API tools faq
paste
Guest User

Hacked Protonmail

a guest
Nov 19th, 2018
405
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 9.84 KB | None | 0 0
raw download clone embed print report
  1. -----BEGIN PGP SIGNED MESSAGE-----
  2. Hash: SHA256
  3.  
  4. Good Morning. This is part 2 in the “Protonmail Hacked” series. Part 1 can be found here: https://pastebin.com/bwvqHhbA
  5.  
  6. I am sending this email to clarify a few points.
  7.  
  8. In our opinion the only evidence that will guarantee to everyone that we 100% possess Protonmail’s data is if we revealed secret but verifiable information only contained in encrypted emails. Any other revealed data will be denied or difficult to trust. We have shown this type of data to Protonmail privately. We told them details about nuclear research locations, drone capabilities and underwater mine technologies. We also shared with them conversations between military contractor statements regarding the Syria Chemical attacks. Additionally we have shared specific companies that have directors and board members who sexually mistreat children. We could not know any of this without access to Protonmail’s servers. Protonmail never disagreed with us when we revealed this to them. Then they censored us when we tried to publish it. Now they are asking all law enforcement agencies to discover us. Are these the actions of someone who has nothing to worry about?
  9.  
  10. We have been asked very intelligent questions and I want to fully address them. Protonmail has stated that our exploit is bullshit. I would like to clarify that truth is something that can be reviewed in detail and will stand up to scrutiny. I would be happy to provide a detailed response because what I have said is true.
  11.  
  12. 1. Any developer can review Protonmails code themselves and detect that it is been intentionally mis-configured. In fact several security researchers have already said this officially. To simplify this statement – Protonmail has the ability to send malicious code designed to reveal their own users decryption key and identity to them. They can show code in github but send a user different malicious code. They are many easy solutions Protonmail could implement that would provide full security for their users. I would be happy to tell Protonmail how to solve this but we dont do work for free and they haven't paid us for our work thus far. However they are owned by an American company some people think is a shell company for the CIA so I dont think they will be allowed to close this backdoor.
  13. 2. Is Protonmail saying they accidentally mis-configured their own code in a way that allows their users decryption key and identity to be revealed? If that is the truth then they are admitting to the world they posses low intellectual capacity and don't understand their own product.
  14. 3. Is Protonmail saying that it is not possible to compromise their server? Protonmail has publicly stated on their own site that it IS possible to compromise their servers however they clarified they have made it difficult.
  15. 4. Are they saying they are not bound by the Swiss MLAT data sharing laws? If they do not send all their data to the Americans they are breaking the law and they are criminals. Are they saying they are criminals?
  16. 5. Are they denying they are owned by a American corporation? It is public knowledge that they state on their website itself. Mind you – this American company has several former NSA/CIA/FBI employees. Suspicious?
  17. 6. Are they saying they do not have direct connections and open cooperation with American agencies and corporations? Lets review this…. They are legally required to share data with the US government, they are owned by a American corporation, they have a backdoor that is proven to be used by Protonmail against their users. Furthermore when we revealed this to them on social media they had the ability to censor us.
  18.  
  19.  
  20. I would also like to take this opportunity to point out that Protonmail has a history of never publishing vulnerabilities or leaks. This is because they are not selling real security. Protonmail sells the idea of security. It is a magic trick. There have been many people who have reported vulnerabilities to Protonmail and you’ll see that Protonmail silences those people.
  21.  
  22. We obviously enjoy a certain level of risk because it provides variety and excitement to life. Last weak a team member mistakenly revealed personal data about himself. We also intentionally created a puzzle for them to solve that we sent to them via the support tickets. Solving the puzzle will supply them with all of our last names. If they catch us before the deadline we will congratulate them. They can not frighten us by telling us law enforcement is after us, we enjoy it.
  23.  
  24. They have asked the assistance of every Law Enforcement agency they can contact. If we have none of their data – why do they ask for all agencies help? It is because we have significant amounts of their data, they know it and they want it back desperately. They are currently searching all the facilities our server racks could reside in. If they get their data back then we will also congratulate them. In that situation they prove their superiority to us and we will give them the credit they are due.
  25.  
  26. The truth is they will never admit to this hack. They will always deny that it happened because if they agree that it happened they are stating that they intentionally betrayed their users.
  27.  
  28. Some of you have asked privately if your private data can be kept out of the public eye. We reviewed this as a team. Previously we stated we would post it all however we have reconsidered and decided not to share normal user’s private data. However we will offer keywords for sale and if any of your emails can be grouped in those keywords they will be sold. It will be interesting to see if Protonmail is willing to pay to protect their users.
  29.  
  30. We win either way. If Protonmail pays to protect their users, we win. If they choose not to protect their users then we also win because we will sell that data.
  31.  
  32. Deadline 23 November 12:00 UTC
  33. AmFearLiathMor
  34. fearliath@msgden.com
  35. -----BEGIN PGP SIGNATURE-----
  36.  
