Villarejo encrypted his hard drives with an obsolete and "insecure" program but the CNI is unable to decipher them

• Justice. "That the machines govern us": this is the sect of the Google employee who can go to jail for 330 years
• Technology: From Obama's investigation to the Google veto: this was Huawei's downfall
• National Security: Spain leaves the future of its telecommunications in the hands of Chinese companies accused of espionage
• Technology: Hacker sentenced to lead Telefónica's security
• Profile: To found Android to run a prostitution network: Andy Rubin's scandalous life

Before falling into disgrace and ending in provisional prison, the ex-commissioner José Villarejo already presumed before his alleged accomplice (Commissioner Enrique García Castaño) to keep "secretly" the secret of the sensitive information he handled in his business and communications.

The appointment of Villarejo, coming from some listeners dating from 2005, show that the ex-commissioner was not bluffing . The dozens of hard drives and pendrives that in total totaled more than 40 Terabytes of information (each terabyte equals 1,000 Gigabytes) that the justice requisitioned to the police in search of evidence were sent to the National Intelligence Center (CNI) so that their experts in Cryptography access the content .

Within the intelligence agency, the research to decrypt the information of Villarejo is carried out by the National Cryptological Center, an integrated and dependent agency of the CNI that coordinates the technological-cryptographic investigations and is responsible for training the state personnel in cryptography .

To protect their hard drives and pendrives, Villarejo opted for the TrueCrypt program , a software that, according to its own website is "insecure" and obsolete .

"Warning: using TrueCrypt is not safe as it may contain unresolved security problems, " says a red warning message in the header of your web page.

The encryption program page encourages users to migrate to Bitlocker (the Microsoft analog program) all the information they have stored in Truecrypt. To do this, they also offer a step-by-step guide in which they tell how to carry out this migration process.

Although it is still possible to download the program from the website, its creators say goodbye warning that " using TrueCrypr is not safe " and that "you should only download TrueCrypt to migrate data previously encrypted with the program ".

TrueCrypt is a software that came to light in 2004 and was gaining popularity as a tool to encrypt and protect information among the cybersecurity community.

The program had a good reputation to such an extent that it was chosen by former US intelligence employee Edward Snowden to protect the information he had managed to take, in addition to being used by organizations such as ISIS to safeguard his secrets.

Why is it not possible to access the information?

The CNI has informed the National Court that it has not been able to access more than 50% of the information that the exagent kept in its computers and pen drives, according to El Confidencial, since they were protected by TrueCrypt.

During the time that TrueCrypt had maintenance and updates behind , there is no evidence that the judicial or police authorities could access the information protected by this program.

However, after the obsolescence announcement published on its website, there have been at least two successful attempts in which the police and judicial authorities of different countries have managed to decrypt the information .

The first one occurred in August 2015 , months after the developers posted the alert message on the web. The FBI was able to access the encrypted hard drives of Christopher Glenn , an army contractor who had been stealing secret documents and was sentenced to 10 years in prison. However, the technique used by federal agents to access the files remains a mystery .

The second case of success dates from last 2018 and occurred in South Korea . The police managed to decrypt information secured with TrueCrypt within the framework of an investigation into manipulation of public opinion in the country . In this case, the security forces managed to access the information thanks to trial and error methods based on information based on the password.

The last audit to which TrueCrypt was submitted dates a few months after its creators advised against its use. It was prepared by the Gibson Research Corporation and it explains that the program "is still safe to use . " The complete audit, carried out in two phases, did not find serious failures but some minor problems.

The program fell out of favor after this announcement by its creators and other alternatives such as Bitlocker (promoted by Windows) or VeraCrypt occupied its space.

The Professor of Safety Engineering at the Cambridge Comuptation Laboratory, Ross J. Anderson, explains to PIXEL that the end of TrueCrypt was wrapped in a halo of mystery and that different versions circulate among the community of experts about what happened .

Among them, he points out the existence of " a theory in which the authors received some kind of court order and launched a canary warrant to destroy their product if they were legally bound."

The expression warrant canary does not have a direct translation into Spanish. It comes from the use of canaries in the mines to identify the presence of gray gas and is used to describe the method by which an Internet service provider informs its users that it has not received a secret citation or government requirement in the US. The purpose is to passively inform users that the Government has seen or had access to information thanks to a secret citation .

" A bad reputation was created and most people stopped using it, " explains cybersecurity expert Enrique Serrano to PIXEL. "The program is still available on the Internet and depending on the version you use it can continue to work well but you have to trust that this version is good and that the settings are safe, " he says.

One of the main features of the program was its simplicity . "The programs are very easy to use. You have to choose a password, follow four or five steps and they would already have your information encrypted . There are many different types of encryption types and you can choose the complexity of it, which makes the information it's easier or harder to decipher, "says Serrano.

This computer security expert says that " the most common way to attack this type of encryption would be brute force [testing millions of different combinations] which makes it almost impossible to decrypt the information we want to access."

According to the criteria of The Trust Project

• Internet
• Microsoft
• Edward Snowden
• South Korea
• National audience
• TV
• technology

StreamingThe YouTube Premium series are now free, but the service is not dead (yet)

VarenykyThe bot that terrifies the Internet: it records you without permission when you watch porn

Apple technology will stop listening to your conversations with Siri