Live Business Chat
2015 Mar 31, 02:28:20 pm *
Welcome, Guest. Please login or register.
Did you miss your activation email?

Login with username, password and session length
News: This is a friendly non-profit discussion group about making money. Click the "NOTIFY" button every chance you get to receive instant alerts about new information. We don't like spam. If your first posts are about something you want from us, it is probably spam, and you will be banned in forums worldwide. No soliciting! If you have problems with the forum, contact badon in the business chat.
 
   Home   Help Search Calendar Login Register  
Pages: 1 2 »  All   Go Down
  Print  
Author Topic: Hidden message on the new sourceforge TrueCrypt site  (Read 76085 times)
0 Members and 2 Guests are viewing this topic.
badon
Administrator
Capitalist Pig
*****
Online Online

Posts: 9366


badon™


« on: 2014 Jun 15, 08:29:42 pm »



I have been informed that I may be the first person to publish this. There is a hidden message on the new sourceforge TrueCrypt site that says, approximately, "Don't use TrueCrypt because it is under the control of the NSA". I originally posted details about the message on my user page at MediaWiki.org, and then posted a mention of it on the talk page for the TrueCrypt article at Wikipedia (permalink). Decoding the message is simple. The first line of the site is this:

Quote
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues

That sentence uses strange English, like the word "unfixed",  that is clearly contrived to fit a hidden message. If you take just the first letter of each word, except the word "WARNING":

Quote
Using TrueCrypt is not secure as it may contain unfixed security issues

you get this:

Quote
uti nsa im cu si

It's Latin that roughly means:

Quote
Unless I want to use the NSA

So, the full message seems to be this:

Quote
WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues, unless I want to use the NSA

Which is English that roughly means:

Quote
Don't use TrueCrypt because it is under the control of the NSA

For many years TrueCrypt has been the best available software for full-disk encryption (FDE). Many businesses rely on it, from sole proprietors to mega-corps. The shutdown of the truecrypt.org site, and the discontinuing of the software happened suddenly, and provoked much speculation that it was a hacker's prank. As time went by, the shutdown and discontinuance remained, which caused people to think maybe it wasn't a prank at all - that TrueCrypt really has been discontinued. Now, the big question is "why?". I think this hidden message explains all we need to know.

Many security experts have long suspected that TrueCrypt may not be what it seems. The government of the USA is infamous for funding "volunteer" programmers who contribute useful code to open source projects, until trust is established, and then those friendly contributions take a sinister turn with the insertion of bugs that create backdoors for the NSA. It appears the TrueCrypt hidden message is from a whistleblower trying to warn us that it has been penetrated by the NSA, and should not be used.

Same story, different day.


UPDATE 2014 June 16 10:36 UTC


I have stumbled upon an interesting set of coincidences. It began with Reddit user aydiosmio informing me that the hidden message has been previously revealed in an obscure anonymous pastebin text snippet on 2014 June 02:



Quote
The message on TrueCrypt's new website got me thinking:
Using TrueCrypt is not secure as it may contain unfixed security issues
 
Let's isolate the first letter of each word:
(U)sing (T)rueCrypt (i)s (n)ot (s)ecure (a)s (i)t (m)ay (c)ontain (u)nfixed (s)ecurity (i)ssues
 
Result?
utinsaimcusi
 
Let's spread that!
uti nsa im cu si
 
That is latin for
"If I wish to use the NSA"
 
Stay away from future Truecrypt releases. This is clearly a warning from the developers.

When I first decided to write this article, I was not aware of the pastebin text above. I thought I was pretty clever, and I intended to get some recognition for it by writing this article. So, to see someone who pretends to have cleverly discovered such an interesting hidden message, it is very odd that they would post their discovery anonymously, without taking any credit for it. On top of that, there are other oddities in the message:

* The anonymous clever guy specifically says to stay away from FUTURE TrueCrypt releases, when NSA troubles would make us want to avoid ALL releases. The poster accidentally reveals he has inside knowledge about current and old releases being free from NSA backdoors.

* The anonymous clever guy properly capitalizes the CamelCase in "TrueCrypt" 3 times in a row. He capitalizes each word at the beginning of sentences 8 times in a row. Then, near the end of the text, he fails to properly capitalize "latin" and "Truecrypt", right where he most wants us to believe that he is not one of the TrueCrypt developers (perhaps because of a National Security Letter gag order).

