Yesterday morning, emails between Edward Snowden’s go-to journalist Glenn Greenwald and his lawyer Jesselyn Radack were leaked to Cryptome, a well-known archive that carries every different type of leaked document you could think of, and then some.
And while the actual content of the correspondences themselves are relatively tame (mostly covering Greenwalds upcoming appearance at a Polk media event and his McGill journalism award), it’s the fact that they were leaked at all that have those close to the issue concerned the most.
No one is entirely positive just yet on how exactly the conversation was decrypted, however there are several theories currently floating around the blogosphere and inputs coming from all sides of the issue.
Tor developer Jacob Applebaum (who also happens to have high-level access to the pile of PowerPoints that Snowden dumped in a few select laps last year), suggested that it was the removal of the third encryption key that could have caused the breach, weakening the PGP standard to a point where a brute force botnet could finish the job and crack open the somewhat worthless treasure contained inside.
“I have a copy of the full original email and it is encrypted to three keys. Two of them are correct and the third is a likely hostile party. The third key involved is for an email address that may be run by a hostile party, with a PGP key. It is not controlled by Glenn [Greenwald] or Jess [Radack].It appears that the person who leaked the PGP encrypted text took out the metadata about a third key, which explains the ability to decrypt.”
Another theory proposes that Radack could have been fooled into downloading customized keys that were prone to intrusion, rather than the trusted distributions put out by the engineers of the PGP encryption library themselves.
However they got in, experts from the online community have been pouring in to voice their theories on just what went wrong, and perhaps more importantly, how we can prevent it from happening again in the future.