Possibly Cracked TrueCrypt Account At The Center Of Stolen Military Documents Case

from the Federal-Backdoor-Installation dept

A little over a month ago, we covered a FOIA response (if you could call it that…) from the FBI concerning TrueCrypt, in which it withheld all 69 pages of responsive documents. In addition to the ridiculousness of much of the withheld information being easily-accessible online, there was the question about what this denial meant for TrueCrypt.

When the FBI withholds documents, it often does so because the subject of the FOIA involves an ongoing investigation. In this case, the FBI cited an FOIA exemption related to “trade secrets and commercial information,” which none of this was. So, why all the secrecy? Perhaps it was just the agency’s default mode taking over. Or maybe it had something to do with TrueCrypt’s sudden decision to halt development and declare the software “insecure.” Had the FBI managed to “break” TrueCrypt or was its lack of a reponse to this request a signal that it was talking to the people behind it?

What is certain is that the FBI has been able to gain access to a TrueCrypt user’s account.

Scott Glenn, a 35-year-old Harris Corp. employee working at a US military base in Honduras, apparently made off with documents considered to be “military secrets.”

In January, he admitted he hacked into the base commander’s classified email account and copied thousands of messages and more than 350 attached documents, much of which dealt with U.S. military plans and information regarding the Middle East.

The judge who sentenced Glenn to 10 years in prison asserted Glenn grabbed these documents out of a desire to “damage” the “security” of the United States. His lawyer had argued that Glenn was nothing more than a “technological hoarder” — someone who collects this sort of stuff just to be collecting it. He pointed to Glenn’s retention of a secretary’s hard drive that had no discernible value to anyone as evidence of Glenn’s “hoarding” habit. He also pointed out Glenn never tried to distribute the documents or attempted to use them for financial gain.

Glenn, however, has both a troubled legal past and a hazy legal future. He has previously been expelled from a military base for committing benefits fraud and hacking into US databases for Iraqi businesses. He’s also being investigated for “sexually exploiting” Honduran minors.

But the nexus point for this stash of military documents was TrueCrypt.

Glenn read up on the art of espionage and used an elaborate encryption system, TrueCrypt, with a decoy computer drive to distract investigators from another hidden drive that he protected with a complex 30-character password, army counterintelligence expert Gerald Parsons testified.

The FBI’s counterintelligence squad in South Florida was able to crack Glenn’s code, Parsons said.

Parsons said he didn’t know how the FBI agents did it but he estimated it would have taken “billions” of years to crack the code using traditional methods.

This should be a bit concerning for TrueCrypt users. Either Glenn’s password was cracked (rather than TrueCrypt’s encryption) or the questions raised about the predictability of the random-number generator behind the encryption method have some validity. Because “traditional methods” would still be underway — at least according to the expert presented by the prosecutors — something else had to give. The most likely explanation is that Glenn gave up his password or had it trapped by a keylogger or other government surveillance software. The FBI has tried to crack TrueCrypt’s encryption before and had no luck.

With many documents related to the case still sealed, it’s unclear what the government’s expert meant by “cracked.” It likely means TrueCrypt is as secure as it has been, but its appearance in a case centering on a decrypted hard drive doesn’t exactly encourage the throwing of caution to the wind.

Filed Under: , , , ,

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Possibly Cracked TrueCrypt Account At The Center Of Stolen Military Documents Case”

Subscribe: RSS Leave a comment
Anonymous Coward says:

>Possibly cracked
Save the hyperbole, Techdirt already covered this type of situation before.


Given the audit trails they have now post-snowden, it’s very likely the government knew exactly what Glenn took.

sigalrm (profile) says:

Re: Re: Re:

or he does know what “possibly cracked” means, but the reporter taking the quote doesn’t, and neither does the lawyer the reporter was interviewing.

This story was probably abstracted and dumbed down 7 or 8 times before it got to the reporter, and that assumes the reporter wasn’t outright lied to.

