Snowden’s Lawyer Tricked Into Using Fake PGP Key to Send Email
This post could also be titled “When Hacktivists Attack (Each Other),” as the site cryptome.org publishes an email from Edward Snowden’s lawyer Jesselyn Radack to Glenn Greenwald — that was supposed to have been encrypted with PGP: Jesselyn Radack Emails Glenn Greenwald.
Alleged Jesselyn Radack Email (BG may be Barton Gellman):
Congrats on the McGill award!! I look forward to seeing you at Polks.
On that note, is my client making a surprise appearance? BG said you mentioned this to him at the Polk media event.
I won’t tell anyone, including BG, if it’s a surprise, but as his attorney, I’d like to know…and also what medium would be used (Google or the BEAMbot).
Here’s what apparently happened: Radack looked up a PGP key that was named for “Glenn Greenwald” on the MIT key server (see Greenwald’s tweet below), and used it to send this email.
But she never checked to make sure it was really Greenwald’s key. And it wasn’t. Whoever supplied Radack’s email to cryptome.org (presumably the person who created the false key) was therefore able to intercept and decrypt the email.
These are the people who think they know better than anyone else how the US should manage its national security, the people who started a media company with a side business selling security tools, the ones who like to pretend they’re experts on securing stolen NSA material — falling for a pathetically simple social engineering hack like this. They can’t even keep their own email secure.
Imagine if she had been emailing (what she thought were) encrypted NSA documents from Edward Snowden to Glenn Greenwald, and also sending them to an unknown third party.
What’s even more hilarious is that after it became obvious Radack had been tricked into using a false PGP key, she went back and deleted several tweets in which she admitted she did send the email and complained that Cryptome was being unfair to her. Favstar still has a copy of one:
Here’s Greenwald’s only comment, uncharacteristically terse; notice that he somehow fails to mention Snowden’s lawyer actually used this key:
FYI - this is a fake PGP key that someone created http://t.co/MueZoKJqIV
Here’s a screenshot showing more of the tweets Radack deleted when she realized what had happened: