gathered before him that had served him well: never confess.

"If they confront you with a document with your own handwriting then it's a forgery - just deny everything…

"They interrogated me to break my nerve and force me to confess.

"And all I had to do really was keep my nerve. So my advice to you is to tell all your agents that they are never to confess."

Looking through debian-private, we can see Edward Brocklesby buying time. Philby was not the only one to use these tactics.

Ireland needs a high-level expert on cybersecurity in the European Parliament. Please see my nomination and promote it as widely as possible as we count down to the vote this Friday, 7 June.

GCHQ, Chelthenham

More news and policy statements regarding my campaign for European Parliament:

Please print my brochure if you want Ireland to change

Other Recent Techrights' Posts

Washington's WARN Site/Portal (That Excludes Many Microsoft Layoffs) is Now Down for Many Hours, Microsoft Causes Major Outages and Incidents Worldwide (Even Deaths)
The mass layoffs (lots of them in Azure since 2020) probably worsen resilience and security some more
UEFI 'Secure Boot' Once Again Bricking PCs and Fake Security Models Are Perishing in Geminispace
Let's Encrypt has just fallen again
1901 Days in High-Security Prison (and 8 More Years in Severe Confinement) for the 'Crime' of Exposing War Crimes and Corruption
Julian Assange clip = Microsoft Lobbying (Openwashing)
Here's the latest pair of blog posts
In Northern Mariana Islands, Where Julian Assange Pled Guilty 4 Weeks Ago, Windows Remains Second to Android, and GNU/Linux Still Grows in Oceania
It was the first month ever that statCounter saw more Web requests there from Android than from Windows
Good News About GNU/Linux, Geminispace, FSF, and Backlash Against Microsoft
here are a few quick takes
Backlash and Negative Press After Microsoft Tells Diversity, Equity, and Inclusion (DEI) People to DIE
Follow-up stories
Links 19/07/2024: Microsoft Breaks Down and Amdocs Has 1,500-3,000 More Layoffs
Links for the day
[Meme] Conservative (and Fake) Nuclear Physicist Bill Gates
Didn't even graduate from college, media treats him like a world-renowned expert in nuclear energy
The Gemini Capsule of Tux Machines Turns 2 in Six Days
Many people actually use Gemini, some participate in it by creating their own capsule (or capsules)
GNU/Linux Rises to 4% in Saudi Arabia, Says statCounter, Windows Has Fallen to 11% (Android Exceeds 60%)
Microsoft might soon fall below 10% in KSA (Saudi Arabia)
IRC Proceedings: Thursday, July 18, 2024
IRC logs for Thursday, July 18, 2024
GNU/Linux news for the past day
GNU/Linux news for the past day
If GitLab Gets Sold (Datadog and Google Named Among Potential Buyers), It'll Prove Our Point About GitLab
Beware the bait on the hook
Hot Summer: Microsoft Flirting With the "5% Windows" Club in Afghanistan
The share of Windows in Afghanistan has fallen to almost 5% (1 in 20 Web requests)
[Meme] Nothing Says "Independence Day" Like...
Firing DEI on Independence Day period
Links 18/07/2024: Hardware, Conflicts, and Gemini Leftovers
Links for the day
Links 18/07/2024: Retroactively Pseudonymised Litigant and Alberta’s Energy ‘War Room’
Links for the day
Gemini Links 18/07/2024: A Welcome to Gemini and Politics of Assassinations
Links for the day
Red Hat's Official Site Yesterday: Promoting 'Secure' Boot in Machines You Don't Own or Control Anyway
"To be clear, CentOS Linux no longer exist"
Fabian Gruenbichler & Debian: former GSoC student added to keyring
Reprinted with permission from Daniel Pocock
Links 18/07/2024: ORG Complaint to ICO About Facebook, Korean Double Agent Unmasked
Links for the day
Joel Espy Klecker & Debian on Joe Biden's health and Donald Trump's assassination
Reprinted with permission from Daniel Pocock
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 17, 2024
IRC logs for Wednesday, July 17, 2024
Links 18/07/2024: Hostname Pedantry and Retro Coding
Links for the day
Fedora Week of Diversity (FWD) 2024 Attracting 0.01% of the IBM Staff "Was a Success"
They expect volunteers (unpaid slaves) to do the PR for them...
