DataGateKeeper (aka MyDataAngel.com) is no longer “impenetrable” but now “engineered”

If you look at the original KickStater (via this Archive.org link), you’ll have seen it showing the following:

Screen Shot 2016-06-03 at 13.11.06

Now it has been edited to show that it is no longer “impenetrable”, but “engineered”:

Screen Shot 2016-06-03 at 13.10.55

There have been several other changes to the KickStarter as well.

This was the original text with their take on the “backdoors” in AES:

In the late 1990’s, AES, while under ‘well-intentioned’ government oversight, somehow, a ‘back-door’ found its way into this ‘approved’ data security solution, — as has been widely reported. The unintended consequences of this back-door allows for complete access to your data, without your permission, to data monitoring, data-mining and active eavesdropping.  Effectively, voiding your right to privacy and confidently. So common is this practice it has a name: Active Snooping.

Now it has been changed to “flaws”:

In the late 1990’s, while under ‘well-intentioned’ government oversight, flaws found their way into this ‘approved’ data security solution, — as has been widely reported (see, notes below). The unintended consequences of these flaws allows for complete access to your private and confidential data, without your permission, promoting underground data monitoring, data-mining and active eavesdropping. So common is this practice it has a name: Active Snooping.

This paragraph has been removed:

Simply, ‘the other guys’ use standard SSL (Secure Sockets Layer), and the failing AES, in an attempt to secure your Privacy & Confidentiality. The same data security hackers took advantage of in the breach of Target, Home Depot, iCloud, Sony, Anthem…you get the idea. You Deserve Better.

What replaced it was the last sentence.

In an attempt to make themselves appear as if they’re trying to be more open, they decide to remove the tripe about the levels of encryption and replace it with some story about their plans to improve the software.

The R&D Plan

To build the DataGateKeeper, we disassembled and reverse engineered several automated password cracking software programs. This was to understand their procedural sequence and methodologies related to code acquisition, code cracking, or as it is known, hashed access to code and source. Additionally, we decompiled these programs to gain insight on hacking software’s proclivity to exploit weakness in cycle rates, including their integrated and powerful automation multipliers, and natural GPU processor affinity. Following months research we had what we needed to protect you.

This seems like complete nonsense. If you had read the previous expose we’ve done on this KickStarter, this project has been floating about for years and has changed hands a handful of times. At no point have we seen any evidence that they’ve spent any time researching any automated password cracking applications.

Furthermore, that second last sentence? It doesn’t make any sense and reads like something akin to out of Reddit’s VX Junkies. Much of the above existed when it was just labeled as “The Math” which is no longer on the page.

Validation Plan

Now that our cryptographic module is complete, we plan to submit our DataGateKeeper module for independent validation the sooner of; official final publication of the NIST pronouncement on the Federal Register seeking comment to portions of 19790 (deemed 19790:2014), to update 140-2, or, the official abandonment of such update. We plan to use Underwriters Laboratory (UL), however, there are several certified laboratories performing FIPS certification. Following validation and patent (currently, we rely on trade secret to protect our algorithm) we will release our algorithm to the select members of the cryptographic community for further development and analysis under a very specific set of guidelines which we will solely determine.

Oh. There’s a patent-pending for this or are you still keeping this close to your chest? I did a cursory search on Google Patents using various names and keywords relating to this project and nothing has come up for anything relating to this encryption suite of yours.

You tend to rag on AES encryption here yet mention nothing else. If you have looked at the 140-2 validation list, you’ll notice that you’re facing an uphill battle to get your fancy, never-before-seen cipher validated.

Open Source

Before you ask or comment, we have no plans to release any portion or portions of our code as Open Source. Those of you in the software community who are Open Source advocates are welcome to invest your time, effort and capital to develop a competitive data security solution and release it as Open Source…we encourage it. Go getem’ champs.

I’m certain that if you ever release this software that we’ll figure out how to decipher it without much effort.

Vulnerability Coordination & Bug Bounty Platform

We are currently coordinating efforts to provide the DataGateKeeper under strict guidelines to one or more vulnerability coordination platforms, such as Hackerone. Our plan includes inviting, predetermined, preselected software testers to leverage their skills and creativity to undertake periodic reviews of our data security solution to inspect for vulnerabilities and assist us future planning and software updates. We will use this form of Bug Bounty Platform to provide independent testers a voice to aid us in future developments and testing before updates are published.

Don’t see you listed on HackerOne yet.

They’ve also changed who they’re going to give part of the proceeds post KickStarter to. Here’s the original statement:

MyDataAngel.com is proudly participating in Kicking It Forward Initiative, promising to pledge 5% of its post-release profit to other Kickstarter projects.

And now they’re just going to give their software to an organization of a backer’s choice instead of money to Kicking It Forward:

When you visit our website you will see we plan to make available, two versions of our DataGateKeeper software. One available here on Kickstarter, our Civilian version, at 512-bit, and a second 768-bit version for our First Responders, Active Duty and retired Military personnel. We designed the 768-bit version of the DataGateKeeper for those individuals who protect us and run into danger so we don’t have to.

As a thank you to you and the Kickstarter community for supporting us, for every reward pledge we receive for our DataGateKeeper software during this campaign. We will award a complimentary lifetime subscription of our 768-bit First Responder DataGateKeeper Software including 500GB of our SafeDataZone in your name to one of the organizations listed in our post campaign survey, tending to the people who protect our lives and our liberty. They should not have to worry about data theft when their mission is far greater.

Support “are” troops right? Nothing says patriotism like shoving bogus crapware on to veterans.

In a (not so) surprising move, they’ve went and removed any details about themselves from the KickStarter minus a few quips remaining in the bottom text. For posterity, here’s a mirrored copy:

fb8a8a22dfed1a15035616240d143a14_original

Again, these people are:

  • Raymond Talarico, CEO
  • Debra Towsley, President (and wife of Raymond)
  • Frank Ruppen, Chief Strategy Office
  • Joshua Noel, Creative Director
  • Loreena Stanga, Cat Herder & Code Management
  • Jensen Dillard, Data Angel Host
  • Steve Talbot, Advisory Board
  • Chad Thilborger, Data Angel & Host
  • David Smith, Advisory Board
  • Frankie, Data Angel & Celebrity

If you’re trying to make yourselves seem more legitimate, removing details about who is on your team late in the game is not a way to do it.

DataGateKeeper: The FIRST Impenetrable Anti-Hacking Software -- Kicktraq Mini

If this makes it to the $20,000 by the end of the campaign, they’ve had someone pump it.