I have been informed that I may be the first person to publish this. There is a hidden message on the new sourceforge TrueCrypt site
that says, approximately, "Don't use TrueCrypt because it is under the control of the NSA". I originally posted details about the message on my user page at MediaWiki.org
, and then posted a mention of it on the talk page for the TrueCrypt article at Wikipedia
). Decoding the message is simple. The first line of the site is this:
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues
That sentence uses strange English, like the word "unfixed", that is clearly contrived to fit a hidden message. If you take just the first letter of each word, except the word "WARNING":
Using TrueCrypt is not secure as it may contain unfixed security issues
you get this:
uti nsa im cu si
It's Latin that roughly means:
Unless I want to use the NSA
So, the full message seems to be this:
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues, unless I want to use the NSA
Which is English that roughly means:
Don't use TrueCrypt because it is under the control of the NSA
For many years TrueCrypt has been the best available software for full-disk encryption
(FDE). Many businesses rely on it, from sole proprietors to mega-corps. The shutdown of the truecrypt.org site, and the discontinuing of the software happened suddenly, and provoked much speculation that it was a hacker's prank. As time went by, the shutdown and discontinuance remained, which caused people to think maybe it wasn't a prank at all - that TrueCrypt really has been discontinued. Now, the big question is "why?". I think this hidden message explains all we need to know.
Many security experts have long suspected that TrueCrypt may not be what it seems. The government of the USA is infamous for funding "volunteer" programmers who contribute useful code to open source projects, until trust is established, and then those friendly contributions take a sinister turn with the insertion of bugs that create backdoors for the NSA
. It appears the TrueCrypt hidden message is from a whistleblower trying to warn us that it has been penetrated by the NSA, and should not be used.
Same story, different day.UPDATE 2014 June 16 10:36 UTC
I have stumbled upon an interesting set of coincidences. It began with Reddit user aydiosmio informing me
that the hidden message has been previously revealed in an obscure anonymous pastebin
text snippet on 2014 June 02:
The message on TrueCrypt's new website got me thinking:
Using TrueCrypt is not secure as it may contain unfixed security issues
Let's isolate the first letter of each word:
(U)sing (T)rueCrypt (i)s (n)ot (s)ecure (a)s (i)t (m)ay (c)ontain (u)nfixed (s)ecurity (i)ssues
Let's spread that!
uti nsa im cu si
That is latin for
"If I wish to use the NSA"
Stay away from future Truecrypt releases. This is clearly a warning from the developers.
When I first decided to write this article, I was not aware of the pastebin text above. I thought I was pretty clever, and I intended to get some recognition for it by writing this article. So, to see someone who pretends to have cleverly discovered such an interesting hidden message, it is very odd that they would post their discovery anonymously, without taking any credit for it. On top of that, there are other oddities in the message:
* The anonymous clever guy specifically says to stay away from FUTURE TrueCrypt releases, when NSA troubles would make us want to avoid ALL releases. The poster accidentally reveals he has inside knowledge about current and old releases being free from NSA backdoors.
* The anonymous clever guy properly capitalizes the CamelCase
in "TrueCrypt" 3 times in a row. He capitalizes each word at the beginning of sentences 8 times in a row. Then, near the end of the text, he fails to properly capitalize "latin" and "Truecrypt", right where he most wants us to believe that he is not one of the TrueCrypt developers (perhaps because of a National Security Letter gag order
There is enough evidence to claim that the pastebin text is deceptively contrived to appear to NOT originate from the TrueCrypt developers, when in fact, they are the ones who wrote it, probably when they became frustrated that no one found their obvious hidden message - Obvious if you know English well enough to see that the sentence was contrived, and if you know Latin well enough to see the message pop out from seemingly random letters. Maybe the TrueCrypt developers expected it to be obvious for a cryptography expert.
The pastebin text is minutes away from passing 12'000 views at the time of this writing, so it must have been quietly making the rounds in huge venues that are being overlooked by mainstream authors and publishers. One such venue that is large and attracts sophisticated techies is IRC, so I decided to do some sleuthing there to figure out what's going on.
