FBI Cracks Florida Man’s TrueCrypt Password

fbi-cracks-truecrypt-password-encryption-backdoorAccording to recent reporting by South Florida’s Sun Sentinel, the government has managed to crack a TrueCrypt password in the case of Christopher Glenn. Army counterintelligence expert Gerald Parsons noted that in his estimation, it would have taken “billions” of years to do so by traditional methods with current capabilities.

The actual likelihood of the FBI, or anyone, cracking the 30-character password by using brute force or any other technique is incredibly low. More likely, the lengthy password was written somewhere and investigators discovered it, or a backup was left with another party, who disclosed it.

See also: How to Encrypt & Decrypt Any File On Your System (Video Tutorial)

In this case, TrueCrypt was being used to protect stolen e-mails and attachments from an Army official at a base in Soto Cano, Honduras. Glenn worked for Harris Corporation, a computer security contractor who does a lot of work for the government. This was central to the case since Glenn had previously been expelled from a government contracting job in Iraq because of misconduct. He had hacked US government systems to help Iraqi firms win contracts. Further, he and his wife were accused of giving benefits to Iraqis that were supposed to be exclusive to Americans. That particular case, from 2007-2009, did not receive much attention due to its limited scale. Glenn had only injured the government in the amount of around $17,000, investigators have said.

Also read: Florida Bringing Hacking Felony Charges Against 13-Year-Old

In the case of his Honduras work, the motive is unclear for Glenn’s theft and subsequent holding of the contents of the base commander’s classified e-mail account. In January, Glenn did confess and plead guilty to the crime. While it has not been stated publicly, this could have been when Glenn himself disclosed the TrueCrypt password as part of a plea agreement. Yesterday he received 10 years in federal prison. At no point during the investigation has he answered the question on everyone’s mind: why he did it. Instead, prosecutors have focused on the fact that much of the classified information could have been very dangerous to the United States in the wrong hands.

Also read: How to Create a Secure Password

No one from the FBI has publicly claimed to have cracked TrueCrypt, but then again this is not the sort of information the agency would want widely spread. After all, TrueCrypt is still one of the top destinations for anyone looking to encrypt files, for whatever purpose. If criminals continue to rely on it while not knowing it has been broken (the software’s maintenance was discontinued in a long, drawn-out intellectual property dispute), the FBI could see a higher rate of conviction on evidence. The question of whether hacking by the government for the purpose of obtaining evidence violates the 4th amendment will always exist, but if TrueCrypt and other forms of strong encryption start unraveling, it will certainly be a question brought up more often.

Images from Shutterstock.


Website: http://phm.link

P. H. Madore has covered the cryptocurrency beat over the course of hundreds of articles for Hacked's sister site, CryptoCoinsNews, as well as some of her competitors. He is a major contributing developer to the Woodcoin project, and has made technical contributions on a number of other cryptocurrency projects. In spare time, he recently began a more personalized, weekly newsletter at http://ico.phm.link