Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- -----BEGIN PGP SIGNED MESSAGE-----
- Hash: SHA256
- Good Morning. This is part 2 in the “Protonmail Hacked” series. Part 1 can be found here: https://pastebin.com/bwvqHhbA
- I am sending this email to clarify a few points.
- In our opinion the only evidence that will guarantee to everyone that we 100% possess Protonmail’s data is if we revealed secret but verifiable information only contained in encrypted emails. Any other revealed data will be denied or difficult to trust. We have shown this type of data to Protonmail privately. We told them details about nuclear research locations, drone capabilities and underwater mine technologies. We also shared with them conversations between military contractor statements regarding the Syria Chemical attacks. Additionally we have shared specific companies that have directors and board members who sexually mistreat children. We could not know any of this without access to Protonmail’s servers. Protonmail never disagreed with us when we revealed this to them. Then they censored us when we tried to publish it. Now they are asking all law enforcement agencies to discover us. Are these the actions of someone who has nothing to worry about?
- We have been asked very intelligent questions and I want to fully address them. Protonmail has stated that our exploit is bullshit. I would like to clarify that truth is something that can be reviewed in detail and will stand up to scrutiny. I would be happy to provide a detailed response because what I have said is true.
- 1. Any developer can review Protonmails code themselves and detect that it is been intentionally mis-configured. In fact several security researchers have already said this officially. To simplify this statement – Protonmail has the ability to send malicious code designed to reveal their own users decryption key and identity to them. They can show code in github but send a user different malicious code. They are many easy solutions Protonmail could implement that would provide full security for their users. I would be happy to tell Protonmail how to solve this but we dont do work for free and they haven't paid us for our work thus far. However they are owned by an American company some people think is a shell company for the CIA so I dont think they will be allowed to close this backdoor.
- 2. Is Protonmail saying they accidentally mis-configured their own code in a way that allows their users decryption key and identity to be revealed? If that is the truth then they are admitting to the world they posses low intellectual capacity and don't understand their own product.
- 3. Is Protonmail saying that it is not possible to compromise their server? Protonmail has publicly stated on their own site that it IS possible to compromise their servers however they clarified they have made it difficult.
- 4. Are they saying they are not bound by the Swiss MLAT data sharing laws? If they do not send all their data to the Americans they are breaking the law and they are criminals. Are they saying they are criminals?
- 5. Are they denying they are owned by a American corporation? It is public knowledge that they state on their website itself. Mind you – this American company has several former NSA/CIA/FBI employees. Suspicious?
- 6. Are they saying they do not have direct connections and open cooperation with American agencies and corporations? Lets review this…. They are legally required to share data with the US government, they are owned by a American corporation, they have a backdoor that is proven to be used by Protonmail against their users. Furthermore when we revealed this to them on social media they had the ability to censor us.
- I would also like to take this opportunity to point out that Protonmail has a history of never publishing vulnerabilities or leaks. This is because they are not selling real security. Protonmail sells the idea of security. It is a magic trick. There have been many people who have reported vulnerabilities to Protonmail and you’ll see that Protonmail silences those people.
- We obviously enjoy a certain level of risk because it provides variety and excitement to life. Last weak a team member mistakenly revealed personal data about himself. We also intentionally created a puzzle for them to solve that we sent to them via the support tickets. Solving the puzzle will supply them with all of our last names. If they catch us before the deadline we will congratulate them. They can not frighten us by telling us law enforcement is after us, we enjoy it.
- They have asked the assistance of every Law Enforcement agency they can contact. If we have none of their data – why do they ask for all agencies help? It is because we have significant amounts of their data, they know it and they want it back desperately. They are currently searching all the facilities our server racks could reside in. If they get their data back then we will also congratulate them. In that situation they prove their superiority to us and we will give them the credit they are due.
- The truth is they will never admit to this hack. They will always deny that it happened because if they agree that it happened they are stating that they intentionally betrayed their users.
- Some of you have asked privately if your private data can be kept out of the public eye. We reviewed this as a team. Previously we stated we would post it all however we have reconsidered and decided not to share normal user’s private data. However we will offer keywords for sale and if any of your emails can be grouped in those keywords they will be sold. It will be interesting to see if Protonmail is willing to pay to protect their users.
- We win either way. If Protonmail pays to protect their users, we win. If they choose not to protect their users then we also win because we will sell that data.
