Cyber Incident Victim: Cryptome

On September 15, 2015, Cryptome founder John Young discovered encrypted material in plaintext, indicating a compromise of his PGP public keys. The following day, September 16, Young publicly revoked multiple PGP key pairs associated with himself and Cryptome through a site statement, though he clarified that only announced keys were affected while "many more remain intact." Young declined to disclose specifics about the compromised material or the exact method of breach, citing concerns it could be "a ruse, diversion, or decoy to conceal other breach(es)." He initiated efforts to determine the attack's origin, suggesting a potential breach of "an isolated secure storage medium" while emphasizing the time frame and attribution remained under investigation. Cryptome's Twitter account confirmed the organization used multiple information security systems beyond PGP, including one-time keys not stored on "manipulable key servers" or vulnerable Web of Trust (WoT) frameworks, to limit exposure.

The incident was later linked to Young’s architectural work on the New York City No. 7 Subway Line Extension project, which involved hundreds of designers with access to restricted files. Young clarified that Cryptome’s own passphrases remained secure and described the key revocation as precautionary. No operational disruption to Cryptome’s whistleblowing activities was reported, though Young highlighted the event underscored the need for continuous verification of infosec systems—a skepticism central to Cryptome’s ethos. No further technical details about attacker actions, containment measures beyond revocation, or forensic findings were disclosed publicly. Young committed to sharing attribution details if uncovered but did not provide subsequent updates in the available source material.