TrueCrypt forum gone? (TrueCrypt either stopped development or was hacked?)

I just tried to go there and it is showing TrueCrypt's site being shut 5/2014. Its been a few weeks since I have gone there.

Anybody else seeing this??


www.truecrypt.org


sourceforge.net was popping up a dialogue about it but now its being over hammered.

 

I get a page about migrating to BitLocker.

 

Same here.

Seriously, who would migrate to a system run by and controlled by Microsoft? Sure a business might, but a privacy advocate that wants his/her stuff to be "eyes only" wouldn't dream of it.

Tin foil hat thought: TrueCrypt's site is shut so lets get the "suckers" to migrate from something we cannot break into. Then when they go to BitLocker we can have any access that we want. Until I hear about the hundreds of encrypted hard drives sitting around LE evidence lockers being opened I think I'll likely stay with TrueCrypt.

I am waiting for a few big court cases to run their course regarding 5th amendment rights. If it ends up being that I/we have the right to remain silent regarding passwords I'll probably move everything over to LUKS/DmCrypt. That does not have hidden volumes so that is why I am waiting.

 

This is disturbing...

 

It looks like a total hack job. Check out the Wikipedia page history and talk page. It was immediately bombarded by no-account edits and a couple of SPAs, two of which being the not-so-discreet handles "truecrypt-end" and "Noonnee"...all basically removing info and spamming the page with verbatim copies of the warnings about the program being unsafe.

Everything about this looks like a classic phishing attempt. Someone gained control of the TC domains (the sourceforge and the main site...the sourceforge was where Version 2.1a was released, and a few months after that it started redirecting to truecrypt.org).

But it does look like they've covered the bases...

TrueCrypt.org redirects to truecrypt.sourceforge.net. They even got the sourceforge projects page plastered with the same warning:

http://sourceforge.net/projects/truecrypt

And if you go the bottom of the main page there's a link to that new binary, allegedly of version 7.2. (Let's just say I wouldn't run this thing if I were you.) It even comes with signatures, but at least one person on Wikipedia says they don't validate.

My biggest question is, why the push to Bitlocker? Would anyone from Microsoft or NSA really be that naive? Or could this be like a false flag-false flag?

 

@blainefry: It might be so, however if it is true please notice that the "hacker" didn't just take over truecrypt.org in order to serve malware from it. It is using the domain to discredit TrueCrypt, which makes this a more elaborate attack...

 

Steve Gibson on twitter

 

Ars Technica is already on the story...

http://arstechnica.com/security/201...ure-official-sourceforge-page-abruptly-warns/

 

Github:

"the binary on the website is capable only to decode crypted data, not encode, and may contain trojan. The binary is signed with the valid (old) key. All old versions are wiped, the repository is wiped too."
So it looks like a hack

 

Glad I'm not the only one who went "Huh?" Here's to getting everything back up and running.

 

This makes the avast forum username and password hack look like a booger.

 

TrueCrypt considered HARMFUL – downloads, website meddled to warn off users.

 

So Snowden supposedly knows something about it?

That's probably not good news

 

The real suspicious thing about the TC shutdown explanation is that it revolves around Windows XP support. What would that have to do with TC security? Also, other Windows versions are capable of Bitlocker but Win7 Home Premium (probably millions of copies in use) does not come with Bitlocker. Pretty weak line of reasoning. Most security savvy people would not buy this simplistic explanation.

This looks like a very sophisticated hack by a government agency. Which one I have no idea but getting a bunch of Chinese dissidents or Al Qaeda terrorists to freak out and decrypt their data before they get raided....

 

Following the TrueCrypt hashtag on Twitter is like KUWTK for technophiles...

https://twitter.com/#truecrypt

 

TrueCrypt Setup

 

This is a bogus hack. I have seen several stories on this now and the facts just do not line up with a legitimate shutdown of TrueCrypt. The date format on the about screen is all wrong, the website redirects to a different place, they offer non-free-open-source bitlocker alternative. This is all wrong. I have made a youtube video with the hopes it will catch people's attention who would otherwise miss this news: https://www.youtube.com/watch?v=WJvNTsJesgQ

This is really bad. I have backed up my copy of TC in case something has happened and I cannot ever get a working copy again.

 

I'm betting that the wrench got to them, and that they gave it all up

 

If this is going to be the Truecrypt thread concerning this issue, we really need a better subject title.

This could be so many different things. I think the prudent thing is to do nothing. Yet.

I think the most likely thing is this is Lavabit all over again. Truecrypt may have been compromised and they are telling us, without "telling us", that the software is not safe and has been compromised. Instead of going forward with their developers having been outed to governmental authorities in NATO countries, the software itself could no longer be considered 100% "clean" - they are simply shutting down and writing it off to "security issues" in a very broad sense. In other words, they are not playing along. They are just closing shop.

Many possibilities, but the above is very possible.

 

Perhaps similar to Lavabit/Levison? An NSL/National Security Letter has been served?
As in, 'either you fully cooperate and give us everything encryption-wise or we'll sue you into oblivion'.
Levison decided not to play along and opted to pull the plug/destroy his product, rather than hand over his customers data/privacy.

 

>> Just a coincidence that SourceForge had a forced password change last week?

 

I am surprised by the number of people I am reading on other sites fleeing their current versions of Truecrypt. I think my post 19 and Baserk's post 20 is still the most logical explanation - all the way down to the non-sensical nature of some of their suggestions. That could very well be the icing on the cake in their making it obvious that things have been compromised one way or another.

As many know, I have been a big believer in hardware FDE, and stand by that. I also thought using TC with hardware encryption was also a viable option. If someone feels that need to abandon TC, take a look at some of the high-quality hardware FDE products. As far as software encryption, I feel comfortable with Jetico and their Bestcrypt line of encryption products. They've been at it since 1993, have very sharp developers, maintain their products well, and have a reputation of excellence from their base in Finland. It is not open-source, but Jetico has always been highly regarded.

 

Sigh, and I just came back from DiskCryptor not too long ago for AX64 (and Parted Magic to an extent) compatibility. Will have to wait and see for now.

 

"WARNING: Using TrueCrypt is not secure as it may contain unfixed security issues"

TrueCrypt is Not Secure As...

Emphasis on the NSA in "not secure as"

 

Not sure that would make sense as the source code was already available to everyone. Perhaps a directive to include a backdoor might be possible but then it also would be discoverable by anyone unless they switched to closed source which would result in immediate suspicion.

Closing down the entire project without any prior news/hints doesn't make sense if it was actually due to a flaw. In addition why not simply fix the potential issues after so many years getting the program to where it was? I wouldn't suggest jumping ship until things are made clearer.