Indications suggest that the silent and anonymous creators of TrueCrypt, the widely popular openÂ source freeware application, often used to secure bitcoin wallets, may be responsible for a sudden halt in services. The service, which was primarily used for protecting personal and sensitive details and data, was suddenly updated with a rather unusual message.Â
The TrueCrypt site surprised its users with the following messageÂ reading, “WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues.” In additionalÂ guidance, the site’s developers added:
“The development of TrueCrypt was ended in 5/2014 after Microsoft terminated support of Windows XP. Windows 8/7/Vista and later offer integrated support for encrypted disks and virtual disk images. Such integrated support is also available on other platforms (click here for more information). You should migrate any data encrypted by TrueCrypt to encrypted disks or virtual disk images supported on your platform.”
The page, which according the the message “exists only to help migrate existing data encrypted by TrueCrypt,” further suggests that its users should migrate their existing data from their service into Microsoft’sÂ encrypted BitLocker drive. BitLocker, accordingÂ to PCWorld, is only available onÂ Windows 7 Pro and Ultimate Editions, andÂ Windows 8.1 Pro and Windows 8.1 Enterprise, which makes the solution abysmal at best due to its limited accessibility.Â
The move is a surprising one due to the fact that the service was recentlyÂ granted approval from a iSec, a highly regardedÂ full-service security firm whoÂ asserted thatÂ in respect to TrueCrypt, theyÂ â€œfound no evidence of backdoors or intentional flawsâ€.
Meanwhile, The Register reports that the service “appears to have been compromised.” The service, was a favorite often used by Â NSA whistleblower Edward Snowden; and indications point that either the service has been long compromised, or as some worry, may have been hijacked. The Register further reports that as recent as Wednesday, a Wikipedia user under the handle “Truecrypt-end” persistently attempted to make changes to the TrueCrypt page but was blocked from doing so by moderators.Â
A recent crowd-funded audit proved consistent that while there were minor security flaws within TrueCrypt, there were no serious concerns.Â Kenn White, who headed up theÂ TrueCrypt code-auditing projectÂ took to twitter to insist that he has no explanation for the latest developments.Â
No one on the TC audit project has anything to do w/ its development or the TC site. We will share any credible updates w/ the community.
â€” Kenn White (@kennwhite) May 28, 2014
Despite the skeptics,Â Matthew Green, research professor at theÂ Johns Hopkins UniversityÂ Information Security Institute,Â who also headed up the crowdfunding efforts believes that TrueCrypt’s developers are behind the move. In an interview with Krebs OnÂ Security, the cryptographer explained:
â€œI think the TrueCrypt team did this,â€ Green said in a phone interview. â€œThey decided to quit and this is their signature way of doing it.â€
GreenÂ says he isÂ disappointed that efforts have ended this way, he explains that there were plenty of alternatives in regards to continuing TryeCrypt’s usability.Â Green saysÂ there were many ways in which they could have passed the code along without shutting down the service all together.
Last I heard from Truecrypt: “We are looking forward to results of phase 2 of your audit. Thank you very much for all your efforts again!”
â€” Matthew Green (@matthew_d_green) May 29, 2014
â€œBefore this happened, we were in process of working with people to look at the crypto side of the code, and that was the project we were going to get done over this summer,â€ Green told Krebs. â€œHopefully, weâ€™ll be able to keep TrueCrypt.â€
Nonetheless, as Green states, there is unlikely going to be a way to restore trust in the terminatedÂ service now that legitimacy has been compromised. While it remains unclear as to whether or not user information has too been compromised, the site, along with security proponents are warning users to stay away while seeking alternative.Â
Image Credit: Wired