The leaked Vulcan Papers are out now.[1]
This looks like a joke. On Scan V4 (page 15) you see an "encryption" method.
Instead of using good crypto libs, they rather use XOR.
Is that, what you get, when everyone with a bit of knowledge fell of a window?
To be honest. I don't fear people who have no real capabilities. Everything looks like a bunch of script kiddies who had bought a few Zerodays.
Let's see:
public static void xorFile(@Nonnull File file, @Nonnull String dest, @Nonnull byte[] password) throws IOException
{
FileInputStream is = new FileInputStream(file);
FileOutputStream os = new FileOutputStream(dest);
byte[] data = new byte[4096];
int read = is.read(data), index = 0;
while (read != -1) {
for (int k = 0; k < read; k++) {
data[k] ^= password[index % password.length];
index++;
}
os.write(data, 0, read);
read = is.read(data);
}
os.flush();
os.close();
is.close();
}
The code quality is not state-of-the-art.
Furthermore - this piece of code doesn't make sense to me. Why they are reading only 4096 byte per line?
The rest will be truncated? So if it,s a one-liner they store rubbish at last.
And the iteration is very outdated. It looks like someone copied it from Stackoverflow.com.
Since JAVA 1.8 nobody would do that.
To be honest - there is no reason to fear those people.
[1] DocumentCloud.org: paper trail media's Documents