Possibly Cracked TrueCrypt Account At The Center Of Stolen Military Documents Case
from the Federal-Backdoor-Installation dept
A little over a month ago, we covered a FOIA response (if you could call it that...) from the FBI concerning TrueCrypt, in which it withheld all 69 pages of responsive documents. In addition to the ridiculousness of much of the withheld information being easily-accessible online, there was the question about what this denial meant for TrueCrypt.
When the FBI withholds documents, it often does so because the subject of the FOIA involves an ongoing investigation. In this case, the FBI cited an FOIA exemption related to "trade secrets and commercial information," which none of this was. So, why all the secrecy? Perhaps it was just the agency's default mode taking over. Or maybe it had something to do with TrueCrypt's sudden decision to halt development and declare the software "insecure." Had the FBI managed to "break" TrueCrypt or was its lack of a reponse to this request a signal that it was talking to the people behind it?
What is certain is that the FBI has been able to gain access to a TrueCrypt user's account.
Scott Glenn, a 35-year-old Harris Corp. employee working at a US military base in Honduras, apparently made off with documents considered to be "military secrets."The judge who sentenced Glenn to 10 years in prison asserted Glenn grabbed these documents out of a desire to "damage" the "security" of the United States. His lawyer had argued that Glenn was nothing more than a "technological hoarder" -- someone who collects this sort of stuff just to be collecting it. He pointed to Glenn's retention of a secretary's hard drive that had no discernible value to anyone as evidence of Glenn's "hoarding" habit. He also pointed out Glenn never tried to distribute the documents or attempted to use them for financial gain.
In January, he admitted he hacked into the base commander's classified email account and copied thousands of messages and more than 350 attached documents, much of which dealt with U.S. military plans and information regarding the Middle East.
Glenn, however, has both a troubled legal past and a hazy legal future. He has previously been expelled from a military base for committing benefits fraud and hacking into US databases for Iraqi businesses. He's also being investigated for "sexually exploiting" Honduran minors.
But the nexus point for this stash of military documents was TrueCrypt.
Glenn read up on the art of espionage and used an elaborate encryption system, TrueCrypt, with a decoy computer drive to distract investigators from another hidden drive that he protected with a complex 30-character password, army counterintelligence expert Gerald Parsons testified.This should be a bit concerning for TrueCrypt users. Either Glenn's password was cracked (rather than TrueCrypt's encryption) or the questions raised about the predictability of the random-number generator behind the encryption method have some validity. Because "traditional methods" would still be underway -- at least according to the expert presented by the prosecutors -- something else had to give. The most likely explanation is that Glenn gave up his password or had it trapped by a keylogger or other government surveillance software. The FBI has tried to crack TrueCrypt's encryption before and had no luck.
The FBI's counterintelligence squad in South Florida was able to crack Glenn's code, Parsons said.
Parsons said he didn't know how the FBI agents did it but he estimated it would have taken "billions" of years to crack the code using traditional methods.
With many documents related to the case still sealed, it's unclear what the government's expert meant by "cracked." It likely means TrueCrypt is as secure as it has been, but its appearance in a case centering on a decrypted hard drive doesn't exactly encourage the throwing of caution to the wind.
Thank you for reading this Techdirt post. With so many things competing for everyone’s attention these days, we really appreciate you giving us your time. We work hard every day to put quality content out there for our community.
Techdirt is one of the few remaining truly independent media outlets. We do not have a giant corporation behind us, and we rely heavily on our community to support us, in an age when advertisers are increasingly uninterested in sponsoring small, independent sites — especially a site like ours that is unwilling to pull punches in its reporting and analysis.
While other websites have resorted to paywalls, registration requirements, and increasingly annoying/intrusive advertising, we have always kept Techdirt open and available to anyone. But in order to continue doing so, we need your support. We offer a variety of ways for our readers to support us, from direct donations to special subscriptions and cool merchandise — and every little bit helps. Thank you.
