FBI leaks Top Secret code cracking capabilities- NOT. (Was: Re: weird (fwd))

aluger at hushmail.com aluger at hushmail.com
Wed Feb 28 09:09:13 PST 2001 

At Wed, 28 Feb 2001 08:49:43 -0800, Tim May <tcmay at got.net> wrote:

>
>At 7:16 AM -0600 2/28/01, Jim Choate wrote:
>>
>>---------- Forwarded message ----------
>>Date: Tue, 27 Feb 2001 22:23:04 -0800
>>From: Jon Stevens <jon at latchkey.com>
>>To: coderpunks at toad.com
>>Subject: weird
>>

>>>  The comment came from a letter that FBI officials said was encrypted 
on a
>>>  computer diskette found in a package -- taped and wrapped in a black 
plastic
>>>  trash bag -- that Hanssen dropped underneath a foot bridge in a park 
in
>>>  Northern Virginia, immediately before his arrest.
>>>
>>>  The FBI decrypted the letter and described it in an affidavit filed 
in support
>>>  of its search warrant.

>>#1. I wonder what was used to encrypt the letter and how they were 
>able to decrypt it. Did he give them the password? Was the encryption weak 
>(it would be funny if he had used DES)? Blah blah blah...
>
>The FBI acknowledged that they'd done some black-bag jobs on Hanssen,
> 
>including wiretaps and access to his computer.
>
>Not surprising at all that they had access to both his private key, 
>assuming he was using something like PGP, and his pass phrase, no 
>matter what system he was using. Keyboard sniffers are easy to 
>install.

If he was using PGP to encrypt this letter for a deaddrop then having his 
private key would do no good.  Only the recipiant's private key would make 
any difference.  (Unless he had "encrypt to self" set on- which seems rather 
silly).  I rather doubt that the Russian Secret Services would use PGP anyhow 
for encoding dead-drop messages.  No, likely it was either something of 
(clearly inferior) Russian design, or it is a misleading quote. 

I suspect the latter.

Why would the FBI allow to leak (much less leak themselves) the fact that 
they could decrypt whatever cipher the Russian handlers were using to give 
to their agents for dead drops?  Quite the reverse.  That's just basic OpSec. 
 They would have invented some other plausable way to have obtained the 
information.
Free, encrypted, secure Web-based email at www.hushmail.com

More information about the cypherpunks-legacy mailing list