African's Largest Population (Nigeria) Approaching 80% Android "Market Share" Amid Steady Monthly Increases While Microsoft Has Mass Layoffs in Nigeria
Microsoft- and Apple-sponsored Western (or English-speaking) media chooses to ignore that or treat it as irrelevant (a racist disposition in its own right)
[Meme] The Warlord's Catspaw
Thugs that troll us
Microsoft Misogyny Will be the Fall of Microsoft (Covering Up for Misogynists is a Huge Mistake and Highly Misguided Short-term Strategy)
Microsoft's undoing may in fact be its attitude towards women
Microsoft's Bing Falls to Fourth in the Europe/Asia-Based Turkey, Share Halved Since LLM Hype, Now Only 1% (Sometimes Less)
Turkey (Eurasia) is another example of Microsoft failing with LLM hype and just burning a lot of energy in vain (investment without returns)
Red Hat Keeps Behaving Like a Microsoft Reseller (for Proprietary Stuff!), Microsoft Employees as Authors in
In some ways this reminds us of Novell
Links 17/07/2024: New Attacks on the Press, European Patents Squashed Even at Kangaroo Court (UPC)
Links for the day
Gemini Links 17/07/2024: Proponents of Censorship and New Arrivals at Gemini
Links for the day
Links 17/07/2024: School Budget Meltdown and Modern Cars as Tracking Nightmares
Links for the day
This Should Certainly be Illegal, But the Person Who Helped Microsoft Do This is Still Attacking the Critics of It
perhaps time for an "I told you so post"
Censorship as Signal of Opportunity for Reform
It remains sad and ironic that Wikileaks outsourced so much of its official communications to Twitter (now X)
[Meme] A Computer With an Extra Key on the Keyboard Isn't Everyone's Priority
(so your telling me meme)
The World Wide Web Has Been Rotting for Years (Quality, Accuracy, and Depth Consistently Decreasing)
In the past people said that the Web had both "good" and "bad" and that the good outweighed the bad
Comoros: Windows Plunges to Record Low of About 6% in Country of a Million People (in 2010 Windows Was 100%)
Many of these people earn a few dollars a day; they don't care for Microsoft's "Hey Hi PC" hype
Africa as an Important Reminder That Eradicating Microsoft Doesn't Go Far Enough
Ideally, if our top goal is bigger than "get rid of Microsoft", we need to teach people to choose and use devices that obey them, not GAFAM
Billions of Computers Run Linux and Many Use Debian (or a Derivative of It)
many devices never get updated or even communicate with the Net, so exhaustive tallies are infeasible
The Mail (MX) Server Survey for July 2024 Shows Microsoft Collapsing to Only 689 Servers or 0.17% of the Whole (It Used to be About 25%)
Microsoft became so insignificant and the most astounding thing is how the media deliberate ignores it or refuses to cover it
[Meme] Microsoft is Firing
Don't worry, Microsoft will have some new vapourware coming soon
More DEI (or Similar) Layoffs on the Way, According to Microsoft Team Leader
What happened shortly before Independence Day wasn't the end of it, apparently
Windows Down From 98.5% to 22.9% in Hungary
Android is up because more people buy smaller mobile devices than laptops
Microsoft Windows in Algeria: From 100% to Less Than 15%
Notice that not too long ago Windows was measured at 100%. Now? Not even 15%.
[Meme] Many Volunteers Now Realise the "Open" in "OpenSUSE" or "openSUSE" Was Labour-Mining
Back to coding, packaging and testing, slaves
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Tuesday, July 16, 2024
IRC logs for Tuesday, July 16, 2024
Microsoft Windows "Market Share" in New Zealand Plunges to 25%
Android rising
[Meme] Ein Factory
A choice between "masters" (or "master race") is a false choice that results in mass exploitation and ultimately eradication (when there's little left to exploit)
Links 17/07/2024: Open Source Initiative Lies and Dark Net Thoughts
Links for the day
SUSE Goes Aryan: You May Not Use the Germanic Brand Anymore (It's Monopolised by the Corporation)
Worse than grammar Nazis
Media Distorting Truth to Promote Ignorance
online media is rapidly collapsing
Gratis But Not Free as in Freedom: How Let's Encrypt is Dying in Geminispace
Let's Encrypt is somewhat of a dying breed where the misguided CA model is shunned