Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 17 submissions in the queue.
posted by martyb on Monday October 02 2017, @05:41PM   Printer-friendly
from the who-got-my-tax-money? dept.

The FBI will not have to disclose the name of the vendor that it paid to hack into an iPhone used by one of the San Bernardino terrorists:

A federal court ruled yesterday that the FBI does not have to disclose either the name of the vendor used or price the government paid to hack into the iPhone SE of mass shooter Syed Farook, according to ZDNet. The device became embroiled in a heated national controversy and legal standoff last year when Apple refused to help the FBI develop a backdoor into it for the purpose of obtaining sensitive information on Farook and his wife Tashfeen Malik, both of whom participated in the terrorist attack that left 14 dead in San Bernardino, California in December 2015.

The Justice Department originally filed a lawsuit against Apple to compel it to participate by creating a special version of its mobile operating system, something Apple was vehemently against because of the risk such a tool posed to users. But very soon after, the government withdrew from the case when a third-party vendor secretly demonstrated to the FBI a workable method to bypass the iPhone's security system. Three news organizations — the Associated Press, Vice News, and USA Todayfiled a Freedom of Information Act lawsuit in September 2016 to reveal details of the hacking method used. Because it was not clear how many phones the workaround could be used on, and whether the FBI could use it surreptitiously in the future, the lawsuit was seeking information that would be pertinent to the public and security researchers around the globe.

But it's probably Cellebrite.

Previously: Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Meeting Cellebrite - Israel's Master Phone Crackers
Cellebrite Appears to Have Been Hacked
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone

Related: FBI Resists Revealing its Tor User Identification Methods in Court


Original Submission

Related Stories

FBI Resists Revealing its Tor User Identification Methods in Court 60 comments

The FBI is not eager to reveal (more) details about methods it used to identify Tor users as part of a child pornography case. FBI's Operation Torpedo previously unmasked Tor users by serving them malicious scripts from secretly seized .onion sites.

The FBI is resisting calls to reveal how it identified people who used a child pornography site on the Tor anonymising network. The agency was ordered to share details by a Judge presiding over a case involving one alleged user of the site. Defence lawyers said they need the information to see if the FBI exceeded its authority when indentifying users. But the Department of Justice (DoJ), acting for the FBI, said the details were irrelevant to the case. "Knowing how someone unlocked the front door provides no information about what that person did after entering the house," wrote FBI agent Daniel Alfin in court papers filed by the DoJ which were excerpted on the Vice news site.

The Judge ordered the FBI to hand over details during a court hearing in late February. The court case revolves around a "sting" the FBI carried out in early 2015 when it seized a Tor-based site called Playpen that traded in images and videos of child sexual abuse. The agency kept the site going for 13 days and used it to grab information about visitors who took part in discussion threads about images of child abuse.


Original Submission

Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock 35 comments

The Washington Post reports that the FBI did not require the services of Israeli firm Cellebrite to hack a San Bernardino terrorist's iPhone. Instead, it paid a one-time fee to a group of hackers and security researchers, at least one of whom the paper labels a "gray hat". It's also reported that the U.S. government has not decided whether or not to disclose to Apple the previously unknown vulnerability (or vulnerabilities) used to unlock the iPhone (specifically an iPhone 5C running iOS 9):

The FBI cracked a San Bernardino terrorist's phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter. The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone's four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.

The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution.

[...] The bureau in this case did not need the services of the Israeli firm Cellebrite, as some earlier reports had suggested, people familiar with the matter said. The U.S. government now has to weigh whether to disclose the flaws to Apple, a decision that probably will be made by a White House-led group.

FBI Director James Comey told students at Catholic University's Columbus School of Law that "Apple is not a demon," and "I hope people don't perceive the FBI as a demon." What a saint.


Original Submission

FBI Can't Say How It Hacked IPhone 5C 26 comments

The Guardian is reporting that...

On Wednesday, the FBI confirmed it wouldn't tell Apple about the security flaw it exploited to break inside the iPhone 5C of San Bernardino gunman Syed Farook in part, because the bureau says it didn't buy the rights to the technical details of the hacking tool.

"Currently we do not have enough technical information about any vulnerability that would permit any meaningful review," said Amy Hess, the FBI's executive assistant director for science and technology.

$1.3m and no source code?


Original Submission

Meeting Cellebrite - Israel's Master Phone Crackers 12 comments

BBC technology correspondent Rory Cellan-Jones has met with representatives of the Israeli company Cellebrite, which helps police forces gain access to the data on the mobile phones of suspected criminals. They were rumoured to have aided the FBI in gaining access to the iPhone used by the San Bernardino shooter (though some reports contradict this). From the article:

It's an Israeli company that helps police forces gain access to data on the mobile phones of suspected criminals.

Cellebrite was in the headlines earlier this year when it was rumoured to have helped the FBI to crack an iPhone used by the San Bernardino shooter.

Now the company has told the BBC that it can get through the defences of just about any modern smartphone. But the firm refuses to say whether it supplies its technology to the police forces of repressive regimes.

