1.
Backdoor Dreaming
#m0leCon2021 - Carola Frediani

2.
In the Sixties the UK Foreign
Office’s cold war propaganda
arm had been assigned to stir
Indonesian anticommunists into
action to overthrow the Sukarno
regime.
They did it through black
propaganda.
And through backdoored cypher
machines.
Before the online troll farms

3.
Psyops and SIGINT
GCHQ could break and read
Indonesian encrypted
messages without difficulty. A
revealing GCHQ memorandum
highlighted the contribution
which SIGINT could make.
The GCHQ material can “help
the generals to persecute the
PKI (the communist party, nda)
more effectively”.
How come?

4.
The dirty secret of the machines made for secrets
The government was among many
countries using equipment supplied
by Swiss-based company Crypto AG.
For over 50 years, Crypto AG
supplied secretly sabotaged cypher
machines, so that CIA/NSA, BND and
the GCHQ could easily break the
codes.

5.
Crypto AG: the intelligence coup of the century
Boris Hagelin, Crypto’s founder, fled to the US during the war and sold cypher
machines to the army. Then he went back to Switzerland. US intelligence sent
cryptographer William Friedman to persuade Hagelin to sell his most advanced
machines only to US approved countries. In intelligence terms it is a denial
operation.

6.
The breakthrough
Crypto AG shift to electronic devices was the
breakthrough moment for NSA/CIA. To adapt to
the new technology Crytpo AG accepted their
help.
In 1967, Crypto rolled out a new, all-electronic
model, the H-460, whose inner workings were
completely designed by the NSA.
“Foreign governments were paying good money
to the U.S. and West Germany for the privilege
of having their most secret communications
read by at least two (and possibly as many as
five or six) foreign countries.” (from CIA report)

7.
The expansion
NSA didn’t install crude “backdoors” or secretly program the devices to cough up their encryption keys. The
manipulation of Crypto’s algorithms streamlined and shortened the code-breaking process.
The company made at least two versions of its products — secure models sold to friendly governments, and
rigged systems for the rest of the world (WashPost)

8.
The exit
BND left. CIA acquired other crypto
firms, liquidating some of them. The
documents do not disclose any
details about these entities.
The encryption market moved from
hardware to software.
CIA sold Crypto AG.

9.
The steps
Denial operation
Active measures
Take over (or eliminate) competition
Exit
t

10.
The steps
Denial operation
Active measures
Take over or eliminate competition
Exit
Technological shift
Technological shift

11.
The mastermind
Paul Calder Le Roux is a former criminal
cartel boss. A drug lord. A kingpin. A
weapons trafficker. He has been arrested
in September 2012 and sentenced to 25
years. He was involved in money
laundering, drug and arms trafficking,
organized crime, fraud. He later admitted
seven murders.
But he was also a talented programmer.
Someone even speculated that Le Roux
could be Satoshi Nakamoto.

12.
TrueCrypt prequel
There is a connection between Le
Roux and TrueCrypt.
What we know is that Le Roux is
responsible for creating an
open-source disk encryption
platform called E4M, Encryption for
the Masses. He even wrote a
manifesto: “The battle for privacy has
long since been lost in the real
world”.
I

13.
TrueCrypt release
Le Roux went on to work for a security
company, SecurStar, that later accused him
of having incorporated some of his work
into E4M.
In 2004, a group of anonymous
developers released a new free
file-encryption program, TrueCrypt, built
on the code for E4M.
There was a controversy with SecurStar.
But the anonymous programmers
maintained TrueCrypt. Not clear how they
funded it.
I

14.
TrueCrypt rumors
Around 2013, after the NSAgate,
some speculation arose about the
presence of a backdoor in TrueCrypt.
A crowdfunding campaign was
launched in order to audit it.
“Okay, the sources of TrueCrypt are
available and will probably be
audited seriously, but the binaries (for
Windows) present on the site, do they
contain a backdoor?”, asked an
article.
A researcher compiled it and
answered no (reached a very close
match with the official binaries)

15.
TrueCrypt farewell
The TrueCrypt project was abruptly shut down on May 28, 2014. And this also fuelled speculations.
“They set the whole thing on fire” - Matthew Green

16.
TrueCrypt audit
“The TL;DR is that based on this audit, Truecrypt appears to be a relatively well-designed piece
of crypto software. The NCC audit found no evidence of deliberate backdoors, or any severe
design flaw” - 2015

17.
TL;DR
“Just to be clear, Paul Calder LeRoux wrote
E4M, the precursor to Truecrypt. He then went
on to become, essentially, a James Bond villain.
Truecrypt 1.0 was a fork of E4M made by two
anonymous authors. There was a legal tussle,
and 1.0 was pulled. 2.0 was later released.
The Truecrypt authors were anonymous but
clearly had some funding. They hired lawyers
and filed trademarks. There is no evidence that
LeRoux maintained a connection to Truecrypt
development while he built his criminal empire.
He used it though.

18.
Γνώθι σαυτόν (and your VPN provider)
Crossrider Kape Technologies
They acquired:
● CyberGhost VPN
● Zenmate VPN
● Private Internet Access VPN
● Express VPN (one of major providers)
● a collection of VPN review websites
Incidentally, Express VPN CIO has been
involved in Project Raven, the mercenary
cyberspy unit of the UAE.

19.
Dangerous liaisons
“The combination of malicious ad-network+VPN-provider means that not only can they profile
specific users, but they can also manipulate their traffic. And that’s where the real magic enters
the picture as ‘TNI’!” (‘Tactical network injection, nda).
“Think about it, it’s not only cheaper, people are paying you to run this, you also make ad
revenue, you can sell their data, AND you can occasionally serve some other shady interest by
profiling user traffic and infecting some special unsuspecting customers”

20.
Conclusions?
When does the backdoor dreaming come true?
Enabling factors:
● Technological shit

21.
Conclusions?
When does the backdoor dreaming come true?
Enabling factors:
● Technological shit
● Ideological drive

22.
Conclusions?
When does the backdoor dreaming come true?
Enabling factors:
● Technological shit
● Ideological drive
● Market concentration/dominance

23.
Conclusions?
When does the backdoor dreaming come true?
Enabling factors:
● Technological shit
● Ideological drive
● Market concentration/dominance
● Strong market demand

24.
Conclusions?
When does the backdoor dreaming come true?
Enabling factors:
● Technological shit
● Ideological drive
● Market concentration/dominance
● Strong market demand
● Failure of other containment strategies

25.
Conclusions?
When does the backdoor dreaming come true?
Enabling factors:
● Technological shit
● Ideological drive
● Market concentration/dominance
● Strong market demand
● Failure of other containment strategies

26.
Conclusions?
When does the backdoor dreaming come true?
Enabling factors:
● Technological shit
● Ideological drive
● Market concentration/dominance
● Strong market demand
● Failure of other containment strategies
● Other?

27.
Conclusions?
What do you need to trust a security product?
● Open source code?
● Audits?
● A transparent history?
● Known developers?
● Wide community?
● Funds source?
● A diversified market?
● Competitors existence?
● Ideology affinity?
● Other?

28.
Thank you!
Carola Frediani
Twitter: @carolafrediani
Website and Newsletter:
https://guerredirete.it/