Donate for the Cryptome archive of files from June 1996 to the present

6 January 2014

Edward Snowden and Booz Allen Public Keys

Edward Snowden generated PGP public keys under several email addresses while associated with Booz Allen Hamilton and NSA and later under the alleged pseudonym Verax (none have been found for his work at Dell).

Public key servers (such as SKS OpenPGP Keyserver) are often mined to trace PGP users, and it is likely that security offices at Booz Allen Hamilton and Dell monitored PGP usage by its employees performing government work as required by government contracts, and for NSA, CIA and government counterspies to similarly track their contractors and employees (PGP public key servers are fed to government agencies as well as widely distrubuted to the public. Seasoned PGP users exchange keys privately and may leave public keys on the servers as cover.)

If Snowden generated and used the Verax keys for multiple correspondents, the number might indicate the number of parties receiving his material or who he corresponded with about the material. (PGPdump reveals the exact date and time keys are generated as well as other unique indicators.)

Although it is possible that multiple keys were used to communicate with a single party, or multiple parties, several times, each key perhaps used only once or a limited number of times.

Use of multiple public keys for enhanced security is well known in comsec circles, and is deployed as a ruse to divert attention away from more secure means.

Snowden would have known this ruse, and many others as well. As would have counterspies at Booz Allen, Dell, NSA, CIA and many others.

The NSA report "Out of Control," from 1996, examined the need for counterspying system administrators like Snowden. Snowden may have known of this report, and might have considered it a ruse of ruses.

Sample public keys:

Type bits/keyID     Date       User ID

pub  4096R/21B7141F 2013-03-24 Ed Snowden <>
                               Ed Snowden <>
                               Edward Snowden <>
                               Edward Snowden <>
                               Edward Snowden <>
	 Fingerprint=98E6 3244 07FA 26AD B358  7C95 4DB8 A088 21B7 141F 

pub 4096R/21B7141F 2013-03-24 Fingerprint=98E6 3244 07FA 26AD B358 7C95 4DB8 A088 21B7 141F uid Ed Snowden <> sig sig3 21B7141F 2013-03-24 __________ __________ [selfsig] sig sig3 21B7141F 2013-04-13 __________ __________ [selfsig] uid Ed Snowden <> sig sig3 21B7141F 2013-04-13 __________ __________ [selfsig] uid Edward Snowden <> sig sig3 21B7141F 2013-03-24 __________ __________ [selfsig] uid Edward Snowden <> sig sig3 21B7141F 2013-04-12 __________ __________ [selfsig] sig revok 21B7141F 2013-07-16 __________ __________ [selfsig] Note last revocation after Snowden's releases in early June 2013. uid Edward Snowden <> sig sig3 21B7141F 2013-03-24 __________ __________ [selfsig] sig sig3 21B7141F 2013-04-16 __________ __________ [selfsig] sig revok 21B7141F 2013-07-16 __________ __________ [selfsig] Note last revocation after Snowden's releases in early June 2013. sub 4096R/B25D8926 2013-03-24 sig sbind 21B7141F 2013-03-24 __________ __________ []

Only two other keys used addresses -- 12 years earlier:

pub  1024D/BAE8C0A6 2001-04-16 Hayman <>
	 Fingerprint=D311 FAAA 7AA6 4263 06F0  D8A2 1749 349D BAE8 C0A6 

pub  1024D/EDED4028 2000-12-05 Dan Speas <>
	 Fingerprint=CF3C E65D B30A B92E 21D8  245A 61B1 C896 EDED 4028 

Multiple keys generation is sometimes an indication of keys being used for single or multiple correspondents or tasks for enhanced security.

A Booz Allen senior associate generated several keys on two days; no other keys were generated in this two-day volume:

pub  2048R/07B5ED7F 2013-03-19 Mark Eckert <>
	 Fingerprint=9AB1 0F99 9BC4 79B0 3FB0  C236 E55F B011 07B5 ED7F 

pub  2048R/04FB2011 2013-03-19 Mark Eckert <>
	 Fingerprint=C247 FE8E 1E5B CF8A AE94  08FE A42B B21D 04FB 2011 

pub  2048R/2FB85DA7 2013-03-19 Mark Eckert <>
	 Fingerprint=089E FB6A 45E4 8283 8D9A  4000 4CC5 6946 2FB8 5DA7 

pub  2048R/20F57C2B 2013-03-19 Mark Eckert <>
	 Fingerprint=8A77 6E80 2F37 B2E1 52D0  7620 0148 90CF 20F5 7C2B 

pub  2048R/0E009444 2013-03-18 Mark Eckert <>
	 Fingerprint=4779 371B 4A2C 0A45 917C  033B C741 883A 0E00 9444 

However, the alleged Snowden pseudonym, Verax, generated these keys in a week, most of them on one day:

pub  4096R/0E8CD2B6 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=F606 1774 A693 72A1 8AD0  1CD7 0C4D AF57 0E8C D2B6 

pub  4096R/71A3AA96 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=2B5D D0BF F454 8592 1FAF  22FB 4569 3580 71A3 AA96 

pub  4096R/79B82638 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=4ECC 0702 A2E9 5FA6 2074  C7BE 574F C888 79B8 2638 

pub  4096R/E87C2665 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=7F99 43F6 5CC9 BAD1 92A9  8DF8 96E6 0F93 E87C 2665 

pub  4096R/C920FAA6 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=AC5E 06C5 17D0 A8C1 75D3  17F5 53B9 0192 C920 FAA6 

pub  4096R/CEBFFE8D 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=22DA 0669 5202 A346 BA36  F35D 3CEB 5687 CEBF FE8D 

pub  4096R/2BE0BC29 2013-05-20 Verax (Informed Democracy Front)
	 Fingerprint=5091 7466 B18F 35B3 F644  F700 1D0D 97F2 2BE0 BC29 

pub  4096R/9DCA85F7 2013-05-19 Verax (Informed Democracy Front)
	 Fingerprint=BDE4 AA86 8507 1371 7793  11A8 105D A7AB 9DCA 85F7 

pub  4096R/BE452B27 2013-05-13 Verax (Informed Democracy Front)
	 Fingerprint=134D 970C 5872 5AA6 8F2A  BD75 D18D FE89 BE45 2B27