[...] Mr Ben-Moshe claimed that his firm could access data on "the largest number of devices that are out there in the industry".

Even Apple's new iPhone 7?

"We can definitely extract data from an iPhone 7 as well - the question is what data."

He said that Cellebrite had the biggest research and development team in the sector, constantly working to catch up with the new technology.

He was cagey about how much data could be extracted from services such as WhatsApp - "It's not a black/white yes/no answer" - but indicated that criminals might be fooling themselves if they thought any form of mobile communication was totally secure.


Original Submission

Cellebrite Appears to Have Been Hacked 15 comments

According to the New York Post:

Cellebrite, an Israeli firm that supplies "forensics tools" to agencies around the world, including US law enforcement, appears to have suffered a serious hack. Motherboard claims to have 900GB of Cellebrite data, supplied to it by an anonymous hacker. Among other things, the data reportedly shows that the Israeli firm has been selling its technology to regimes known for their human rights abuses, including Turkey, the United Arab Emirates and Russia.

According to Motherboard:

The breach is the latest chapter in a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies.

Cellebrite is an Israeli company whose main product, a typically laptop-sized device called the Universal Forensic Extraction Device (UFED), can rip data from thousands of different models of mobile phones. That data can include SMS messages, emails, call logs, and much more, as long as the UFED user is in physical possession of the phone.

New York Post Again:

Cellebrite is best known for its rumored involvement in helping the FBI crack the San Bernandino shooter's iPhone, as Apple fought an order to assist through the courts. In addition to helping the FBI in that case, Cellebrite sells forensics devices and software to dozens of US law enforcement agencies and police departments.


Original Submission

Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone 11 comments

Here's an extra story related to FBI Director Comey's questioning on Wednesday. It's a piece of "classified information":

Sen. Dianne Feinstein, the top Democrat on the Senate committee that oversees the FBI, said publicly this week that the government paid $900,000 to break into the locked iPhone of a gunman in the San Bernardino, California, shootings, even though the FBI considers the figure to be classified information.

The FBI also has protected the identity of the vendor it paid to do the work. Both pieces of information are the subject of a federal lawsuit by The Associated Press and other news organizations that have sued to force the FBI to reveal them.

California's Feinstein cited the amount while questioning FBI Director James Comey at a Senate Judiciary Committee oversight hearing Wednesday.

Related: FBI vs. Apple Encryption Fight Continues
Seems Like Everyone has an Opinion About Apple vs. the FBI
Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
FBI Can't Say How It Hacked IPhone 5C
Researcher Bypasses iPhone 5c Security With NAND Mirroring


Original Submission

Apple Denies FBI Request to Unlock Shooter’s iPhone 26 comments

Apple Denies FBI Request to Unlock Shooter's iPhone:

Apple once again is drawing the line at breaking into a password-protected iPhone for a criminal investigation, refusing a request by the Federal Bureau of Investigation (FBI) to help unlock the iPhones of a shooter responsible for an attack in Florida.

The company late Monday said it won't help the FBI crack two iPhones belonging to Mohammed Saeed Alshamrani, a Saudi-born Air Force cadet and suspect in a shooting that killed three people in December at the Naval Air Station in Pensacola, Fla.

The decision is reminiscent of a scenario that happened during the investigation of a 2015 California shooting, and could pit federal law enforcement against Apple in court once again to argue over data privacy in the case of criminal investigations.

While Apple said it's helping in the FBI's investigation of the Pensacola shooting—refuting criticism to the contrary—the company said it won't help the FBI unlock two phones the agency said belonged to Alshamrani.

"We reject the characterization that Apple has not provided substantive assistance in the Pensacola investigation," the company said in a statement emailed to Threatpost. "Our responses to their many requests since the attack have been timely, thorough and are ongoing."

[...] The FBI sent a letter to Apple's general counsel last week asking the company to help the agency crack the iPhones, as their attempts until that point to guess the "relevant passcodes" had been unsuccessful, according to the letter, which was obtained by NBC News.

Used Universal Forensic Extraction Devices (Phone Cracking Devices) Found on eBay 11 comments

Phone-Hacking Tool Law Agencies Use Cost Just $100 on eBay

When smartphone companies refuse to help law enforcement agencies access encrypted devices, investigators often turn to companies like Cellebrite, which offers its Universal Forensic Extraction Device (UFED) to help them hack the phone in question to access secure data The problem? This week, Forbes reported that UFEDs--which normally cost between $5,000 and $15,000--can now be bought on eBay for as little as $100.

In addition to letting anyone with a likeness of Benjamin Franklin break into other people's devices, these used UFEDs were also found to contain data from previous investigations.

Forbes said Hacker House co-founder Matthew Hickey bought a dozen UFEDs to see what secrets they might contain. He reportedly found that the "secondhand kit contained information on what devices were searched, when they were searched and what kinds of data were removed," as well as the searched phones' IMEI (international mobile equipment identity) codes.

