A popular encryption tool used and endorsed by ex-NSA contractor Edward Snowden abruptly shut down on Wednesday, with its website telling users the tool is “not secure” without giving additional detail.
The decade-old tool — called TrueCrypt — allowed users to encrypt sensitive files and hard drives and was a favorite of security-minded individuals. One of those people was Edward Snowden, who hosted a “Crypto Party” in Dec. 2012 to teach a group of people how it to encrypt hard drives and USB sticks, while still working as a contractor for the NSA in a Hawaii.
But the sudden closure of TrueCrypt has led some to speculate the anonymous developers behind it had aroused the eye of the U.S. government and they decided to just throw in the towel. (Snowden’s encrypted email service, Lavabit, suffered a similar fate).
The “advisory comes as a shock to the security community, though no one has been able to confirm its authenticity so far,” wrote Runa Sandvik, a developer of the Tor anonymous web browser, in Forbes.
Snowden’s endorsement of Truecrypt almost certainly put a target on those anonymous developers, 100x so if moonlighting Feds.
— Dan Kaminsky (@dakami) May 29, 2014
Interestingly, the shut down came as a full-scale professional security audit of the TrueCrypt software was underway, led by Matthew Green, a cryptographer and professor at Johns Hopkins University, journalist Brian Krebs reported.
So far, the audit had not found anything suspicious in the code, but Green told Brian Krebs the fact TrueCrypt has been taken down could lead some to believe there’s some “big evil vulnerability in the code.”
“I was starting to have warm and fuzzy feelings about the code, thinking [the developers] were just nice guys who didn’t want their names out there,” Green told Brian Krebs. “But now this decision makes me feel like they’re kind of unreliable. Also, I’m a little worried that the fact that we were doing an audit of the crypto might have made them decide to call it quits.”