  37. iQIzBAEBCAAdFiEEKv8hb5r+/k39o6RSvDpnUscGhvEFAlvvzpoACgkQvDpnUscG
  38. hvHvow//TUedg7RbhGlLjp/Mxfve7p3VthITfjqR2LpaIKnWhH+2qhHJEcHjtYe8
  39. Y/r3TLBKmOBtf5NnR4TaXp84r8P7SFxmLNQGKTP0HGNvEw84DhkZNL6QEX1Mfijr
  40. xQYz+BFF95X+uFJRXqcJKG3P0sVqHni2721EVF3HTGP3R366+6qUqnFjVqVbgpov
  41. mdXHjaIzfXCwac5TFM0yVqdBGYAsjT3mbOXmR9Hac0w672Jqz9Dgmu7VxpcYVlXq
  42. uZZdVUj6jJXYWKNGs7CQs537g9emy6hd3IKyEa89J1WeMWkRpulnXQ7BMdWPOPCg
  43. M8YwxuQsa394KzQ2MB0Qh5OspqCLWp9DyxIOGzOCSvZClTcY5UGClK0MeN9xUrpA
  44. beh/f7CaF3PwurVDC/d0IIfuxzHGR5qtCcKkA5VdMSDdAhMvJl2e3gN3sANmz/jP
  45. 1tJ68DNjQCP4tv1eW0uuU3OLGX1Aa0BxmnLwzilXkyDG+8/JJB+UVs7jEa0QjHRo
  46. z5inRP21LIwUSmFSh33KbwaKZq4c7OzFeTyFtUUrVieitu+XGC9pFiA0xKhmNikT
  47. L6PYaaAK++FHQT52dUEE73a8QkyzKbrwO76MO8Om4sG2IckzDI0FG0DqrbsKdwtk
  48. Z/IA+wENuCPdZHj3imA3iKWN8gFKQ6a6JwTZHNKdw8vKz9K2t0E=
  49. =uB22
  50. -----END PGP SIGNATURE-----
  51.  
  52.  
  53.  
  54. -----BEGIN PGP PUBLIC KEY BLOCK-----
  55.  
  56. mQINBFvtA2QBEACocqKKYdGE73V7RevyRfEF3ue+LZduFJkv9fPWmieDFBBR2hAb
  57. PTWq37UNnfSlGL9QkCgl2C3aGDLiwJxIocaHAGfQ10ctnr687iZNAa/PeQ6jHR9s
  58. zoXb7UBkjiNz1kBN+SJU0Hi6or159TrirdKiioaVD04TmeLQu7taNrzXPpITg0pF
  59. O8DBssm7OxHCx1K+5dIYfu0Z24S26SLeLh0lyqtXN0PT62nd6rAErwdEt56znJuA
  60. F46zD6qdTuYKlSUGxQCR8TJrDj6p566BCo8cK7GIk6mB6mBEm5TWBhjqBqGkgYz4
  61. xZwQ4VUR4bLuOOvT91CQuPIYvaRF5mszIxtdvSv47ij8idkNdAfA133IbkFaOkU3
  62. GlM2o2Bh3/5krGJ5sD0GqVHcXv87INqyOOwN7zIFWCx3K/U8e4WhBCamtKF/XjbI
  63. pEaQ6zjN788EMo/T6w24Txhji2nO/DAUMi5k9MzfrXA35BGoWLF62KIxzpiQvL+P
  64. NDRKt+Fwa9xPbJBeyDsUqp2g0LwGO1W1YL6sX2L2Yjk1T9BvN33w+jYD70oivIcF
  65. hBkwdyFd7lsYD0ODRSWkwUaHNn4qcQYSG4CdFHA2BNgFtYXQIh8jYYmy3WFjiYDN
  66. A6vj+P4fHtwMXt9cDd74IJAl1LsQRVN7Ostr4QZvDgoaB9FK80RAedPOLQARAQAB
  67. tCxBbUZlYXJMaWF0aE1vciA8QW1GZWFyTGlhdGhNb3JAbm8tcmVwbHkuY29tPokC
  68. TgQTAQgAOBYhBCr/IW+a/v5N/aOkUrw6Z1LHBobxBQJb7QNkAhsjBQsJCAcCBhUI
  69. CQoLAgQWAgMBAh4BAheAAAoJELw6Z1LHBobxWjkQAJSHdPo1Ksx2kf0VqGjuQmjc
  70. eLTSjsWbT/k88VeeNtwnWjWoYy7TuGDNsPkC+jAcItCixgFfNDySe7L1rQmdAlN/
  71. bQgmjtV1mGq/fQliTWUbuzVYaYJwTBv1sDery2vzQD4G4GcDKfNMfsUVfp0UlwB0
  72. rZZA4jmoo/58F5LETr4NzYQVwUCMfCUDmoMCcVCxjoKCdueR0MIRjl53RDpoh9+n
  73. yZwhWvU4P8vtxNKxJGXQAVwH8ARV0xAH3zbMtZB8RXoKi2369PTO6Pvqjf8p4YOS
