FBI Cracks Florida Man’s TrueCrypt Password
According to recent reporting by South Florida’s Sun Sentinel, the government has managed to crack a TrueCrypt password in the case of Christopher Glenn. Army counterintelligence expert Gerald Parsons noted that in his estimation, it would have taken “billions” of years to do so by traditional methods with current capabilities.
The actual likelihood of the FBI, or anyone, cracking the 30-character password by using brute force or any other technique is incredibly low. More likely, the lengthy password was written somewhere and investigators discovered it, or a backup was left with another party, who disclosed it.
In this case, TrueCrypt was being used to protect stolen e-mails and attachments from an Army official at a base in Soto Cano, Honduras. Glenn worked for Harris Corporation, a computer security contractor who does a lot of work for the government. This was central to the case since Glenn had previously been expelled from a government contracting job in Iraq because of misconduct. He had hacked US government systems to help Iraqi firms win contracts. Further, he and his wife were accused of giving benefits to Iraqis that were supposed to be exclusive to Americans. That particular case, from 2007-2009, did not receive much attention due to its limited scale. Glenn had only injured the government in the amount of around $17,000, investigators have said.
In the case of his Honduras work, the motive is unclear for Glenn’s theft and subsequent holding of the contents of the base commander’s classified e-mail account. In January, Glenn did confess and plead guilty to the crime. While it has not been stated publicly, this could have been when Glenn himself disclosed the TrueCrypt password as part of a plea agreement. Yesterday he received 10 years in federal prison. At no point during the investigation has he answered the question on everyone’s mind: why he did it. Instead, prosecutors have focused on the fact that much of the classified information could have been very dangerous to the United States in the wrong hands.
Also read: How to Create a Secure Password
No one from the FBI has publicly claimed to have cracked TrueCrypt, but then again this is not the sort of information the agency would want widely spread. After all, TrueCrypt is still one of the top destinations for anyone looking to encrypt files, for whatever purpose. If criminals continue to rely on it while not knowing it has been broken (the software’s maintenance was discontinued in a long, drawn-out intellectual property dispute), the FBI could see a higher rate of conviction on evidence. The question of whether hacking by the government for the purpose of obtaining evidence violates the 4th amendment will always exist, but if TrueCrypt and other forms of strong encryption start unraveling, it will certainly be a question brought up more often.
Images from Shutterstock.