- Deadline 23 November 12:00 UTC
- AmFearLiathMor
- fearliath@msgden.com
- -----BEGIN PGP SIGNATURE-----
- iQIzBAEBCAAdFiEEKv8hb5r+/k39o6RSvDpnUscGhvEFAlvvzpoACgkQvDpnUscG
- hvHvow//TUedg7RbhGlLjp/Mxfve7p3VthITfjqR2LpaIKnWhH+2qhHJEcHjtYe8
- Y/r3TLBKmOBtf5NnR4TaXp84r8P7SFxmLNQGKTP0HGNvEw84DhkZNL6QEX1Mfijr
- xQYz+BFF95X+uFJRXqcJKG3P0sVqHni2721EVF3HTGP3R366+6qUqnFjVqVbgpov
- mdXHjaIzfXCwac5TFM0yVqdBGYAsjT3mbOXmR9Hac0w672Jqz9Dgmu7VxpcYVlXq
- uZZdVUj6jJXYWKNGs7CQs537g9emy6hd3IKyEa89J1WeMWkRpulnXQ7BMdWPOPCg
- M8YwxuQsa394KzQ2MB0Qh5OspqCLWp9DyxIOGzOCSvZClTcY5UGClK0MeN9xUrpA
- beh/f7CaF3PwurVDC/d0IIfuxzHGR5qtCcKkA5VdMSDdAhMvJl2e3gN3sANmz/jP
- 1tJ68DNjQCP4tv1eW0uuU3OLGX1Aa0BxmnLwzilXkyDG+8/JJB+UVs7jEa0QjHRo
- z5inRP21LIwUSmFSh33KbwaKZq4c7OzFeTyFtUUrVieitu+XGC9pFiA0xKhmNikT
- L6PYaaAK++FHQT52dUEE73a8QkyzKbrwO76MO8Om4sG2IckzDI0FG0DqrbsKdwtk
- Z/IA+wENuCPdZHj3imA3iKWN8gFKQ6a6JwTZHNKdw8vKz9K2t0E=
- =uB22
- -----END PGP SIGNATURE-----
- -----BEGIN PGP PUBLIC KEY BLOCK-----
- mQINBFvtA2QBEACocqKKYdGE73V7RevyRfEF3ue+LZduFJkv9fPWmieDFBBR2hAb
- PTWq37UNnfSlGL9QkCgl2C3aGDLiwJxIocaHAGfQ10ctnr687iZNAa/PeQ6jHR9s
- zoXb7UBkjiNz1kBN+SJU0Hi6or159TrirdKiioaVD04TmeLQu7taNrzXPpITg0pF
- O8DBssm7OxHCx1K+5dIYfu0Z24S26SLeLh0lyqtXN0PT62nd6rAErwdEt56znJuA
- F46zD6qdTuYKlSUGxQCR8TJrDj6p566BCo8cK7GIk6mB6mBEm5TWBhjqBqGkgYz4
- xZwQ4VUR4bLuOOvT91CQuPIYvaRF5mszIxtdvSv47ij8idkNdAfA133IbkFaOkU3
- GlM2o2Bh3/5krGJ5sD0GqVHcXv87INqyOOwN7zIFWCx3K/U8e4WhBCamtKF/XjbI
- pEaQ6zjN788EMo/T6w24Txhji2nO/DAUMi5k9MzfrXA35BGoWLF62KIxzpiQvL+P
- NDRKt+Fwa9xPbJBeyDsUqp2g0LwGO1W1YL6sX2L2Yjk1T9BvN33w+jYD70oivIcF
- hBkwdyFd7lsYD0ODRSWkwUaHNn4qcQYSG4CdFHA2BNgFtYXQIh8jYYmy3WFjiYDN
- A6vj+P4fHtwMXt9cDd74IJAl1LsQRVN7Ostr4QZvDgoaB9FK80RAedPOLQARAQAB
- tCxBbUZlYXJMaWF0aE1vciA8QW1GZWFyTGlhdGhNb3JAbm8tcmVwbHkuY29tPokC
- TgQTAQgAOBYhBCr/IW+a/v5N/aOkUrw6Z1LHBobxBQJb7QNkAhsjBQsJCAcCBhUI
- CQoLAgQWAgMBAh4BAheAAAoJELw6Z1LHBobxWjkQAJSHdPo1Ksx2kf0VqGjuQmjc
- eLTSjsWbT/k88VeeNtwnWjWoYy7TuGDNsPkC+jAcItCixgFfNDySe7L1rQmdAlN/
- bQgmjtV1mGq/fQliTWUbuzVYaYJwTBv1sDery2vzQD4G4GcDKfNMfsUVfp0UlwB0
- rZZA4jmoo/58F5LETr4NzYQVwUCMfCUDmoMCcVCxjoKCdueR0MIRjl53RDpoh9+n