  74. SX1vZT6fLrf5jin6VxULluxR8FDvqQaCelQH7WGWLJksZhYC/wv+h0EtIXrGJMSQ
  75. 1dwjkdvWSvEWCDWyGn/XuHlJK/lkkOMtcBv/v1D5LuuKUVRtsVQs/ujOoaRpXND2
  76. mxEvb8BvOkvnKdmNqp+y6cy1TSk0G381Yder/3sIqw1IrZe1N3w9z30RXCH3MB4C
  77. ljAD03/ja9YVwSp6Lp5JsBUiG0xM4/kKMTDSVhUj2ID14UutrcP4hx3HkYxUNdyS
  78. m9mHFpYk/ITCS0tQa10EL/IXpmcOAldt3hCcIbVok+pdlm5cQXDmGh9uOsamnMi3
  79. symoLOLalQv81kIi590WDzNI4WyYZSaHglfnG5Vuw8AeSPN4mpNgGOTGv+BOMeAW
  80. J4NZA1Ahd4NgHROkkW9EuQINBFvtA2QBEADnx4yEy2271RBb+aH1X3OQ/8rzY4lg
  81. Y36S8N7GbUMz4EYb0LxlFOARe5VWsox0CJrWifRF6ipS22qRaC/lF36EIZTfxzz+
  82. kMXMHuvBGKeSxyIyb2M9VuwUgib30mcs2yVBMYoC/qp2k3VYisBB+L3xrED+I56F
  83. 2GAaajZ/901rF7+91mHU4HsJ/3OtsXE+r/6U+B9Z9ohgnG4Y8CvtvFPOBq2QOup6
  84. PzCsSHucrJAPwN0Hcqbythf8WtEDDxiV/XCm7fzr11+t3pnAMy7FqQOKWyr8JF8h
  85. M16+CYH0Dw1ARj7fqiX9/FKHdcWk7qjKi4grS8i924o9f3FG+lZdMQF4ev8W39YR
  86. KMmUwJvGku2w6Ah5BJ8tv7n6HRP56AHCpE1aee6Q/80WgEym2BfdSn+D8B7iZGSX
  87. uOHKq/qUYstRbu6+Yg3FUJMFwg51gmmYDoaFL5WJC0y+i6bNPPbsBuHR2O89Aqoe
  88. g8eF59j23CoMrcwUharOyBdBnf7mflMbChJmX46Ayb7JJ0aEISRre+V2gxfZROXI
  89. i28ikW93fW9o+erbZBnfJndz/0DnszBg+/ZVg7v7uoOPLUOt9hIfrLdkVYKM6Fqu
  90. n1ufBtFWeC4aedBTjZls8yS1xHDsP5bNI8G5aUnQ3w+wqs7IfME0A+ESUQsHZmBn
  91. 547aJHSwG7g8MQARAQABiQI2BBgBCAAgFiEEKv8hb5r+/k39o6RSvDpnUscGhvEF
  92. AlvtA2QCGwwACgkQvDpnUscGhvF+/RAAiUL6h+Hlzp5Gb/OPO5Yqk9JMSttX9XKz
  93. wK/ytkxYQoXfRaRM9zUdFcX5avXoUD2m9vD5Ev8erYyP8UQpGaHEhT1dYgX+nMzT
  94. sVqAHMAGlVi9kuA47Azvji5zB/MrNErC8vxNxXBikuY3Zee61J3rWLtUdUKBjMpY
  95. TvyU1FbOpoO9wPmcN4D4k1JtcfRl744VtFwG0Mz2Q1nOB3cBq2KIxcGuhj9oH53c
  96. C1HikHTOajY0olxuVJbLB5DK+fhMSKW46UbqNUvyrHRo9M0E9gZKBbbI06SyxUCF
  97. cbUNjb+2FFM0IqPhZSyTAR15SoknEQnshfGGY3Mws18MAZop2hak9zsnsb2xPtNa
  98. n/CkLbCIjEWdtOrudFBxD+KeuAbpPUQt0VBTOYiFgbeGHExltwJovqYUIRi+2R0D
  99. o0bRxX5+prwis6QdEdQDw01F/PJSdAHXf5Ej4enRheoDT0wRdXJhTTGC/ZF/2JeH
  100. FwSKelMuqRNK5XUzMKc9Jw9ls5qzHtg8Nh8OnWSgMse4cv28f3YXcUWhrco0i7Te
  101. 7zml+moFs5nWTjVJnxhUkY8AuyIMnU4POg2L7ISeFf4QpkWnhsW85BhIqYL7ruaf
  102. jUBGz1ryDXozBGNYgcwQVJGKmgD5i4PrzwiFygSRsrm5scvtYN48G5fjkJQLQx/6
  103. SFeK6Yg85bw=
  104. =cYqN
  105. -----END PGP PUBLIC KEY BLOCK-----
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!