Stories
Slash Boxes
Comments

SoylentNews is people

posted by n1 on Sunday May 07 2017, @03:11AM   Printer-friendly
from the cheap-at-twice-the-price dept.

Here's an extra story related to FBI Director Comey's questioning on Wednesday. It's a piece of "classified information":

Sen. Dianne Feinstein, the top Democrat on the Senate committee that oversees the FBI, said publicly this week that the government paid $900,000 to break into the locked iPhone of a gunman in the San Bernardino, California, shootings, even though the FBI considers the figure to be classified information.

The FBI also has protected the identity of the vendor it paid to do the work. Both pieces of information are the subject of a federal lawsuit by The Associated Press and other news organizations that have sued to force the FBI to reveal them.

California's Feinstein cited the amount while questioning FBI Director James Comey at a Senate Judiciary Committee oversight hearing Wednesday.

Related: FBI vs. Apple Encryption Fight Continues
Seems Like Everyone has an Opinion About Apple vs. the FBI
Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Researcher Bypasses iPhone 5c Security With NAND Mirroring


Original Submission

Related Stories

FBI vs. Apple Encryption Fight Continues 35 comments

Previously on SoylentNews: Apple Ordered by Judge to Help Decrypt San Bernadino Shooter's phone

Former NSA Director Claims Many Top Gov't Officials Side With Apple

Choice quotes from an interview with Gen. Michael Hayden (archive.is) on Wednesday:

"The issue here is end-to-end, unbreakable encryption—should American firms be allowed to create such a thing?" he told the Wall Street Journal editor John Bussey. "You've got [FBI director] Jim Comey on one side saying, I am really going to suffer if I can't read Tony Soprano's email. Or, if I've got to ask Tony for the PIN number before I get to read Tony's emails. Jim Comey makes that complaint, and I get it. That is right. There is an unarguable downside to unbreakable encryption."

"I think Jim Comey is wrong...Jim's logic is based on the belief that he remains the main body. That you should accommodate your movements to him, which is the main body. And I'm telling you, with regard to the cyber domain, he's not. You are."

And by the way? If I were in Jim Comey's job, I'd have Jim Comey's point of view. I understand. But I've never been in Jim Comey's job...my view on encryption is the same as [former Secretary of Homeland Security] Mike Chertoff's, it's the same as [former Deputy Secretary of Defense] Bill Lynn's, and it's the same as [former NSA director] Mike McConnell, who is one of my predecessors."

It's interesting for this opinion to be coming from this source.

[Continues.]

Seems Like Everyone has an Opinion About Apple vs. the FBI 50 comments

John McAfee offers to unlock killer's iPhone

McAfee says that he and his team can break into the phone within three weeks. McAfee states his motive for the offer is because "he didn't want Apple to be forced to implement a 'back door'".

Bill Gates Takes Middle Road in FBI iPhone Unlock Dispute

Bill Gates has apparently sided with the FBI in the dispute over the unlocking of a "specific" iPhone, breaking with other technology industry leaders:

Apple should comply with the FBI's request to unlock an iPhone as part of a terrorism case, Microsoft founder Bill Gates says, staking out a position that's markedly different from many of his peers in the tech industry, including Facebook founder Mark Zuckerberg. The two titans aired their views on what's become a public debate over whether Apple should be compelled to unlock an iPhone used by San Bernardino shooter Syed Rizwan Farook. "This is a specific case where the government is asking for access to information. They are not asking for some general thing, they are asking for a particular case," Gates told the Financial Times.

However, in a follow-up interview with Bloomberg, Gates said he was disappointed by reports (such as my original submission #2 below) that he had sided with the FBI in its legal dispute with Apple:

In an interview with Bloomberg, Bill Gates says he was "disappointed" by reports that he supported the FBI in its legal battle with Apple, saying "that doesn't state my view on this." Still, Gates took a more moderate stance than some of his counterparts in the tech industry, not fully backing either the FBI or Apple but calling for a broader "discussion" on the issues. "I do believe that with the right safeguards, there are cases where the government, on our behalf — like stopping terrorism, which could get worse in the future — that that is valuable." But he called for "striking [a] balance" between safeguards against government power and security.

