Truecrypt recovery service in India

Discussion in 'privacy technology' started by mysticav, Feb 11, 2010.

Thread Status:
Not open for further replies.
  1. mysticav

    mysticav Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    2
    Hi,

    In a desperate attempt to recover my truecrypt password from my USB memory, I paid 250 dlls to a guy from India who says has the ability to recover truecrypt passwords. He toll me that he is a retired scientific from NASA, 25+ years in cryptographic experience, also toll me that he helped the creators of truecrypt and that he knows some truecrypt vulnerabilities nobody knows about.

    My password was around 10 chars long.

    I sent my usb via DHL and did a western union transfer.

    1 month has gone and he says that I need to wait more, because the recovery process is still working.

    He is asking for 250 dlls more, to "accelerate the proccess".

    I'm starting to think I was scammed by this Indian Guy.
    Gosh, I have my thesis document in that USB drive !!!

    Please tell me what to do ...
     
  2. nikanthpromod

    nikanthpromod Registered Member

    Joined:
    Oct 9, 2009
    Posts:
    1,369
    Location:
    India
    contact Police with all details.

    Contact cyber cell
     
  3. kasperking

    kasperking Registered Member

    Joined:
    Nov 21, 2008
    Posts:
    406
    not a good idea to pay again....
    this is from TrueCrypt site....
     
  4. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    I started to think that you were scammed by the time I read your first sentence. How did you first make contact with this scammer, anyway?

    What can you do? Contacting the police would be a start. I truly hope they can help you. After that:
    (1) Try to think of how you'll put the pieces of your life (thesis) back together from the beginning. Most likely, the sooner you forget about this disaster, the better off you'll be.
    (2) It's very unlikely you'll get your drive back, so even if you remember your password when you wake up tomorrow, it will be useless to you. If you made a copy of your drive before you sent it to a complete stranger in another country (was it a file container volume, or was the drive completely encrypted?) you'd still have a fighting chance to remember your password.

    I am sorry to say, but the bad judgement you described - to carelessly forget the password to your thesis and then to give away your usb and money to a complete stranger - makes me a bit skeptical that your story is true.
     
  5. CustomHVAC

    CustomHVAC Registered Member

    Joined:
    Mar 10, 2007
    Posts:
    57
    If it is true, I feel bad for you (like most, you'll go to extremes to get something back if its important enough), that being said;

    It's hard to imagine ANYONE would send a drive to a "Guy from India"
    It's hard to imagine ANYONE would send money a "Guy from India"
    It's hard to imagine ANYONE would more money to a "Guy from India"

    You have a computer with internet access, did you google him to see if he's;
    1. legit?
    2. At the said address?
    3. affiliated with Truecrypts design?
    4. Wanted?
    5. Famous for cracking truecrypt?

    Lesson to others - If you don't know 100% who your sending money to (or flash drives) - DON'T SEND IT

    For you it may be too late (but, I'll keep my fingers crossed)
     
  6. mysticav

    mysticav Registered Member

    Joined:
    Feb 11, 2010
    Posts:
    2
    Yes, I know it sounds crazy. I met this guy in a IRC channel. The guy says that he can give my money back if he doesn't get the password before april/2010.

    At least he is responding my E-mails.

    Perhaps it is not scam, and the guy simply is using a very fast computer dedicated 24/7 just to brute force cracking.

    If I don't get my money back, I'll contact cyber police.

    For those asking how I forgot my password. Actually I didn't forget it entirely.
    I sent to this Indian Guy, maybe 80% of what I remember. I don't know which method and algorithm he is using.

    Come on guys, we are humans, thousands of people forget passwords everyday.

    Also, taking the risk for 250 dlls is not a bad, bad idea, when your precious document is lost.
    I was working on my thesis on a laptop, doing backups to my encrypted usb drive. My laptop was stolen, and the only backup I currently have is in the usb drive. The last time I did a backup I change my truecrypt password to make it more secure, 1 week after, trying to access my usb drive, The password I'm trying is not correct. I tried ALL, lower and upper case, etc.
     
    Last edited: Feb 11, 2010
  7. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    1,034
    Location:
    Hawaii
    You should have imaged your drive first and sent him a copy, or at least kept a copy as a backup. Now you're left hanging with nothing to fall back on.

    At this point I would ask him for your USB drive back so you can explore other options. If he's legitimate then he has already made an image and will be working from that, so he no longer needs your actual drive.