I have idled
in many IRC channels over the years, and one of them is freenode's #truecrypt
. Although I haven't been actively participating in that chat, I just happen to have some logs from a few of the times I have been connected to it. I did a quick search through my logs to see if anyone has mentioned the hidden message, and I found this on 2014 June 11:
That user name "JyZyXEL" looked familiar somehow, and I seemed to remember seeing it in Google search results when I was researching one of the links in the article above about the NSA infiltrating the Debian Linux project to insert bugs that could be exploited. I searched for "Debian" and "NSA" again, but found nothing:https://www.google.com/search?q=debian+nsa
Then I scrolled down to the bottom, and saw Google's automatic suggestions for "Searches related to debian nsa":
Somebody must have been searching for both Zyxel brand hardware and NSA infiltration information to cause Google to give such a strange search suggestion, and I would bet my left pinky-toe that at least one of the people doing those searches is "JyZyXEL
" from the IRC log above. Although this is probably not a coincidental connection between all of these facts, it doesn't mean JyZyXEL is somehow connected to the TrueCrypt developers. However, I'm making a note of it here in case there are further developments, or someone just wants to ask him what else he might know.
Of course, we must be cautious by not drawing unwarranted conclusions.UPDATE 2014 June 17 08:15 UTCMany people are commenting on Reddit
(and here) to point out to me that Zyxel is a computer hardware brand. If you'll read the paragraph above, I've already pointed that out. One thing I didn't point out well enough is that the connection I'm trying to show you is not between the Google search engine keywords "zyxel" and "nsa", but instead between "zyxel nsa310 debian" and "debian nsa". The only reason that is important is because I thought it could possibly be a clue that the person known as "JyZyXEL" had been searching for both information about zyxel hardware and info about the NSA's infiltration of the Debian Linux operating system. That has so far turned out to be dead-end lead, so I think we can forget about it for now, and move on to more interesting things.
One of those more interesting things are the most credible challenges to the information in this article. The first one came from Reddit user "SoundSalad", who warned that it is possible to manipulate Google Translate results to produce translations that fit someone's personal agenda, like making it look like there's a hidden message when there is not one. I thought that was a pretty good lead for further research. I found that it was not possible to manipulate Google Translate like a Google Bomb
, but unfortunately, after I presented my results to SoundSalad
, he deleted his message! All research is good research, and it's OK to be wrong sometimes as long as it brings us closer to the truth. There's no shame in that, SoundSalad, and I thank you for your help.
So, that's 2 criticisms down, and 1 more to go...
The final and best criticism of this article is the fact that the hidden message is bad Latin. It's bad enough, so say some people, that it could just be a coincidence or a random accident. Essentially, they say that there is no hidden message, because there is no Latin, but I think that's going too far, and I disagree. The critics are correct, it is bad Latin. But, the English phrase it came from was bad English too. The only important thing is that the Latin was good enough for the meaning to be apparent, and I think the odds of that happening completely coincidentally are too small to be believable. If it looks like a duck, walks like a duck, and quacks like a duck, it's a duck!
On the other hand, there are some good reasons to formulate a hidden message in bad Latin. Firstly, what I'm claiming is going on here is the TrueCrypt developers are giving us a warrant canary
, which is a warning that they're being forced to do things with TrueCrypt that they don't want to do (Apple has a warrant canary too
). If their warrant canary is too obvious, it could cause serious legal troubles for them, so the wisest thing to do is to make the warrant canary deniable. I believe they have done that. The bad Latin is bad enough that anyone can credibly state that it's a hugely unlikely coincidence, but still only a coincidence.
The important thing is that the hidden message - even if it doesn't exist - has succeeded in getting people to question whether the NSA might be trying to tamper with the security of TrueCrypt. That's a bona fide
"mission accomplished" from the point of view of the TrueCrypt developers, and there's really nothing more to say about it.UPDATE 2014 June 18 12:03 UTC
Could it be that we have been trying to translate from the wrong language? I was reading the comments on Graham Cluley's blog article that cites me
, and I found that the commenter Krystian had luck translating from Serbian
, instead of Latin:
uti nsa im ću si
I hear they're NSA
Try it yourself in Serbian:https://translate.google.com/#sr/en/uti%20nsa%20im%20%C4%87u%20si
Of course, European languages are all at least a little related, so maybe I shouldn't be too surprised to see similar meaningful results coming out of Latin, Serbian, Bosnian, and Croatian. But, I do have to ask, why those languages? My best guess is the TrueCrypt team probably includes cryptographers or programmers from approximately the same region as other known characters in the TrueCrypt story - 1 or 2 of them are thought to be from the Czech Republic.
I tried translating the text in Czech, but got nothing. I've heard people say the text looks more like Romanian, so I tried that, but the translation doesn't work in Romanian either. So, for now, we have to be satisfied with modest successes in translating from only 4 similar languages. I think it's a good time to repeat that I don't believe this is a random coincidental accident. Connect the dots...