View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Has TrueCrypt been hacked or shelved?

Uncertainty over encryption tool used by NSA whistleblower Edward Snowden.

By Jimmy Nicholls

A shutdown message posted on encryption software provider TrueCrypt’s website has prompted speculation that legal issues or hacking may have brought an end to the project.

Visitors to the website are presented with a warning that the software is no longer secure, followed by instructions to migrate any data to Microsoft’s BitLocker.

A message displayed on the website said: "The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images."

The abruptness of the switch has led to many concerns about the safety of the TrueCrypt 7.2 package, with some also speculating that the anonymous developers behind the project were facing legal troubles.

A favoured tool of NSA whistleblower Edward Snowden, TrueCrypt recently began an independent audit following a crowdfunding session raising $60,000.

Following the first phase contracted auditors iSEC reported that there was "no evidence of backdoors or otherwise intentionally malicious code in the assessed areas", though they added there were some vulnerabilities in the code that were probably unintentional.

Matthew Green, a cryptography professor at John Hopkins University in the US, who helped lead the fundraising effort for the audit, thought it "unlikely" that an unknown hacker identified the TrueCrypt developers, stole the private signing key posted at the end of the webpage, and hacked the site.

Content from our partners
Unlocking growth through hybrid cloud: 5 key takeaways
How businesses can safeguard themselves on the cyber frontline
How hackers’ tactics are evolving in an increasingly complex landscape

"Unlikely is not the same as impossible. So it’s possible that this whole thing is a hoax. I just doubt it," he added.

"An alternative is that somebody was about to de-anonymise the TrueCrypt developers and this is their response."

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.