    Cracking a TC password doesn't require a rocket science background. It merely involves generating an appropriate wordlist and feeding it to a bruteforcing script. If you know most of your password but are in doubt about a relatively small portion of it then this might be a feasible approach. However, TrueCrypt resists brute-forcing attempts by design, so this approach is only worth doing if the list of possibilities is not too large (e.g. in the low millions or thereabouts).

    Just wondering: Did your cracker happen to mention how may passwords per second he is able to test?

    I wouldn't send any more money, as the entire scenario already appears to be quite suspicious. When one combines your cracker's "over the top" story with the Western Union cash transfer and his request for additional payment, it almost screams of scam. For your sake I hope it's not.
     
  8. optigrab

    optigrab Registered Member

    Joined:
    Nov 6, 2002
    Posts:
    624
    Location:
    Brooklyn/NYC USA
    Perhpas not, and I certainly hope it is not, but there is another very obvious reason he is responding to your e-mails:
    True, and I feel badly for you and them. Some of my loved ones can't seem to place any importance on password security; either they use one simple password for everything, or they make no provsion to remember their password longer than five minutes. But I am terrified of having to rely on my memory. I use a password safe, KeePass, and store my KeePass file in more than one place. I only really have to remember one password, ever. I use TruCrypt, and my TruCrypt passwords are stored in my KeePass file, which can't get completely lost, because I have more than one copy in more than one location.

    I do not intend to heap criticism on you. I wish you good luck. But I am sure this costly problem will transform into a valuable lesson in time.
     
  9. caspian

    caspian Registered Member

    Joined:
    Jun 17, 2007
    Posts:
    2,363
    Location:
    Oz
    Could brute force tackle something like this?

    ^$eg&HK*8kl9%d$ed#21

    I am surprised that anyone would recommend calling the police. What can the police do? The guy lives in India. I don't think a police officer would even give it any thought.
     
  10. box750

    box750 Registered Member

    Joined:
    Nov 11, 2008
    Posts:
    261
    Just what others said, I do think you have been scammed and he is probably replying to your emails because he wants you send him more money to scam you even more.

    You can try and contact the police, but since the guy is in India, you conducted all the business through an IRC chat, and he even does not have a website/company making false promises, I see little you can do other than assume your loses.
     
    Last edited: Feb 11, 2010
  11. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    1,034
    Location:
    Hawaii
    No way. You're using uppercase, lowercase, numbers and common symbols, so the number of possible combinations is approximately 96 to the 20th power. If that were a TrueCrypt password then it would take trillions of trillions of years to crack using current technology. Although things will certainly get faster in the future. Maybe someday we'll be able to cut it down to a few billion years.
     
  12. JustJohnny

    JustJohnny Registered Member

    Joined:
    Oct 18, 2009
    Posts:
    21
    If you ask me the whole setup sounds suspect. I mean, if your password is only 10 letters and uses dictionary words its conceivable he could brute force it, so maybe thats what hes doing. I seriously doubt there is some secret back-door in Truecrypt that only some dude in India knows about. Its also its kind of suspicious to be asking for more money, classic scam tactic right there. You might want to try to get the drive back in the hopes the password comes back to you. Although if it is a scam, you might just have to bite the bullet and take the loss.
     
  13. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    1,034
    Location:
    Hawaii
    Mysticav, if you ever get your USB drive back, be aware that this type of problem can potentially be solved online or via email without you having to send your drive to anyone. Instead, at a bare minimum you could post the first 512 bytes of your TrueCrypt header, which would probably look something like this: (line breaks added for easier viewing, not that there's anything to see)