There is enough evidence to claim that the pastebin text is deceptively contrived to appear to NOT originate from the TrueCrypt developers, when in fact, they are the ones who wrote it, probably when they became frustrated that no one found their obvious hidden message - Obvious if you know English well enough to see that the sentence was contrived, and if you know Latin well enough to see the message pop out from seemingly random letters. Maybe the TrueCrypt developers expected it to be obvious for a cryptography expert.

The pastebin text is minutes away from passing 12'000 views at the time of this writing, so it must have been quietly making the rounds in huge venues that are being overlooked by mainstream authors and publishers. One such venue that is large and attracts sophisticated techies is IRC, so I decided to do some sleuthing there to figure out what's going on.

I have idled in many IRC channels over the years, and one of them is freenode's #truecrypt. Although I haven't been actively participating in that chat, I just happen to have some logs from a few of the times I have been connected to it. I did a quick search through my logs to see if anyone has mentioned the hidden message, and I found this on 2014 June 11:

Quote
2014-06-11 12:13:50 <JyZyXEL>   (U)sing (T)rueCrypt (i)s (n)ot (s)ecure (a)s (i)t (m)ay (c)ontain (u)nfixed (s)ecurity (i)ssues
2014-06-11 12:13:52 <JyZyXEL>   https://translate.google.com/#la/en/uti%20nsa%20im%20cu%20si
2014-06-11 12:15:31 <Darky>   nice one
2014-06-11 12:36:10 <DrJ>   JyZyXEL: wow

That user name "JyZyXEL" looked familiar somehow, and I seemed to remember seeing it in Google search results when I was researching one of the links in the article above about the NSA infiltrating the Debian Linux project to insert bugs that could be exploited. I searched for "Debian" and "NSA" again, but found nothing:

https://www.google.com/search?q=debian+nsa

Then I scrolled down to the bottom, and saw Google's automatic suggestions for "Searches related to debian nsa":



Somebody must have been searching for both Zyxel brand hardware and NSA infiltration information to cause Google to give such a strange search suggestion, and I would bet my left pinky-toe that at least one of the people doing those searches is "JyZyXEL" from the IRC log above. Although this is probably not a coincidental connection between all of these facts, it doesn't mean JyZyXEL is somehow connected to the TrueCrypt developers. However, I'm making a note of it here in case there are further developments, or someone just wants to ask him what else he might know.

Of course, we must be cautious by not drawing unwarranted conclusions.


UPDATE 2014 June 17 08:15 UTC


Many people are commenting on Reddit (and here) to point out to me that Zyxel is a computer hardware brand. If you'll read the paragraph above, I've already pointed that out. One thing I didn't point out well enough is that the connection I'm trying to show you is not between the Google search engine keywords "zyxel" and "nsa", but instead between "zyxel nsa310 debian" and "debian nsa". The only reason that is important is because I thought it could possibly be a clue that the person known as "JyZyXEL" had been searching for both information about zyxel hardware and info about the NSA's infiltration of the Debian Linux operating system. That has so far turned out to be dead-end lead, so I think we can forget about it for now, and move on to more interesting things.

One of those more interesting things are the most credible challenges to the information in this article. The first one came from Reddit user "SoundSalad", who warned that it is possible to manipulate Google Translate results to produce translations that fit someone's personal agenda, like making it look like there's a hidden message when there is not one. I thought that was a pretty good lead for further research. I found that it was not possible to manipulate Google Translate like a Google Bomb, but unfortunately, after I presented my results to SoundSalad, he deleted his message! All research is good research, and it's OK to be wrong sometimes as long as it brings us closer to the truth. There's no shame in that, SoundSalad, and I thank you for your help.



So, that's 2 criticisms down, and 1 more to go...

The final and best criticism of this article is the fact that the hidden message is bad Latin. It's bad enough, so say some people, that it could just be a coincidence or a random accident. Essentially, they say that there is no hidden message, because there is no Latin, but I think that's going too far, and I disagree. The critics are correct, it is bad Latin. But, the English phrase it came from was bad English too. The only important thing is that the Latin was good enough for the meaning to be apparent, and I think the odds of that happening completely coincidentally are too small to be believable. If it looks like a duck, walks like a duck, and quacks like a duck, it's a duck!

