Exposed – Edward Snowden and Booz Allen Public Keys

Edward Snowden and Booz Allen Public Keys

Edward Snowden generated PGP public keys under several email addresses while associated with Booz Allen Hamilton and NSA and later under the alleged pseudonym Verax (none have been found for his work at Dell).

Public key servers (such as SKS OpenPGP Keyserver) are often mined to trace PGP users, and it is likely that security offices at Booz Allen Hamilton and Dell monitored PGP usage by its employees performing government work as required by government contracts, and for NSA, CIA and government counterspies to similarly track their contractors and employees (PGP public key servers are fed to government agencies as well as widely distrubuted to the public. Seasoned PGP users exchange keys privately and may leave public keys on the servers as cover.)

If Snowden generated and used the Verax keys for multiple correspondents, the number might indicate the number of parties receiving his material or who he corresponded with about the material. (PGPdump reveals the exact date and time keys are generated as well as other unique indicators.)

Although it is possible that multiple keys were used to communicate with a single party, or multiple parties, several times, each key perhaps used only once or a limited number of times.

Use of multiple public keys for enhanced security is well known in comsec circles, and is deployed as a ruse to divert attention away from more secure means.

Snowden would have known this ruse, and many others as well. As would have counterspies at Booz Allen, Dell, NSA, CIA and many others.

The NSA report “Out of Control,” from 1996, examined the need for counterspying system administrators like Snowden. Snowden may have known of this report, and might have considered it a ruse of ruses.

Sample public keys:

Type bits/keyID Date User ID

pub 4096R/21B7141F 2013-03-24 Ed Snowden

Ed Snowden
Edward Snowden
Edward Snowden
Edward Snowden
Fingerprint=98E6 3244 07FA 26AD B358 7C95 4DB8 A088 21B7 141F

pub 4096R/21B7141F 2013-03-24
Fingerprint=98E6 3244 07FA 26AD B358 7C95 4DB8 A088 21B7 141F

uid Ed Snowden
sig sig3 21B7141F 2013-03-24 __________ __________ [selfsig]
sig sig3 21B7141F 2013-04-13 __________ __________ [selfsig]

uid Ed Snowden
sig sig3 21B7141F 2013-04-13 __________ __________ [selfsig]

uid Edward Snowden
sig sig3 21B7141F 2013-03-24 __________ __________ [selfsig]

uid Edward Snowden
sig sig3 21B7141F 2013-04-12 __________ __________ [selfsig]
sig revok 21B7141F 2013-07-16 __________ __________ [selfsig]
Note last revocation after Snowden’s releases in early June 2013.

uid Edward Snowden
sig sig3 21B7141F 2013-03-24 __________ __________ [selfsig]
sig sig3 21B7141F 2013-04-16 __________ __________ [selfsig]
sig revok 21B7141F 2013-07-16 __________ __________ [selfsig]
Note last revocation after Snowden’s releases in early June 2013.

sub 4096R/B25D8926 2013-03-24
sig sbind 21B7141F 2013-03-24 __________ __________ []

Only two other keys used boozallen.com addresses — 12 years earlier:

pub 1024D/BAE8C0A6 2001-04-16 Hayman
Fingerprint=D311 FAAA 7AA6 4263 06F0 D8A2 1749 349D BAE8 C0A6

pub 1024D/EDED4028 2000-12-05 Dan Speas
Fingerprint=CF3C E65D B30A B92E 21D8 245A 61B1 C896 EDED 4028

Multiple keys generation is sometimes an indication of keys being used for single or multiple correspondents or tasks for enhanced security.

A Booz Allen senior associate generated several keys on two days; no other bah.com keys were generated in this two-day volume:

pub 2048R/07B5ED7F 2013-03-19 Mark Eckert
Fingerprint=9AB1 0F99 9BC4 79B0 3FB0 C236 E55F B011 07B5 ED7F

pub 2048R/04FB2011 2013-03-19 Mark Eckert
Fingerprint=C247 FE8E 1E5B CF8A AE94 08FE A42B B21D 04FB 2011

pub 2048R/2FB85DA7 2013-03-19 Mark Eckert
Fingerprint=089E FB6A 45E4 8283 8D9A 4000 4CC5 6946 2FB8 5DA7

pub 2048R/20F57C2B 2013-03-19 Mark Eckert
Fingerprint=8A77 6E80 2F37 B2E1 52D0 7620 0148 90CF 20F5 7C2B

pub 2048R/0E009444 2013-03-18 Mark Eckert
Fingerprint=4779 371B 4A2C 0A45 917C 033B C741 883A 0E00 9444

However, the alleged Snowden pseudonym, Verax, generated these keys in a week, most of them on one day:

pub 4096R/0E8CD2B6 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=F606 1774 A693 72A1 8AD0 1CD7 0C4D AF57 0E8C D2B6

pub 4096R/71A3AA96 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=2B5D D0BF F454 8592 1FAF 22FB 4569 3580 71A3 AA96

pub 4096R/79B82638 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=4ECC 0702 A2E9 5FA6 2074 C7BE 574F C888 79B8 2638

pub 4096R/E87C2665 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=7F99 43F6 5CC9 BAD1 92A9 8DF8 96E6 0F93 E87C 2665

pub 4096R/C920FAA6 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=AC5E 06C5 17D0 A8C1 75D3 17F5 53B9 0192 C920 FAA6

pub 4096R/CEBFFE8D 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=22DA 0669 5202 A346 BA36 F35D 3CEB 5687 CEBF FE8D

pub 4096R/2BE0BC29 2013-05-20 Verax (Informed Democracy Front)
Fingerprint=5091 7466 B18F 35B3 F644 F700 1D0D 97F2 2BE0 BC29

pub 4096R/9DCA85F7 2013-05-19 Verax (Informed Democracy Front)
Fingerprint=BDE4 AA86 8507 1371 7793 11A8 105D A7AB 9DCA 85F7

pub 4096R/BE452B27 2013-05-13 Verax (Informed Democracy Front)
Fingerprint=134D 970C 5872 5AA6 8F2A BD75 D18D FE89 BE45 2B27

Advertisements