    B01A190B5E80079435C725717500B31A999CB826B87D6EB4179DE2C2DADE40D6
    8931CF8939D0C2C0759C9B2CFF3502AC4F6A7BE4182A722DEF7F6A689B94010D
    BBE47677C2C76648FA3F4492ADDE009924BCED24BC4C2A097C66F50525FD12C2
    7788FCFAF650CD7C267540BD601642B9653243EB7BBE10C456A049EDBC0DB895
    8ECB06BE319E976914079A3B4F111E38D0BF0F3F6B227786D4DE2FDA13709682
    B78BE5BB313E2ABB155278EFC00F46C148B148F52E75395C857C1B743CA16B6A
    0000D6A500088BE512EECD9C8891DA0FD80A9C54F66261D2B87F507F52BE1A6C
    518051D46E7CC25AB0C552BCBB2690AB964744BE1D48B5F760D22E0D322468ED
    42FC094F17B682C6C82ACB72431908A9C272848F6B28855F2B6CF85B324F9554
    17D9C41974DCF45F760D61147CE6A55B8C92F02196675E8D96F2D09229D6D79B
    F1E4445AB78858975EFED209AF4E9DB9299813C18F3C1D6D25A69A273E41BC05
    42546E5B1F9F77300AA768BB5350B845758935B2F14F8D5A6B85E65CBF02279E
    73AC767484A6448EACDFDE921D6F8887052408E95EDD2E0716B4232942969AE6
    2898424D07CE09D72D67E9AC6D6A4A6EDD9358C38FE1E80D784B97880FAF8902
    260A5DB08B804520C982792EE20C65D736BF4D9B1FC7E305DF6A5704A438E3A2
    D4AD056CE7E3387BD9FFF34555138359EE930B3095E203A8EED67FC0DA5A0E0B

    I could easily walk you through the procedure, which would require the use of a freely available hex editor. The only tricky part would be in properly locating the TrueCrypt header, but in the case of a fully-encrypted flash drive it should be relatively easy.

    You would also need to post your best guesses as to what you think the password should be, plus whatever hints you could provide as to which parts of the password you are sure of, which parts of the password you are unsure of, the types of characters that you might have used (eg uppercase, lowercase, numbers, symbols) and the types of characters that you definitely would not have used.

    If the problem looked readily solvable (that is, there were not too many possibilities to test) then somebody like myself might come along and try to crack it just for fun, although you would probably get better results by offering a healthy incentive such as an attractive reward, to be paid AFTER finding the solution. (In my case I would merely ask you to donate the reward to the American Red Cross Haiti relief fund.)

    Better yet, you could make the complete 64k volume header available as a downloadable file, and this would open up the field to a great many more "contestants" who might not be familiar with hex editors and the innards of TrueCrypt volumes but who would still like to take a crack at the reward money. In this case a simple script, a configurable word generator and a bit of technical expertise are all that would be required.
     
  14. Fly

    Fly Registered Member

    Joined:
    Nov 1, 2007
    Posts:
    2,201
    Retired scientist from NASA, living in India ? And yet, after his retirement he needs an additional 250 USD to complete the task ? He is too poor ?

    Not very plausible, is it ?
    In the unlikely case he is not a scammer you could agree to pay him the 250 USD AFTER he has completed his task and has returned your thesis. I wouldn't send him any money in advance. Crooks can be very convincing sometimes, but if you step back it should be obvious something is fishy.

    If you can't remember your password, it's probably best to forget the matter and start writing again. You probably have a deadline ?

    Why did you encrypt it anyway ? That makes sense if it's very sensitive, but in that case I wouldn't send it to a complete stranger. If you have to encrypt something, it's usually a good idea to write down your password and save it. But not always.

    But I wonder, can you get your laptop back ? Sometimes it's possible to trace it, it may depend on the hardware/software/services.
     
  15. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    I've created a Truecrypt bruteforcing tool, and plan on releasing it sometime as a shareware/donationware product, but it needs a lot of polishing before it's ready to be released, to add a UI and make it more generic. I'm also working on some other projects, so the timescale depends on the demand for this type of utility.

    EDIT: As dantz has mentioned, it's not necessary to send the entire drive to brute-force it.
     
  16. dantz

    dantz Registered Member

    Joined:
    Jan 19, 2007
    Posts:
    1,034
    Location:
    Hawaii
    That's great news. Did you build a custom version of TrueCrypt that cuts out some of the unnecessary routines? I'm just using a batchfile and the standard release, so I can only test about 4 pw/sec on my best system.
     
  17. Defenestration

    Defenestration Registered Member

    Joined:
    Jul 17, 2004
    Posts:
    1,108
    Yes, sort of. I had the same speed problem when using batch files myself. I'll post back with number of password attempts per second/minute on a Q6600 (It may be a few days though).
     
  18. wakeup

    wakeup Registered Member

    Joined:
    Mar 5, 2010
    Posts:
    1
    Dantz, I would be most grateful if you could please take a look at my thread where I have detailed a similar situation (although in my case I haven't forgotten the Truecrypt password, but I have damaged one of the keyfiles). If you, or anyone else, can render assistance I would be absolutely delighted to provide a reward, especially in the case of a monetary donation to a respectable charity.

