Encryption Site TrueCrypt Shuts Down Amid Speculation and Conspiracy Theoriesby Sabina Laska @ 2014-05-29 03:29 PM
Open-source encryption program TrueCrypt appears to have been compromised, with a strange website update warning users that the product was no longer secure and distributing a new version of the software that some analysts called suspicious.
“WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues,” an update posted on the encryption suite’s site said, followed by instructions to help users migrate data encrypted by TrueCrypt to BitLocker, another full-disk encryption program that comes included with current Windows operating systems .
The termination was apparently triggered after Microsoft ended support for Windows XP, as the developers’ statement implied the change instigated security problems with the TrueCrypt program.
“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP,” the message on the program’s homepage at sourceforge.net read. “You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”
The TrueCrypt site is now offering downloads of a new version of the software, 7.2, but journalists have noted irregularities about the source code.
British IT news site The Register reported:
“A binary TrueCrypt 7.2 installer for Windows, downloaded from the TrueCrypt SourceForge site, contained the same text found on the rewritten homepage – confirming the download has also been fiddled with amid today’s website switcheroo.”
The story also linked to “an eyebrow-raising list of changes” between the source code of version 7.2 and the previous release, 7.1a.
The new software did not appear to contain malware, however, with some experimenting users saying the program only opened a warning not to use TrueCrypt and refused to encrypt data – only decrypt it.
Still, software developer Jonathan Zdziarski, who worked as a cryptographer on the TrueCrypt project warned against using the new version – or the old ones, for that matter.
Zdziarski wrote on Twitter:
“If TrueCrypt.org is compromised, it’s likely been compromised a good while. I wouldn’t trust any recent downloads of the software.”
TrueCrypt statement and software still unconfirmed
The authenticity of the statement on the TrueCrypt site, as well as the new software, has not yet been confirmed, though the developers of the encryption suite have still yet to come forward with more detail about the change.
Kenn White, of the crowdfunded project that has been working on auditing on TrueCrypt’s code, said that the audit project had no new information on the shutdown.
“No one on the TC audit project has anything to do with its development or the TC site,” he tweeted. “We will share any credible updates with the community.”
White added that the audit project had contacted the TrueCrypt development team and were waiting for a response. The audit team, tweeting under the handle @OpenCryptoAudit, also said it would make an announcement Thursday on their work and the future of the audit.
Public reaction largely of disbelief
The Internet community, meanwhile, quickly expressed incredulity about the announcement, with Reddit users exclaiming it “just reeks of fishiness” and that the “wording and vagueness” of the statement raised red flags.
Speculation in the Reddit thread on the reasons for the shutdown range from a simple hack attack to conspiracy theories that the developers have been served with a subpoena from the US government to enable a back door into the program.
Lavabit, a security-minded email provider that was a favorite of former security contractor Edward Snowden, was forced to shut down in a similar manner last August, citing pressure from the US government to provide information about its clients.
Until more detail comes through about the nature of and reasons for the shutdown, however, the rumors and speculation will remain just that.
- 2015-02-27 11:17 AM
American Green President: 'We Need a Healthy, Stable, Bustling Bitcoin Economy'. American Green became the first publicly traded medical marijuana dispensary brand in the world in 2009. Since then, the company has developed retail, brand, and commercial cultivating solutions in pa By Allen Scott
- 2015-02-27 01:06 PM
FEB 27 Digest: Gavin Andresen Seeks to Speed Up Block Validation, Coinsetter Aims to Improve Trade with BTC Blockchain. Bitcoin Foundation Chief Scientist and former lead developer of Bitcoin Core, Gavin Andresen, believes to have come up with a solution to vastly speed up block validation, the global bitcoin exchange By Aaron van Wirdum
- 2015-02-27 04:16 PM
First Global Credit Launches Trading Competition with 10BTC Prize Fund. First Global Credit announces a 10BTC trading fund for the winner of a market trading competition. From March 16, users taking part will have a month to trade their way through global financial market By Charlie Richards
- 2015-02-28 10:50 AM
SuperNET’s Decentralized Exchange Aims to Put an End to Bitcoin Bank Heists. SuperNET version 1.1 Beta has been released on February 26, signaling a new era for cryptocurrencies, decentralized exchanges, and financial privacy alike. It is available for Windows, Mac and Ubuntu. By Juan S. Galt
- 2015-02-27 09:29 PM