Security31.03.2016

The drug-dealing, weapon-selling former South African crypto king

By
Hacker

Paul Le Roux’s story reads, as the Daily Mail put it, like the tale of the villain from a James Bond movie.

Atavist magazine is running a story titled “The Mastermind” in weekly installments, with Episode 3 (He Always Had a Dark Side) connecting Le Roux to TrueCrypt.

TrueCrypt is the software Edward Snowden taught journalist Glenn Greenwald to use before leaking classfied NSA documents to him.

Born in Bulawayo on 24 December 1972 and put up for adoption without receiving a name from his mother, Le Roux lived in Mashava, Zimbabwe for the first 12 years of his life.

In 1984, four years after Robert Mugabe became Prime Minister, the Le Roux family moved to Krugersdorp.

Shortly after the move, Le Roux’s father bought him his first computer. Wing Commander, released in 1990, became his favourite game.

Before this, though, in the 1980s when he was 15, Le Roux was arrested in his family home for selling porn.

Although he was an excellent student, he hated learning Afrikaans – which he said was a dead language – and eventually dropped out of school at 16 to focus on his love for computers.

At 17 he told his parents he was moving, and left for the United Kingdom.

After he left South Africa, Le Roux became nomadic, moving from the UK to the US, and then to Australia.

Atavist reported that it traced him through an archive of posts to old online message boards, where he posted angry, sarcastic, or offensive material to troll other users.

Paul le Roux - Galeao airport security

Paul le Roux caught on a Galeao Airport security camera. Until recently, it was the only publicly-available photo of the man.

Sowing the seeds of TrueCrypt

Through the clues Le Roux left in his message board postings, Atavist connected him to Encryption for the Masses (E4M) – which he began developing in 1997.

“I have set up a company in South Africa, and am offering good-quality programming services at excellent developing-country rates,” he said on the old E4M web page.

“South Africa is a good choice for offshore programming because there are many skilled programmers, and salaries are cost effective.”

A former collaborator and employer said Le Roux was desperate for money around that time.

After a professional falling out and later reconciliation, Le Roux tried his hand at building a game engine for an online casino he wanted to launch in Canada and Romania.

By October 2002, his company was defunct and he asked for contract programming work on a Scramdisk-related security forum.

TrueCrypt was released in 2004, built on the code for E4M, with little known about the groups developing or funding the software.

Le Roux’s former colleagues at SecurStar suspected he was part of the TrueCrypt team, but couldn’t prove it.

TrueCrypt and Edward Snowden

In 2012, Edward Snowden, under the handle “Cincinnatus”, arranged a cryptoparty in Hawaii to which he invited journalist Glenn Greenwald.

There Snowden taught attendees how to use TrueCrypt, one of a few encryption programs that had resisted the NSA’s attempts to crack it.

“What Snowden and the rest of the world wouldn’t know for another two years was that Paul Le Roux, the man whose code formed the foundation of True Crypt, was at that very moment in the custody of the US government,” Atavist reported.

He faced prosecution for a number of crimes, with reports suggesting that he stood accused of everything from dealing in arms and drugs, to murder.

“The only way out was to spill his secrets,” Atavist said, ending its latest installment on Le Roux’s life.

Caught in a sting

Le Roux was nabbed in Liberia after being lured there by US Drug Enforcement Administration agents in September 2012, The Star Tribune reported.

He has been charged for an array of crimes, with links to international gun running, North Korean methamphetamines, and Somali militias.

Seven murders are listed among the charges he is on trial for in a US court in Minnesota.

The Mastermind is being published on Atavist. At the time of publication, the magazine had published the first 3 episodes of Paul Le Roux’s story.

Massive security flaw in CCTV systems

11-year-old selling cryptographically-secure passwords online

Cryptography and jailtime in SA

Hacker Batman may be out there, watching over your ADSL router

Show comments
Forum discussion

Latest news

More news

Trending news

Poll

Which large bank would you select if you had to open a new account today?

View Results

Loading ... Loading ...
Sign up to the MyBroadband newsletter