    I was looking up "Truecrypt recovery" services myself before finding this forum!

    My thread is here: https://www.wilderssecurity.com/showthread.php?t=266902
     
  19. DavidXanatos

    DavidXanatos Developer

    Joined:
    Sep 6, 2006
    Posts:
    2,319
    Location:
    Viena
    @wakeup
    I read your thread and well, you are most likely totally screwed.

    @mysticav
    The guy from India is almost certainly a conman.
    I mean com on, NASA scientist helping the TC team and leaving in India, and working for only 250 bucks. Thats sounds like the easter bunny o_O

    A 10 character password is crackable, but well you need a really big cluster and a loot of time, and well the bill will most likely exceed a few (hunderd) thousand $$

    Why have you encrypted it in the first place and more important why do you have only one backup of something so important?
     
  20. dw426

    dw426 Registered Member

    Joined:
    Jan 3, 2007
    Posts:
    5,543
    I can't believe I came across this. You are done, pure and simple. I'm really not trying to come off rude, but really, why did you buy into such a croc of crap from this guy? I'm making an assumption you panicked, were already a member of some sort of forum or what have you that had its own IRC channel, and you started talking about it to others in chat.

    Talking about it to a room full of people you likely did not know was your first mistake. I also am assuming that not too many seconds passed by before "some guy" popped right up in a private message/whisper saying he could take care of it. By the way, dirt poor NASA scientists, retired or otherwise don't exist unless they went and blew every dime they had or ran into massive misfortune.

    Also, India? That would raise red flags alone. Why on earth would some random guy in India not only care about your drive, but volunteer to mess with it? You also screwed up big time if you didn't negotiate a set price and time limit. If he's not a professional data recovery specialist with not only a website, but a phone number and physical address, he doesn't get to determine a month later he wants more cash...unless he's holding your drive for ransom, which of course he is, at best.

    This was a VERY bad move. Again, I'm not trying to insult you, but sugar coating it and patting your back isn't going to teach you much. There's a VERY good chance the contents of your drive are floating around some P2P network right now.
     
    Last edited: Mar 16, 2010
  21. papillonn

    papillonn Registered Member

    Joined:
    Oct 19, 2005
    Posts:
    117
    Location:
    TR
    Go to India, find the guy and give him extra 250 dolars or
    Stay at home, forget everything and give nothing to him again and again.

    Even NASA itselft wants my usb key i wouldn't send it to them. They can put an alien in it. micro alien which lives in usb etc...

    How do you trust these kind of people? I remember Online Armor admin has written a msn dialog in his blog about this kind of scammers whom he spoke for a while. Here it is http://onlinearmorpersonalfirewall.blogspot.com/2009/03/yes-16million-usd-but-we-will-have-to.html
     
  22. MikeNash

    MikeNash Security Expert

    Joined:
    Jun 9, 2005
    Posts:
    1,658
    Location:
    Sydney, Australia
    Hi,

    99% chance you've been scammed. I would ask the guy to send you back your USB. Even offer to pay *once you have it back* if you have to. And of course, by "once you have it back" I mean - it's in your hands.

    Do not give him any more money. If he complains about the cost of courier, you can first of all ask him "But surely, you would have had to send it me back, and included that in the price" - and - if he becomes insistent, pay for the courier directly (send them for a pickup).

    Do not send any more money.

    Unfortunately, the chances of you seeing the device again are slim. If you send money, you will send more and more and more until you can't - and you still won't get it back.


    Mike

    Ps. Don't send any more money :(
     
  23. wat0114

    wat0114 Guest

    Yep, you've been scammed. I'll go out on a limb and proclaim 100%. Put it behind you and kiss the $250 good bye. Learn from this experience. Don't send money again to "some guy" from "insert country here".

    Whoaa, this is no-holds-barred straightforward, but I gotta agree with dw.
     
  24. Taliscicero

    Taliscicero Registered Member

    Joined:
    Feb 7, 2008
    Posts:
    1,439
    Guy worked at NASA in a high paying job and wants to spend a long time doing something that he did every day for 25 years for not very much money for a person he dosen't even know. :thumb:
     
  25. chronomatic

    chronomatic Registered Member

    Joined:
    Apr 9, 2009
    Posts:
    1,343
    All I can do is shake my head. Being a supposed scientist at NASA has nothing to do with encryption. I suppose NASA encrypts the data stream from the Mars rover to earth? You know, we gotta stop the aliens from spying on us. :argh:
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.