–The Techdirt Team
Filed Under: encryption, fbi, investigation, scott glenn, truecrypt
Reader Comments
Subscribe: RSS
View by: Time | Thread
[ link to this | view in thread ]
Save the hyperbole, Techdirt already covered this type of situation before.
https://www.techdirt.com/articles/20140626/06532327686/massachusetts-ignores-5th-amendment-sa ys-defendant-can-be-forced-to-decrypt-his-computer.shtml
Given the audit trails they have now post-snowden, it's very likely the government knew exactly what Glenn took.
[ link to this | view in thread ]
That all depends on have many keys have to be tried to break the encryption, and a complex key may be guessable from someone's tastes in literature, music etc. or even because it is written down under the screen.
Also the time to crack by trying all keys is an average time, between getting it right with the first try, or only getting it when it is the only possible key remaining.
[ link to this | view in thread ]
Not sure about this...
That said, there might be any number of factors facilitating access to the encrypted content here, including but not limited to some sort of plea bargain or the fact that the guy tried to get a (stupidly left mounted) remote drive pulled off-line through a phone call once in custody.
By all means, stop using TrueCrypt if you feel think it's somehow compromised, but there's no reason to herald the end of encrypted drives altogether - if anything, this is but a reminder that real security is hard, and not something you can just deploy and forget...
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
that would be crazy if true
[ link to this | view in thread ]
[ link to this | view in thread ]
[ link to this | view in thread ]
I'm sure the NSA has some crazy systems that can probably crack an encryption key for many encryption standards if they really wanted to. The problem is it would still be very expensive(since it would take a large computer system) and they would only be able to use in on the highest priority keys. Remember breaking one key is not breaking all encryption, its just that one key. So even if the NSA had a computer that could break an AES256 KEY in weeks, days, hours, once they have that one key it wont give them any more than that one file/account/hdd that they cracked the key for. I'm sure they have much more important things to crack(at least they think they do) then just any criminals information the FBI brings them, especially as forward security becomes more prevalent. However I could see them jumping in when there are classified documents involved.
That said though I would think it is more likely the FBI somehow got his password. The NSA would really not like it to be proven if they have such a capability so they would only use it when they felt it was nation security critical. I have no idea if the Glenn files would be seen as that important.
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re:
Occam's razor says hardware key logger. A black bag job takes ten minutes, tops.
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]
Re: Re:
This story was probably abstracted and dumbed down 7 or 8 times _before_ it got to the reporter, and that assumes the reporter wasn't outright lied to.
The internal conversations would have gone something like:
The only conclusions you can safely draw from this article is a) they caught someone and b) he had information in a truecrypt volume that the FBI was able to access.
[ link to this | view in thread ]
Re: Re:
It's not worthwhile to break the crypto. It's far more efficient to just work around it.
[ link to this | view in thread ]
Re:
That you can trust on the say-so of a random stranger you met on the internet? Well, I guess it depends on your use case.
Truecrypt was one of the few projects out there that was generally considered sufficiently trustworthy for non-coders and non-crypto geeks to feel comfortable using for storing information that could get them jailed or killed.
Using a single letter posted online to destroy trust in TrueCrypt was truly a master stroke. :(
[ link to this | view in thread ]
Also truecypt allows cascaded encryption. And choice of hash algorithm. Plus it allows use of keyfiles along with the password.
[ link to this | view in thread ]
> "If the hidden volume was still mounted"
While detained ahead of his trial, Glenn made a phone call to his mother in which he asked her to relay a request to tell his housemate in Honduras "to disconnect the black box with the blinking lights on top of the batteries."
The prosecution states that this "black box" was the Synology storage device containing the TrueCrypt compartment with the stolen documents. It also alleges that "the reason [he] tried to send a message to [the housemate] to disconnect the black box is because he wanted to prevent law enforcement from discovering what the Synology contained."
That sounds to me like he tried and failed to dismount it. See http://www.theregister.co.uk/2015/08/04/truecrypt_decrypted_by_fbi/ for details.
[ link to this | view in thread ]
Re: > "If the hidden volume was still mounted"
[ link to this | view in thread ]
Re: Re:
[ link to this | view in thread ]
Re:
[ link to this | view in thread ]