Bonum Certa Men Certa

Edward Brocklesby (ejb) & Debian: Hacking expulsion cover-up in proximity to Oxford and GCHQ

posted by Roy Schestowitz on Jun 06, 2024,
updated Jun 24, 2024

Reprinted with permission from Daniel Pocock.

As written previously, I don't believe that Debian Developers can be expelled as such because the relationship between us is a relation of joint authorship.

Nonetheless, from time to time it is necessary to remove somebody's access to Debian infrastructure due to concerns about their integrity and other poor behavior. The first case of this was Shaya Potter, for WaReZ operations.

There is a pattern that has become very easy to see: if somebody is expelled in a very public manner then it is due to backstabbing by the corrupt leadership. The expulsion of Jacob Appelbaum based on falsified harassment claims was the most prominent example of backstabbing. On the other hand, when the leadership has failed to protect the security of the Debian distribution, the whole affair gets covered up. The expelled person is free to go elsewhere.

The most dramatic case that has been hidden from the public is that of Edward Brocklesby (ejb). Looking at Shaya Potter, we could follow his career path after his departure from Debian. Edward Brocklesby simply disappeared into obscurity. Did he even exist at all or was Edward Brocklesby a fake name for somebody who we don't really know?

The second notable point about the case of Edward Brocklesby is the list of packages he was maintaining. His package list was discussed after his exclusion:

Subject: Re: ejb's old packages--who want to adopt them?
Date: Tue, 25 Apr 2000 10:05:15 +0100
From: Steve McIntyre <stevem@chiark.greenend.org.uk>
To: Anthony Fok <foka@ualberta.ca>
CC: debian-private@lists.debian.org

On Tue, Apr 25, 2000 at 09:14:42AM +0100, Anthony Fok wrote: > >According to Joey's earlier post, here are the packages that ejb left >behind: > > archie, csh, eggdrop, gcc-m68k-gnu, hx, mh, mh-paper, mig-m68k-gnu, > pmake, sac, simh, simh-rsts-images, simh-unix-images, ssh2 > >Hope we can all pitch in and pick up one or two of them. Otherwise, >they'd have to be orphaned -> debian-qa, definitely before potato is >out, otherwise the bug reports would be unattended to.
I'll take pmake; we occasionally use it at work and it would be painful to lose it.
-- Steve McIntyre, Allstor Software smcintyr@allstor-sw.co.uk My PC page "Can't keep my eyes from the circling sky, "Tongue-tied & twisted, Just an earth-bound misfit, I..."

While discussing ejb's packages, nobody seemed to notice that these are just the packages that a serious bad guy would want to put backdoors into: shells, compilers and even the ssh2 package. There was incredible complacency about this.

In hindsight, it seems even more odd that the person maintaining those packages has simply vanished. In other words, the person maintaining those packages for a number of years may have been using a fake name.

This is the reality of security on Debian: the package maintainers may be fast at copying security patches from upstream and getting them released but they can't really understand what they are looking at. By excluding talented developers and dumbing down with groupthink, they reduce the amount of adult scrutiny on situations like this.

The failure of anybody to notice the risk of backdoors in those binaries is one of many glaring oversights in the EJB case.

Another thing people failed to notice is that Brocklesby was living in close proximity to the A40, that is the road from Oxford to the GCHQ office at Cheltenham. GCHQ doesn't publish a list of their employees in the free and open source software space, nonetheless, it is widely accepted that such people exist.

Edward J Brocklesby, Debian, Una P Brocklesby, Oxford

The IETF records show us he was interested in the development of standards for IRC.

His interest in standards or any other public activity seems to cease completely within a short time of the discovery of his activities around Debian.

The next big red flag in the way Debian handled the Edward Brocklesby affair is that they failed to immediately restrict his access to Debian infrastructure. For some weeks they engaged in a debate with him on the debian-private (widely leaked) secret cubby house. He almost fooled them to allow him to keep his access privileges.

The BBC obtained a secret tape recording of Kim Philby talking to Stasi agents.

In 1963, an MI6 colleague came to confront him with new evidence pointing to his work for the Soviets.

Philby bluffed and stalled.

...

Philby finishes with one piece of advice to the spies gathered before him that had served him well: never confess.

"If they confront you with a document with your own handwriting then it's a forgery - just deny everything…

"They interrogated me to break my nerve and force me to confess.

"And all I had to do really was keep my nerve. So my advice to you is to tell all your agents that they are never to confess."

Looking through debian-private, we can see Edward Brocklesby buying time. Philby was not the only one to use these tactics.

Ireland needs a high-level expert on cybersecurity in the European Parliament. Please see my nomination and promote it as widely as possible as we count down to the vote this Friday, 7 June.

