|
||
|
6 January 2014 Edward Snowden and Booz Allen Public Keys
Edward Snowden generated PGP public keys under several email addresses while associated with Booz Allen Hamilton and NSA and later under the alleged pseudonym Verax (none have been found for his work at Dell). Public key servers (such as SKS OpenPGP Keyserver) are often mined to trace PGP users, and it is likely that security offices at Booz Allen Hamilton and Dell monitored PGP usage by its employees performing government work as required by government contracts, and for NSA, CIA and government counterspies to similarly track their contractors and employees (PGP public key servers are fed to government agencies as well as widely distrubuted to the public. Seasoned PGP users exchange keys privately and may leave public keys on the servers as cover.) If Snowden generated and used the Verax keys for multiple correspondents, the number might indicate the number of parties receiving his material or who he corresponded with about the material. (PGPdump reveals the exact date and time keys are generated as well as other unique indicators.) Although it is possible that multiple keys were used to communicate with a single party, or multiple parties, several times, each key perhaps used only once or a limited number of times. Use of multiple public keys for enhanced security is well known in comsec circles, and is deployed as a ruse to divert attention away from more secure means. Snowden would have known this ruse, and many others as well. As would have counterspies at Booz Allen, Dell, NSA, CIA and many others. The NSA report "Out of Control," from 1996, examined the need for counterspying system administrators like Snowden. Snowden may have known of this report, and might have considered it a ruse of ruses. Sample public keys: Type bits/keyID Date User ID
pub 4096R/21B7141F 2013-03-24 Ed Snowden <edsnowden@hushmail.com> Ed Snowden <edsnowden@lavabit.com>
Edward Snowden <edsnowden@hushmail.com>
Edward Snowden <edward_snowden@bah.com>
Edward Snowden <esnowden@boozallen.com>
Fingerprint=98E6 3244 07FA 26AD B358 7C95 4DB8 A088 21B7 141F
Only two other keys used boozallen.com addresses -- 12 years earlier: pub 1024D/BAE8C0A6 2001-04-16 Hayman <hayman@boozallen.com> Fingerprint=D311 FAAA 7AA6 4263 06F0 D8A2 1749 349D BAE8 C0A6
Multiple keys generation is sometimes an indication of keys being used for single or multiple correspondents or tasks for enhanced security. A Booz Allen senior associate generated several keys on two days; no other bah.com keys were generated in this two-day volume: pub 2048R/07B5ED7F 2013-03-19 Mark Eckert <eckert_mark@bah.com> Fingerprint=9AB1 0F99 9BC4 79B0 3FB0 C236 E55F B011 07B5 ED7F
pub 2048R/04FB2011 2013-03-19 Mark Eckert <eckert_mark@bah.com> Fingerprint=C247 FE8E 1E5B CF8A AE94 08FE A42B B21D 04FB 2011
pub 2048R/2FB85DA7 2013-03-19 Mark Eckert <eckert_mark@bah.com> Fingerprint=089E FB6A 45E4 8283 8D9A 4000 4CC5 6946 2FB8 5DA7
pub 2048R/20F57C2B 2013-03-19 Mark Eckert <eckert_mark@bah.com> Fingerprint=8A77 6E80 2F37 B2E1 52D0 7620 0148 90CF 20F5 7C2B
pub 2048R/0E009444 2013-03-18 Mark Eckert <eckert_mark@bah.com> Fingerprint=4779 371B 4A2C 0A45 917C 033B C741 883A 0E00 9444
However, the alleged Snowden pseudonym, Verax, generated these keys in a week, most of them on one day: pub 4096R/0E8CD2B6 2013-05-20 Verax (Informed Democracy Front) Fingerprint=F606 1774 A693 72A1 8AD0 1CD7 0C4D AF57 0E8C D2B6
|