On the other hand, there are some good reasons to formulate a hidden message in bad Latin. Firstly, what I'm claiming is going on here is the TrueCrypt developers are giving us a warrant canary, which is a warning that they're being forced to do things with TrueCrypt that they don't want to do (Apple has a warrant canary too). If their warrant canary is too obvious, it could cause serious legal troubles for them, so the wisest thing to do is to make the warrant canary deniable. I believe they have done that. The bad Latin is bad enough that anyone can credibly state that it's a hugely unlikely coincidence, but still only a coincidence.

The important thing is that the hidden message - even if it doesn't exist - has succeeded in getting people to question whether the NSA might be trying to tamper with the security of TrueCrypt. That's a bona fide "mission accomplished" from the point of view of the TrueCrypt developers, and there's really nothing more to say about it.


UPDATE 2014 June 18 12:03 UTC


Could it be that we have been trying to translate from the wrong language? I was reading the comments on Graham Cluley's blog article that cites me, and I found that the commenter Krystian had luck translating from Serbian, instead of Latin:

Quote
uti nsa im ću si

Becomes:

Quote
I hear they're NSA



Try it yourself in Serbian:

https://translate.google.com/#sr/en/uti%20nsa%20im%20%C4%87u%20si

Bosnian:

https://translate.google.com/#bs/en/uti%20nsa%20im%20%C4%87u%20si

Croatian:

https://translate.google.com/#hr/en/uti%20nsa%20im%20%C4%87u%20si

Of course, European languages are all at least a little related, so maybe I shouldn't be too surprised to see similar meaningful results coming out of Latin, Serbian, Bosnian, and Croatian. But, I do have to ask, why those languages? My best guess is the TrueCrypt team probably includes cryptographers or programmers from approximately the same region as other known characters in the TrueCrypt story - 1 or 2 of them are thought to be from the Czech Republic.

I tried translating the text in Czech, but got nothing. I've heard people say the text looks more like Romanian, so I tried that, but the translation doesn't work in Romanian either. So, for now, we have to be satisfied with modest successes in translating from only 4 similar languages. I think it's a good time to repeat that I don't believe this is a random coincidental accident. Connect the dots...



* all your base.png (15.78 KB, 623x220 - viewed 59486 times.)

* Google Zyxel NSA Debian keyword coincidence.png (59.36 KB, 635x794 - viewed 54016 times.)

* TrueCrypt hidden message revealed in pastebin.png (94.46 KB, 814x558 - viewed 53472 times.)

* Google Translate not bombable.png (16.24 KB, 456x380 - viewed 36852 times.)

* Pee Wee Herman - Connect the dots la la la.jpg (98.54 KB, 400x400 - viewed 20244 times.)

* I hear they're NSA.png (15.74 KB, 635x308 - viewed 20222 times.)
« Last Edit: 2014 Jun 18, 05:57:56 am by badon » Logged

If families are a problem for the system, then we must reject the system, not the families.
Founder of the Coin Compendium (forum, blogs, calendar, images, donate, contribute).
china-mint.info forum, The Coin Compendium and the china-mint.info forum.
LBC makes you rich, with a free ebay gift certificate awarded every month!
Do not PM questions. Answers should be publicly available.
Backup is not enough. Protect your data with MultiPar.
Writer of LBC Chinese coin investment articles (list).
About me: User:Badon - MediaWiki.org
I type faster on a TypeMatrix.
Use my work. Give credit.
Coin, medal, whatever!
FreeArc is amazing.
User contributions for Badon - Coin Compendium
badon
Administrator
Capitalist Pig
*****
Online Online

Posts: 9366


badon™


« Reply #1 on: 2014 Jun 15, 08:43:22 pm »

Here is a Google Translate version of the Latin phrase:

https://translate.google.com/#la/en/uti%20nsa%20im%20cu%20si

It says it means "If I wish to use the NSA".
Logged

If families are a problem for the system, then we must reject the system, not the families.
Founder of the Coin Compendium (forum, blogs, calendar, images, donate, contribute).
china-mint.info forum, The Coin Compendium and the china-mint.info forum.
LBC makes you rich, with a free ebay gift certificate awarded every month!
Do not PM questions. Answers should be publicly available.
Backup is not enough. Protect your data with MultiPar.
Writer of LBC Chinese coin investment articles (list).
About me: User:Badon - MediaWiki.org
I type faster on a TypeMatrix.
Use my work. Give credit.
Coin, medal, whatever!
FreeArc is amazing.
User contributions for Badon - Coin Compendium
badon
Administrator
Capitalist Pig
*****
Online Online