GCHQ, Chelthenham

More news and policy statements regarding my campaign for European Parliament:

Please print my brochure if you want Ireland to change

Other Recent Techrights' Posts

Freedom of Choice or Freedom Versus Choice (or When All Choices Are Incompatible With Freedom)
When some business asserts that it gives people different options, then it can rightly argue that it offers some choices, but that is not the same as freedom
Techrights IRC Turns 5 Without a “Code of Conduct”, “Code of Conduct Committee”, and All Those Bureaucratic Nightmares
18+ years if one counts our time in Freenode as well
Why U No Use AI???
Many hype waves come and go
There Are Still Slopfarms in Google News
Google is trying to participate in if not lead this pyramid scheme
The Cyber Show Explains How Slop and Promotion of Slop is About Taking Control Away From Computer Users
"On making a trustworthy machine"
Keeping Available the Site at All Times
Informal arrangements and crowdfunding keep our work available despite resistance (including from people who break the law)
What If "Era of AI" and "AI Revolution" (Fake News) Never Happened?
So how much longer before the bust (or bubble-burst)?
GNU/Linux Approaches 5% in Australia
5% by year's end?
How We Do Techrights (and What's Changing Next Week)
Many former news sites no longer yield much non-meaningless news (not anymore); there's a gap to be filled
Europe/EU is Moving Towards Independence, Fast to Adopt Free Software
More and more states (governments, public sector) in Germany are dumping Microsoft
GNU/Linux Grows at the Expense of Windows
People who want to get work done already left Windows
Tux Machines Growing as a Volunteers-Run Site
Historically the site did not have many original stories, but this changed as the audience grew and the site gained more recognition
Links 12/07/2026: European Commission Versus ‘Addictive Design’, "Google Loses Final Appeal Over $4.7 Billion EU Android Antitrust Fine"
Links for the day
GNU/Linux Market Share Increases Some More Today, statCounter Measures It at 7.3%
Will more such thresholds and records be broken?
Gemini Links 12/07/2026: Studying Languages and 2026 Old Computer Challenge (OCC)
Links for the day
EPO "Cocaine Communication Manager" - Part XIII - At the EPO, Cocaine Addicts and Their Friends Are "Protected Class"
What does that tell us about the EPO?
Increasing Output by Focusing on Originals
It's probably more important to carry on with these than it is to keep abreast of non-crucial news
Amid Strikes and Industrial Actions, Young Professionals at the European Patent Office (EPO) Kept on 'Short Leash', According to the Local Staff Committee The Hague
Issues affecting Young Professionals
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Saturday, July 11, 2026
IRC logs for Saturday, July 11, 2026
Blogs May be Making a Comeback (They're Not Fediverse, They Are Joined by RSS Feeds)
Don't fake expansion where none existed
ChromeOS and GNU/Linux in the United Kingdom Reach 11%
the UK shows signs of digital maturity
Corporate Media: Blame the People Who Enter the Abandoned IBM Buildings, Not IBM for Abandoning Workers in Pursuit of IT Sweatshops
When the media spreads falsehoods stocks can go up (a lot higher), but at whose expense and how long for?
Canonical is Selling Microsoft, It Pays The Register MS to Sell Microsoft
It's all about money to them. And they call this journalism.
When Red Hat's HR Becomes the Same as IBM's HR (Bluewashing)
Red Hat keeps sacking very experienced engineers and adding temporary interns
GNU/Linux Growing in East Asia
Assuming this is more or less accurate, we could use a plausible explanation
SUEPO Munich Report on the Recent EPO Demonstration and Rolling Strikes That Continue to Grow
"increasing registrations for the 'rolling strikes' running until autumn"
Over a Week After Microsoft Discontinued Some XBox Models It Apparently Exits Some Markets Altogether
We seem to be witnessing the end of XBox
Gemini Links 11/07/2026: Old Computer challenge, Poems, Antenna, and More
Links for the day
Links 11/07/2026: "Trademark wars of Influencer Culture", Xinuos Uses Copyrights Versus UNIX
Links for the day
North America: GNU/Linux Measured at 10%
To better understand what contributes to the gains
Following Corrections and Adjustments statCounter Sees GNU/Linux at 7.1%, an All-Time High
There is a lot of layoffs at Microsoft this month
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Friday, July 10, 2026
IRC logs for Friday, July 10, 2026
Links 11/07/2026: Wednesday-Saturday News Catch-up
Links for the day
Prioritising High-Importance News
In order to fully catch up with news we'll not publish many new articles until next week
The Register MS: "AI" More Than 80 Times in One Article. But It's Not an Article, It's Sponsored Keyword-stuffed Page.
The Register MS is being paid to actively promoted this scheme
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Thursday, July 09, 2026
IRC logs for Thursday, July 09, 2026
Over at Tux Machines...
GNU/Linux news for the past day
IRC Proceedings: Wednesday, July 08, 2026
IRC logs for Wednesday, July 08, 2026