Stories
Slash Boxes
Comments

SoylentNews is people

TrueCrypt "Decrypted" by FBI to Nab USAF Sysadmin

posted by janrinok on Wednesday August 05 2015, @11:37PM   Printer-friendly
from the or-they-had-the-password dept.

Arthur T Knackerbracket found the following story on The Register:

Discontinued on-the-fly disk encryption utility TrueCrypt was unable to keep out the FBI in the case of a US government techie who stole copies of classified military documents. How the Feds broke into the IT bod's encrypted TrueCrypt partition isn't clear.

It raises questions about the somewhat sinister situation surrounding the software team's sudden decision to stop working on the popular project last May.

US Air Force sysadmin Christopher Glenn was sent down for 10 years after stealing military documents relating to the Middle East, in addition to copying emails controlled by the commander of a special unit that conducts military operations in Central and South America and the Caribbean, as we reported.

Glenn, 34, had secret-level clearance, and worked at the Soto Cano Air Base in Honduras installing and maintaining Windows 7 systems when he swiped copies of the classified files. He was arrested, charged, and appeared before a court in the southern district of Florida, where he admitted breaking the US Espionage Act and Computer Fraud and Abuse Act. He was sentenced on Friday.

According to the Sun Sentinel , the court heard a claim by Gerald Parsons, an army counterintelligence expert, that the FBI had managed to access a concealed and encrypted hard-drive partition within which Glenn had hidden the stolen files.

The hidden compartment was protected using "a complex 30-character password," Parsons said. It would take the Feds millions of years to crack it by brute force. A summary of Parsons' testimony is here [PDF].

The court heard that the partition was created using TrueCrypt, a popular source-is-available encryption tool, developed from 2004 up until last year when its anonymous developers mysteriously closed the project down.

The TrueCrypt team's decision to cease maintenance of the project made headlines in the tech world when its website was replaced with a warning against continued use of the software, with little to no explanation of why.

[...] The encryption software that Glenn used to conceal the stolen classified materials in the Synology device is a program called TrueCrypt. In October 2011, Glenn had sent an email to an associate with an internet hyperlink to an article entitled 'FBI hackers fail to crack TrueCrypt.' In this case, the FBI did decrypt Glenn's hidden files containing the stolen classified materials.

It is, of course, entirely possible the FBI or some other agency was able to extract the password from Glenn while interrogating him – the man changed his plea to guilty halfway through the case, and may have sung like a canary. Or perhaps his computer systems were bugged, revealing his encryption key. You can read his plea bargaining here [PDF].

Original Submission

 
This discussion has been archived. No new comments can be posted.
TrueCrypt "Decrypted" by FBI to Nab USAF Sysadmin | Log In/Create an Account | Top | 49 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Thursday August 06 2015, @03:35AM

    by Anonymous Coward on Thursday August 06 2015, @03:35AM (#218939)

    They could've just found the password on a note.

  • (Score: 2) by Kell on Thursday August 06 2015, @08:08AM

    by Kell (292) on Thursday August 06 2015, @08:08AM (#218990)

    Because that's what they want you to think!

    +1 Paranoid Theory

    --
    Scientists ask questions. Engineers solve problems.

  • (Score: 1, Insightful) by Anonymous Coward on Thursday August 06 2015, @10:16AM

    by Anonymous Coward on Thursday August 06 2015, @10:16AM (#219024)

    Which is precisely why the notes I leave around contain the password that erases the drive.

    • (Score: 1) by negativefactor on Thursday August 06 2015, @05:29PM

      by negativefactor (3209) on Thursday August 06 2015, @05:29PM (#219168)

      Which is exactly why they would clone the drive prior to probing it. And I would bet if the system was online, they would splice into the power input so they can move it without powering it down. Were't not talking about complete idiots here...

      • (Score: 2) by Nollij on Friday August 07 2015, @03:38AM

        by Nollij (4559) on Friday August 07 2015, @03:38AM (#219398)

        they would splice into the power input so they can move it without powering it down.

        While I know this is possible, does it ever actually get used? Wouldn't it create a different risk, since a wipe initiated when the raid began would have ample time to complete?

    • (Score: 2) by etherscythe on Thursday August 06 2015, @06:03PM

      by etherscythe (937) on Thursday August 06 2015, @06:03PM (#219184) Journal

      What, you think they don't make a full bit-for-bit copy of the drive first? Even if they don't, I happen to know that they use hardware in forensics which prevents writing ANYTHING back to the drive. So any attempt to overwrite will fail.

      To properly cause data to be lost, you would have to add another factor to the authentication process which requires, say, a key kept only in memory, never turning the computer off. Trigger a wipe when your security system detects an intrusion (they're usually not very subtle), and keep a recovery key or backup hidden off-site only.

      Too much work? Well, maybe you want to hoard a different kind of information, then. Something classified merely as "copyrighted," perhaps.

      --
      "Fake News: anything reported outside of my own personally chosen echo chamber"