- yZwhWvU4P8vtxNKxJGXQAVwH8ARV0xAH3zbMtZB8RXoKi2369PTO6Pvqjf8p4YOS
- SX1vZT6fLrf5jin6VxULluxR8FDvqQaCelQH7WGWLJksZhYC/wv+h0EtIXrGJMSQ
- 1dwjkdvWSvEWCDWyGn/XuHlJK/lkkOMtcBv/v1D5LuuKUVRtsVQs/ujOoaRpXND2
- mxEvb8BvOkvnKdmNqp+y6cy1TSk0G381Yder/3sIqw1IrZe1N3w9z30RXCH3MB4C
- ljAD03/ja9YVwSp6Lp5JsBUiG0xM4/kKMTDSVhUj2ID14UutrcP4hx3HkYxUNdyS
- m9mHFpYk/ITCS0tQa10EL/IXpmcOAldt3hCcIbVok+pdlm5cQXDmGh9uOsamnMi3
- symoLOLalQv81kIi590WDzNI4WyYZSaHglfnG5Vuw8AeSPN4mpNgGOTGv+BOMeAW
- J4NZA1Ahd4NgHROkkW9EuQINBFvtA2QBEADnx4yEy2271RBb+aH1X3OQ/8rzY4lg
- Y36S8N7GbUMz4EYb0LxlFOARe5VWsox0CJrWifRF6ipS22qRaC/lF36EIZTfxzz+
- kMXMHuvBGKeSxyIyb2M9VuwUgib30mcs2yVBMYoC/qp2k3VYisBB+L3xrED+I56F
- 2GAaajZ/901rF7+91mHU4HsJ/3OtsXE+r/6U+B9Z9ohgnG4Y8CvtvFPOBq2QOup6
- PzCsSHucrJAPwN0Hcqbythf8WtEDDxiV/XCm7fzr11+t3pnAMy7FqQOKWyr8JF8h
- M16+CYH0Dw1ARj7fqiX9/FKHdcWk7qjKi4grS8i924o9f3FG+lZdMQF4ev8W39YR
- KMmUwJvGku2w6Ah5BJ8tv7n6HRP56AHCpE1aee6Q/80WgEym2BfdSn+D8B7iZGSX
- uOHKq/qUYstRbu6+Yg3FUJMFwg51gmmYDoaFL5WJC0y+i6bNPPbsBuHR2O89Aqoe
- g8eF59j23CoMrcwUharOyBdBnf7mflMbChJmX46Ayb7JJ0aEISRre+V2gxfZROXI
- i28ikW93fW9o+erbZBnfJndz/0DnszBg+/ZVg7v7uoOPLUOt9hIfrLdkVYKM6Fqu
- n1ufBtFWeC4aedBTjZls8yS1xHDsP5bNI8G5aUnQ3w+wqs7IfME0A+ESUQsHZmBn
- 547aJHSwG7g8MQARAQABiQI2BBgBCAAgFiEEKv8hb5r+/k39o6RSvDpnUscGhvEF
- AlvtA2QCGwwACgkQvDpnUscGhvF+/RAAiUL6h+Hlzp5Gb/OPO5Yqk9JMSttX9XKz
- wK/ytkxYQoXfRaRM9zUdFcX5avXoUD2m9vD5Ev8erYyP8UQpGaHEhT1dYgX+nMzT
- sVqAHMAGlVi9kuA47Azvji5zB/MrNErC8vxNxXBikuY3Zee61J3rWLtUdUKBjMpY
- TvyU1FbOpoO9wPmcN4D4k1JtcfRl744VtFwG0Mz2Q1nOB3cBq2KIxcGuhj9oH53c
- C1HikHTOajY0olxuVJbLB5DK+fhMSKW46UbqNUvyrHRo9M0E9gZKBbbI06SyxUCF
- cbUNjb+2FFM0IqPhZSyTAR15SoknEQnshfGGY3Mws18MAZop2hak9zsnsb2xPtNa
- n/CkLbCIjEWdtOrudFBxD+KeuAbpPUQt0VBTOYiFgbeGHExltwJovqYUIRi+2R0D
- o0bRxX5+prwis6QdEdQDw01F/PJSdAHXf5Ej4enRheoDT0wRdXJhTTGC/ZF/2JeH
- FwSKelMuqRNK5XUzMKc9Jw9ls5qzHtg8Nh8OnWSgMse4cv28f3YXcUWhrco0i7Te
- 7zml+moFs5nWTjVJnxhUkY8AuyIMnU4POg2L7ISeFf4QpkWnhsW85BhIqYL7ruaf
- jUBGz1ryDXozBGNYgcwQVJGKmgD5i4PrzwiFygSRsrm5scvtYN48G5fjkJQLQx/6
- SFeK6Yg85bw=
- =cYqN
- -----END PGP PUBLIC KEY BLOCK-----
Add Comment
Please, Sign In to add comment