Posts: 9366


badon™


« Reply #2 on: 2014 Jun 15, 09:30:56 pm »

See also:

https://en.wikipedia.org/wiki/Warrant_canary

It looks like people are pasting screenshots around the net:

https://i.imgur.com/T5p7piw.png

And, I posted this article to Reddit:

http://www.reddit.com/r/conspiracy/comments/289070/hidden_message_on_the_new_sourceforge_truecrypt/

Hopefully it will get posted on other sites too, so people are aware that the shake-up with TrueCrypt should be taken seriously, now that we have what looks like a hidden message that seems to confirm something akin to a warranty canary.
« Last Edit: 2014 Jun 16, 07:25:53 pm by badon » Logged

If families are a problem for the system, then we must reject the system, not the families.
Founder of the Coin Compendium (forum, blogs, calendar, images, donate, contribute).
china-mint.info forum, The Coin Compendium and the china-mint.info forum.
LBC makes you rich, with a free ebay gift certificate awarded every month!
Do not PM questions. Answers should be publicly available.
Backup is not enough. Protect your data with MultiPar.
Writer of LBC Chinese coin investment articles (list).
About me: User:Badon - MediaWiki.org
I type faster on a TypeMatrix.
Use my work. Give credit.
Coin, medal, whatever!
FreeArc is amazing.
User contributions for Badon - Coin Compendium
badon
Administrator
Capitalist Pig
*****
Online Online

Posts: 9366


badon™


« Reply #3 on: 2014 Jun 15, 09:39:30 pm »

vassago in freenode ##economics suggested reading this article, because it gives some good information if you want to catch up on the news behind the TrueCrypt drama:

What's Up With TrueCrypt? in [Market-Ticker]
Logged

If families are a problem for the system, then we must reject the system, not the families.
Founder of the Coin Compendium (forum, blogs, calendar, images, donate, contribute).
china-mint.info forum, The Coin Compendium and the china-mint.info forum.
LBC makes you rich, with a free ebay gift certificate awarded every month!
Do not PM questions. Answers should be publicly available.
Backup is not enough. Protect your data with MultiPar.
Writer of LBC Chinese coin investment articles (list).
About me: User:Badon - MediaWiki.org
I type faster on a TypeMatrix.
Use my work. Give credit.
Coin, medal, whatever!
FreeArc is amazing.
User contributions for Badon - Coin Compendium
badon
Administrator
Capitalist Pig
*****
Online Online

Posts: 9366


badon™


« Reply #4 on: 2014 Jun 15, 10:15:34 pm »

For alternatives to TrueCrypt, see this:

https://en.wikipedia.org/wiki/Comparison_of_disk_encryption_software
Logged

If families are a problem for the system, then we must reject the system, not the families.
Founder of the Coin Compendium (forum, blogs, calendar, images, donate, contribute).
china-mint.info forum, The Coin Compendium and the china-mint.info forum.
LBC makes you rich, with a free ebay gift certificate awarded every month!
Do not PM questions. Answers should be publicly available.
Backup is not enough. Protect your data with MultiPar.
Writer of LBC Chinese coin investment articles (list).
About me: User:Badon - MediaWiki.org
I type faster on a TypeMatrix.
Use my work. Give credit.
Coin, medal, whatever!
FreeArc is amazing.
User contributions for Badon - Coin Compendium
badon
Administrator
Capitalist Pig
*****
Online Online

Posts: 9366


badon™


« Reply #5 on: 2014 Jun 16, 04:37:26 am »

I found this in my logs for freenode's #truecrypt, from 2014 May 29:

Quote
<eyemiru>   guys: "WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues " > "NOT SECURE AS" -> N S A ... there is the hidden message.

Darky from #truecrypt claims to have this in his logs for the next day, 2014 May 30:

Quote
<eyemiru> Guys. Another hint: "Using TrueCrypt is not secure as it may contain unfixed security issues" first letters: "uti nsa im cu si" latin: "If I wish to use the NSA"

I don't have logs from the time that line was supposed to have been spoken, but the log I have for the previous day from the user eyemiru corroborates Darky's information as likely to be correct. It appears that others have noticed the odd wording (like "unfixed"), and then attempted amateur cryptanalysis on it like I did.
Logged

If families are a problem for the system, then we must reject the system, not the families.
Founder of the Coin Compendium (forum, blogs, calendar, images, donate, contribute).
china-mint.info forum, The Coin Compendium and the china-mint.info forum.
LBC makes you rich, with a free ebay gift certificate awarded every month!
Do not PM questions. Answers should be publicly available.
Backup is not enough. Protect your data with MultiPar.
Writer of LBC Chinese coin investment articles (list).
About me: User:Badon - MediaWiki.org
I type faster on a TypeMatrix.
Use my work. Give credit.
Coin, medal, whatever!
FreeArc is amazing.
User contributions for Badon - Coin Compendium
clopez
Almost Nobody

Offline Offline

Posts: 1


« Reply #6 on: 2014 Jun 16, 10:51:40 am »

That user name "JyZyXEL" looked familiar somehow, and I seemed to remember seeing it in Google search results when I was researching one of the links in the article above about the NSA infiltrating the Debian Linux project to insert bugs that could be exploited. I searched for "Debian" and "NSA" again, but found nothing:

https://www.google.com/search?q=debian+nsa

Then I scrolled down to the bottom, and saw Google's automatic suggestions for "Searches related to debian nsa":



Somebody must have been searching for both Zyxel brand hardware and NSA infiltration information to cause Google to give such a strange search suggestion, and I would bet my left pinky-toe that at least one of the people doing those searches is "JyZyXEL" from the IRC log above. Although this is probably not a coincidental connection between all of these facts, it doesn't mean JyZyXEL is somehow connected to the TrueCrypt developers. However, I'm making a note of it here in case there are further developments, or someone just wants to ask him what else he might know.

Of course, we must be cautious by not drawing unwarranted conclusions.

Stop spreading FUD.

That is because there is a router called "NSA310" from the brand Zyxel which runs Debian: https://sites.google.com/site/realblades/misc/debian-on-zyxel-nsa310
Logged
trwoaway
Almost Nobody

Offline Offline

Posts: 1


« Reply #7 on: 2014 Jun 16, 11:40:18 am »

i'll just leave this here. Cheesy

http://www.zyxel.com/de/de/products_services/home-network_storage_and_players.shtml?t=c

zyxel <--- Company name
NSA (Network Storage Appliance) <--- simply the name they use for their NAS product range
Logged
badon
Administrator
Capitalist Pig
*****
Online Online

Posts: 9366


badon™


« Reply #8 on: 2014 Jun 16, 02:58:16 pm »

Ah, so it's a dead end lead. Not surprising, but thanks for the info.
Logged

If families are a problem for the system, then we must reject the system, not the families.
Founder of the Coin Compendium (forum, blogs, calendar, images, donate, contribute).
china-mint.info forum, The Coin Compendium and the china-mint.info forum.
LBC makes you rich, with a free ebay gift certificate awarded every month!
Do not PM questions. Answers should be publicly available.
Backup is not enough. Protect your data with MultiPar.
Writer of LBC Chinese coin investment articles (list).
About me: User:Badon - MediaWiki.org
I type faster on a TypeMatrix.
Use my work. Give credit.
Coin, medal, whatever!
FreeArc is amazing.
User contributions for Badon - Coin Compendium
badon
Administrator
Capitalist Pig
*****
Online Online

Posts: 9366


badon™


« Reply #9 on: 2014 Jun 17, 12:15:57 am »

Here's a link to all the cross-posting on Reddit:

http://www.reddit.com/r/conspiracy/duplicates/289070/hidden_message_on_the_new_sourceforge_truecrypt/

Also, I've done a second update to the article that addresses some of the best criticisms, so please take a look.
Logged

If families are a problem for the system, then we must reject the system, not the families.
Founder of the Coin Compendium (forum, blogs, calendar, images, donate, contribute).
china-mint.info forum, The Coin Compendium and the china-mint.info forum.
LBC makes you rich, with a free ebay gift certificate awarded every month!
Do not PM questions. Answers should be publicly available.
Backup is not enough. Protect your data with MultiPar.
Writer of LBC Chinese coin investment articles (list).
About me: User:Badon - MediaWiki.org
I type faster on a TypeMatrix.
Use my work. Give credit.
Coin, medal, whatever!
FreeArc is amazing.
User contributions for Badon - Coin Compendium
Pages: 1 2 »  All   Go Up
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.18 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!
Page created in 0.114 seconds with 19 queries.