FBI leaks Top Secret code cracking capabilities- NOT. (Was: Re: weird (fwd))
aluger at hushmail.com
aluger at hushmail.com
Wed Feb 28 09:09:13 PST 2001
At Wed, 28 Feb 2001 08:49:43 -0800, Tim May <tcmay at got.net> wrote:
>
>At 7:16 AM -0600 2/28/01, Jim Choate wrote:
>>
>>---------- Forwarded message ----------
>>Date: Tue, 27 Feb 2001 22:23:04 -0800
>>From: Jon Stevens <jon at latchkey.com>
>>To: coderpunks at toad.com
>>Subject: weird
>>
>>> The comment came from a letter that FBI officials said was encrypted
on a
>>> computer diskette found in a package -- taped and wrapped in a black
plastic
>>> trash bag -- that Hanssen dropped underneath a foot bridge in a park
in
>>> Northern Virginia, immediately before his arrest.
>>>
>>> The FBI decrypted the letter and described it in an affidavit filed
in support
>>> of its search warrant.
>>#1. I wonder what was used to encrypt the letter and how they were
>able to decrypt it. Did he give them the password? Was the encryption weak
>(it would be funny if he had used DES)? Blah blah blah...
>
>The FBI acknowledged that they'd done some black-bag jobs on Hanssen,
>
>including wiretaps and access to his computer.
>
>Not surprising at all that they had access to both his private key,
>assuming he was using something like PGP, and his pass phrase, no
>matter what system he was using. Keyboard sniffers are easy to
>install.
If he was using PGP to encrypt this letter for a deaddrop then having his
private key would do no good. Only the recipiant's private key would make
any difference. (Unless he had "encrypt to self" set on- which seems rather
silly). I rather doubt that the Russian Secret Services would use PGP anyhow
for encoding dead-drop messages. No, likely it was either something of
(clearly inferior) Russian design, or it is a misleading quote.
I suspect the latter.
Why would the FBI allow to leak (much less leak themselves) the fact that
they could decrypt whatever cipher the Russian handlers were using to give
to their agents for dead drops? Quite the reverse. That's just basic OpSec.
They would have invented some other plausable way to have obtained the
information.
Free, encrypted, secure Web-based email at www.hushmail.com
More information about the cypherpunks-legacy
mailing list