[Continues.]

Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock 35 comments

The Washington Post reports that the FBI did not require the services of Israeli firm Cellebrite to hack a San Bernardino terrorist's iPhone. Instead, it paid a one-time fee to a group of hackers and security researchers, at least one of whom the paper labels a "gray hat". It's also reported that the U.S. government has not decided whether or not to disclose to Apple the previously unknown vulnerability (or vulnerabilities) used to unlock the iPhone (specifically an iPhone 5C running iOS 9):

The FBI cracked a San Bernardino terrorist's phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter. The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone's four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.

The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.

[...] The bureau in this case did not need the services of the Israeli firm Cellebrite, as some earlier reports had suggested, people familiar with the matter said. The U.S. government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group.

FBI Director James Comey told students at Catholic University's Columbus School of Law that "Apple is not a demon," and "I hope people don't perceive the FBI as a demon." What a saint.


Original Submission

FBI Can't Say How It Hacked IPhone 5C 26 comments

The Guardian is reporting that...

On Wednesday, the FBI confirmed it wouldn't tell Apple about the security flaw it exploited to break inside the iPhone 5C of San Bernardino gunman Syed Farook in part, because the bureau says it didn't buy the rights to the technical details of the hacking tool.

"Currently we do not have enough technical information about any vulnerability that would permit any meaningful review," said Amy Hess, the FBI's executive assistant director for science and technology.

$1.3m and no source code?


Original Submission

Researcher Bypasses iPhone 5c Security With NAND Mirroring 7 comments

Security researcher Sergei Skorobogatov has bypassed the iPhone 5c's firmware using NAND mirroring. The achievement comes too late for the FBI to save some money:

The FBI told Congress it couldn't hack the San Bernardino shooter's phone without Apple's aid, but a researcher has proved that claim was inaccurate. "The process does not require any expensive and sophisticated equipment," wrote University of Cambridge researcher Sergei Skorobogatov. "All needed parts are low cost and were obtained from local electronics distributors."

Security firm Trail of Bits argued earlier this year that it would be possible to replace the iPhone firmware with a chip that doesn't block multiple password attempts. You could then try every single one until you're in, a process that would take less than a day with a four-digit code, and a few weeks with a six-digit one.

[...] "Despite government comments about feasibility of the NAND mirroring for iPhone 5c it was now proved to be fully working," the paper says. That again lends credence to FBI critics who said that the FBI was only pushing for Apple's assistance to create a precedent in court. A magistrate judge ruled against Apple, so law enforcement could use that decision to make other companies cooperate in encryption cases.

Update: The Associated Press, Vice Media and Gannett, the parent company of USA Today, have sued the FBI for information about how the agency accessed the locked iPhone 5c.


Original Submission

Comey Faces Congress: Mild Nausea and "Intelligence Porn" 22 comments

Federal Bureau of Investigation (FBI) Director James Comey appeared before a U.S. Senate panel on May 3rd to defend his agency's conduct under his leadership during the 2016 elections:

Comey acknowledged that the realization the bureau could have affected the election's outcome left him feeling "mildly nauseous." But, he added, "honestly, it wouldn't change the decision." Comey has been transformed into an unusual kind of political celebrity over the past year, his decisions coming in for sharp criticism from almost every point of the political spectrum.

News reports have cited anonymous sources within the intelligence community casting him as too fond of the spotlight, despite his repeated insistence to the contrary. Whether he sought it or not, Wednesday's Senate Judiciary Committee oversight hearing was yet another center-stage moment for the FBI director. Cable networks carried virtually uninterrupted coverage of his testimony from the moment he took his seat before a scrum of news photographers.

Comey explained his reasoning behind the decision to inform Congress about Clinton emails discovered during an investigation into Anthony Weiner, and said that he had made the right choice. One event that factored into the decision and his earlier July 2016 announcement about the Hillary Clinton investigation was Bill Clinton's meeting with former Attorney General Loretta Lynch. At Wednesday's hearing, Comey faced criticism from Democrats and Republicans alike on topics including the FBI's delay in disclosing an investigation into the Trump campaign and the decision to not charge Huma Abedin for mishandling classified information. On the day before the hearing, Hillary Clinton blamed the FBI Director for her loss, while President Trump tweeted that "FBI Director Comey was the best thing that ever happened to Hillary Clinton in that he gave her a free pass for many bad deeds!"

