Amikor Theo-ék még zöldfülűbbek voltak:
The 2002 attack was quite straightforward. Here's the original announcement: OpenSSH Security Advisory: Trojaned Distribution Files.
The OpenSSH source code was hosted on ftp.openbsd.org, and somehow it was replaced with a backdoored version.