The internal conversations would have gone something like:

Tech guy: “Yeah, boss, as you’ll see on page 273 of my report, we used a keylogger and screenscraper to get his..”

Boss: “Um, what? a keyscraper? what’s that? Wait, you mean you scraped stuff off his keyboard? So that means we used Bio…statistics? Or DNA?”

Tech guy: “No, no…Listen. So, um, yeah, we cracked his password”

Boss: “Ok, so we’ve cracked truecrypt. Awesome. I’ll tell my bosses.”

Tech guy: “um, yeah. whatever makes you happy.”

The only conclusions you can safely draw from this article is a) they caught someone and b) he had information in a truecrypt volume that the FBI was able to access.

Anonymous Coward says:

Parsons said he didn’t know how the FBI agents did it but he estimated it would have taken “billions” of years to crack the code using traditional methods.

That all depends on have many keys have to be tried to break the encryption, and a complex key may be guessable from someone’s tastes in literature, music etc. or even because it is written down under the screen.
Also the time to crack by trying all keys is an average time, between getting it right with the first try, or only getting it when it is the only possible key remaining.

Max (profile) says:

Not sure about this...

Okay, look: I’m pretty sure AES256 itself is as uncrackable as ever, while TrueCrypt may or may not have some fatal vulnerability signaled by the (unknown) developer’s almost-warrant-canary recommendation to move on to something else (even though the independent code review of TrueCrypt found no obvious weaknesses).

That said, there might be any number of factors facilitating access to the encrypted content here, including but not limited to some sort of plea bargain or the fact that the guy tried to get a (stupidly left mounted) remote drive pulled off-line through a phone call once in custody.

By all means, stop using TrueCrypt if you feel think it’s somehow compromised, but there’s no reason to herald the end of encrypted drives altogether – if anything, this is but a reminder that real security is hard, and not something you can just deploy and forget…

Anonymous Coward says:

I would suspect the NSA may have gotten involved if they were worried about classified documents.

I’m sure the NSA has some crazy systems that can probably crack an encryption key for many encryption standards if they really wanted to. The problem is it would still be very expensive(since it would take a large computer system) and they would only be able to use in on the highest priority keys. Remember breaking one key is not breaking all encryption, its just that one key. So even if the NSA had a computer that could break an AES256 KEY in weeks, days, hours, once they have that one key it wont give them any more than that one file/account/hdd that they cracked the key for. I’m sure they have much more important things to crack(at least they think they do) then just any criminals information the FBI brings them, especially as forward security becomes more prevalent. However I could see them jumping in when there are classified documents involved.

That said though I would think it is more likely the FBI somehow got his password. The NSA would really not like it to be proven if they have such a capability so they would only use it when they felt it was nation security critical. I have no idea if the Glenn files would be seen as that important.

DaveK (profile) says:

Re: Re: > "If the hidden volume was still mounted"

It appears that may well have been the case. ElReg has a slightly less confused (TrueCrypt account, lol) take on the story, which mentions:

While detained ahead of his trial, Glenn made a phone call to his mother in which he asked her to relay a request to tell his housemate in Honduras “to disconnect the black box with the blinking lights on top of the batteries.”

The prosecution states that this “black box” was the Synology storage device containing the TrueCrypt compartment with the stolen documents. It also alleges that “the reason [he] tried to send a message to [the housemate] to disconnect the black box is because he wanted to prevent law enforcement from discovering what the Synology contained.”

That sounds to me like he tried and failed to dismount it. See http://www.theregister.co.uk/2015/08/04/truecrypt_decrypted_by_fbi/ for details.

sigalrm (profile) says:

Re: Re:

“Any other alternatives out there?”

That you can trust on the say-so of a random stranger you met on the internet? Well, I guess it depends on your use case.

Truecrypt was one of the few projects out there that was generally considered sufficiently trustworthy for non-coders and non-crypto geeks to feel comfortable using for storing information that could get them jailed or killed.

Using a single letter posted online to destroy trust in TrueCrypt was truly a master stroke. šŸ™

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop Ā»

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...