Comey appeared to confirm that the FBI is investigating whether its agents leaked information to Rudy Giuliani, a Trump ally. He also took the time to denigrate WikiLeaks by calling it "intelligence porn", and alleging that WikiLeaks acted as a "conduit for the Russian intelligence services or some other adversary of the United States just to push out information to damage the United States". Here's what Julian Assange had to say in response. Comey did not confirm whether or not the government is planning to charge Julian Assange with crimes related to his organization's recent activities. CNN reported in April that the U.S. is preparing to charge Assange with... something, and CIA Director Mike Pompeo recently called WikiLeaks a "non-state hostile intelligence service".

Also at The Washington Post, CNN, and The New York Times (editorial).


Original Submission

Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor 5 comments

The FBI will not have to disclose the name of the vendor that it paid to hack into an iPhone used by one of the San Bernardino terrorists:

A federal court ruled yesterday that the FBI does not have to disclose either the name of the vendor used or price the government paid to hack into the iPhone SE of mass shooter Syed Farook, according to ZDNet. The device became embroiled in a heated national controversy and legal standoff last year when Apple refused to help the FBI develop a backdoor into it for the purpose of obtaining sensitive information on Farook and his wife Tashfeen Malik, both of whom participated in the terrorist attack that left 14 dead in San Bernardino, California in December 2015.

The Justice Department originally filed a lawsuit against Apple to compel it to participate by creating a special version of its mobile operating system, something Apple was vehemently against because of the risk such a tool posed to users. But very soon after, the government withdrew from the case when a third-party vendor secretly demonstrated to the FBI a workable method to bypass the iPhone's security system. Three news organizations — the Associated Press, Vice News, and USA Todayfiled a Freedom of Information Act lawsuit in September 2016 to reveal details of the hacking method used. Because it was not clear how many phones the workaround could be used on, and whether the FBI could use it surreptitiously in the future, the lawsuit was seeking information that would be pertinent to the public and security researchers around the globe.

But it's probably Cellebrite.

Previously: Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Meeting Cellebrite - Israel's Master Phone Crackers
Cellebrite Appears to Have Been Hacked
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone

Related: FBI Resists Revealing its Tor User Identification Methods in Court


Original Submission

FBI Bemoans Phone Encryption After Texas Shooting, but Refuses Apple's Help 52 comments

At a press conference, an FBI spokesman blamed industry standard encryption for preventing the agency from accessing the recent Texas mass shooter's locked iPhone. Reuters later reported that the FBI did not try to contact Apple during a 48-hour window in which the shooter's fingerprint may have been able to unlock the phone. Apple said in a statement that after seeing the press conference, the company contacted the FBI itself to offer assistance. Finally, the Washington Post reports (archive) that an FBI official acknowledged Apple's offer but said it did not need the company's assistance:

After the FBI said it was dealing with a phone it couldn't open, Apple reached out to the bureau to learn whether the phone was an iPhone and whether the FBI was seeking assistance. An FBI official responded late Tuesday, saying that it was an iPhone but that the agency was not asking anything of the company at this point. That's because experts at the FBI's lab in Quantico, Va., are trying to determine if there are other methods, such as cloud storage or a linked laptop, that would provide access to the phone's data, these people said. They said that process could take weeks.

If the FBI and Apple had talked to each other in the first two days after the attack, it's possible the device might already be open. That time frame may have been critical because Apple's iPhone "Touch ID" — which uses a fingerprint to unlock the device — stops working after 48 hours. It wasn't immediately clear whether the gunman had activated Touch ID on his phone, but more than 80 percent of iPhone owners do use that feature. If the bureau had consulted the company, Apple engineers would likely have told the bureau to take steps such as putting the dead gunman's finger to the phone to see if doing so would unlock it. It was unclear whether the FBI tried to use the dead man's finger to open the device in the first two days.

In a statement, Apple said: "Our team immediately reached out to the FBI after learning from their press conference on Tuesday that investigators were trying to access a mobile phone. We offered assistance and said we would expedite our response to any legal process they send us."

