To say the VeraCrypt audit, which begins today, got off to an inauspicious start would be an understatement.
On Sunday, two weeks after the announcement that the open source file and disk encryption software would be formally scrutinized for security vulnerabilities, executives at one of the firms funding the audit posted a notice that four emails between the parties involved had been intercepted.
“We have now had a total of four email messages disappear without a trace, stemming from multiple independent senders. Not only have the emails not arrived, but there is no trace of the emails in our ‘sent’ folders. In the case of OSTIF, this is the Google Apps business version of Gmail where these sent emails have disappeared,” the post to the Open Source Technology Improvement Fund (OSTIF) website read. “This suggests that outside actors are attempting to listen in on and/or interfere with the audit process.”