Also at Engadget.

Related: Apple Lawyer and FBI Director Appear Before Congress
Apple Engineers Discussing Civil Disobedience If Ordered to Unlock IPhone
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 1, Insightful) by Anonymous Coward on Sunday May 07 2017, @03:36AM (3 children)

    by Anonymous Coward on Sunday May 07 2017, @03:36AM (#505703)

    A Republican must be President! Leading Democrats are suddenly very concerned about government spending!

    • (Score: 2) by takyon on Sunday May 07 2017, @03:39AM (1 child)

      by takyon (881) <reversethis-{gro ... s} {ta} {noykat}> on Sunday May 07 2017, @03:39AM (#505704) Journal

      One millie!
      One millie!
      One millie!

      This seems to be in the ballpark of what we knew seeing as one of the earlier articles mentions $1.3 million. But it is cute that the FBI kept this info secret. Fuck em.

      --
      [SIG] 10/28/2017: Soylent Upgrade v14 [soylentnews.org]
      • (Score: 0) by Anonymous Coward on Sunday May 07 2017, @05:25AM

        by Anonymous Coward on Sunday May 07 2017, @05:25AM (#505732)

        I thought we were supposed to lock her up for revealing classified information.

    • (Score: 2) by linkdude64 on Sunday May 07 2017, @05:35PM

      by linkdude64 (5482) on Sunday May 07 2017, @05:35PM (#505920)

      And about the size of government
      And about the Constitution
      And about the rights of free citizens
      etc., etc.

  • (Score: 2) by kaszz on Sunday May 07 2017, @04:18AM (6 children)

    by kaszz (4211) on Sunday May 07 2017, @04:18AM (#505715) Journal

    Surely this is something Apple can fix? last time a read more in depth how it was done there surely are ways to thwart it even if the opponent can disassembly it all and do the electron microscope and e-beam thing (and others).

    • (Score: 4, Insightful) by Runaway1956 on Sunday May 07 2017, @04:48AM (5 children)

      by Runaway1956 (2926) Subscriber Badge on Sunday May 07 2017, @04:48AM (#505721) Journal

      Security has always been an ongoing arms race. Sure, Apple fixes it, someone else figures out how to defeat the fix, Apple fixes again - on and on, ad nauseum. If Apple were to figure out how to make the phone only energize at the touch of a living hand, the FBI will turn to keeping corpses "alive" to turn the phone on. (Correct body temp, a "pulse", some finely tuned electro activity, a dash of DNA, whatever it takes to trigger the on/off function.)

      Long story short - if you can build something, someone else can break it.

      • (Score: 2, Insightful) by anubi on Sunday May 07 2017, @10:36AM (4 children)

        by anubi (2828) on Sunday May 07 2017, @10:36AM (#505796) Journal

        Yup... just like DRM.

        Very expensive and time consuming whack-a-mole that none of us much benefit from, except the vendors of DRM stuff.

        They oughta save all that encryption for things that NEED encryption... like businesses storing personal info and banking credentials.

        --
        "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
        • (Score: 0) by Anonymous Coward on Sunday May 07 2017, @10:53AM (3 children)

          by Anonymous Coward on Sunday May 07 2017, @10:53AM (#505799)

          I'll be switching from ssh to telnet real soon now.

          • (Score: 0) by Anonymous Coward on Sunday May 07 2017, @12:41PM (2 children)

            by Anonymous Coward on Sunday May 07 2017, @12:41PM (#505812)

            I'm switching from a cellphone to 2 soup cans and a very long string.

            • (Score: 0) by Anonymous Coward on Sunday May 07 2017, @01:07PM (1 child)

              by Anonymous Coward on Sunday May 07 2017, @01:07PM (#505817)

              I see your string and raise you a laser velocimeter...
                (or just a fine string that I shoot over your string with bow & arrow, connected to my can)

              • (Score: 0) by Anonymous Coward on Sunday May 07 2017, @05:01PM

                by Anonymous Coward on Sunday May 07 2017, @05:01PM (#505904)

                I'll see your string and tie the other end to a velociraptor.

(1)