Related: Washington Post: The FBI Paid "Gray Hat(s)", Not Cellebrite, for iPhone Unlock
Meeting Cellebrite - Israel's Master Phone Crackers
Cellebrite Appears to Have Been Hacked
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor


Original Submission

FBI Director Christopher Wray Keeps War on Encryption Alive 61 comments

The new FBI Director Christopher Wray has been repeating the broken rhetoric of the Crypto Wars:

In recent testimony before Congress, the director of the FBI has again highlighted what the government sees as the problem of easy-to-use, on-by-default, strong encryption.

In prepared remarks from last Thursday, FBI Director Christopher Wray said that encryption presents a "significant challenge to conducting lawful court-ordered access," he said, again using the longstanding government moniker "Going Dark."

The statement was just one portion of his testimony about the agency's priorities for the coming year.

The FBI and its parent agency, the Department of Justice, have recently stepped up public rhetoric about the so-called dangers of "Going Dark." In recent months, both Wray and Deputy Attorney General Rod Rosenstein have given numerous public statements about this issue.

Remember to use encryption irresponsibly, and stay salty, my FBI friends.

Previously: FBI Chief Calls for National Talk Over Encryption vs. Safety
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor
PureVPN Logs Helped FBI Net Alleged Cyberstalker
FBI Failed to Access 7,000 Encrypted Mobile Devices
Great, Now There's "Responsible Encryption"
FBI Bemoans Phone Encryption After Texas Shooting, but Refuses Apple's Help
DOJ: Strong Encryption That We Don't Have Access to is "Unreasonable"


Original Submission

Apple Speaks Out Against Australian Anti-Encryption Law; Police Advised Not to Trigger Face ID 31 comments

Apple argues stronger encryption will thwart criminals in letter to Australian government

Apple has long been a proponent for strong on-device encryption, most notably for its iPhones and the iOS operating system. This has often frustrated law enforcement agencies both in the US and overseas, many of which claim the company's encryption tools and policies are letting criminals avoid capture by masking communications and securing data from the hands of investigators.

Now, in a letter to the Australian government, Apple says it thinks encryption is in fact a benefit and public good that will only strength our protections against cyberattacks and terrorism. In Apple's eyes, encryption makes everyone's devices harder to hack and less vulnerable to take-overs, viruses, and other malicious attacks that could undermine personal and corporate security, as well as public infrastructure and services. Apple is specifically responding to the Australian Parliament's Assistance and Access Bill, which was introduced late last month and is designed to help the government more easily access the devices and data of criminals during active investigations.

Letter here (#53), or at Scribd and DocumentCloud.

Also at Ars Technica, Engadget, 9to5Mac, and AppleInsider.

Police told to avoid looking at recent iPhones to avoid lockouts

Police have yet to completely wrap their heads around modern iPhones like the X and XS, and that's clearer than ever thanks to a leak. Motherboard has obtained a presentation slide from forensics company Elcomsoft telling law enforcement to avoid looking at iPhones with Face ID. If they gaze at it too many times (five), the company said, they risk being locked out much like Apple's Craig Federighi was during the iPhone X launch event. They'd then have to enter a passcode that they likely can't obtain under the US Constitution's Fifth Amendment, which protects suspects from having to provide self-incriminating testimony.

Also at 9to5Mac.

Related:


Original Submission

FBI Bemoans Phone Encryption After Texas Shooting, but Refuses Apple's Help 52 comments

At a press conference, an FBI spokesman blamed industry standard encryption for preventing the agency from accessing the recent Texas mass shooter's locked iPhone. Reuters later reported that the FBI did not try to contact Apple during a 48-hour window in which the shooter's fingerprint may have been able to unlock the phone. Apple said in a statement that after seeing the press conference, the company contacted the FBI itself to offer assistance. Finally, the Washington Post reports (archive) that an FBI official acknowledged Apple's offer but said it did not need the company's assistance:

After the FBI said it was dealing with a phone it couldn't open, Apple reached out to the bureau to learn whether the phone was an iPhone and whether the FBI was seeking assistance. An FBI official responded late Tuesday, saying that it was an iPhone but that the agency was not asking anything of the company at this point. That's because experts at the FBI's lab in Quantico, Va., are trying to determine if there are other methods, such as cloud storage or a linked laptop, that would provide access to the phone's data, these people said. They said that process could take weeks.

If the FBI and Apple had talked to each other in the first two days after the attack, it's possible the device might already be open. That time frame may have been critical because Apple's iPhone "Touch ID" — which uses a fingerprint to unlock the device — stops working after 48 hours. It wasn't immediately clear whether the gunman had activated Touch ID on his phone, but more than 80 percent of iPhone owners do use that feature. If the bureau had consulted the company, Apple engineers would likely have told the bureau to take steps such as putting the dead gunman's finger to the phone to see if doing so would unlock it. It was unclear whether the FBI tried to use the dead man's finger to open the device in the first two days.

In a statement, Apple said: "Our team immediately reached out to the FBI after learning from their press conference on Tuesday that investigators were trying to access a mobile phone. We offered assistance and said we would expedite our response to any legal process they send us."

Also at Engadget.

Related: Apple Lawyer and FBI Director Appear Before Congress
Apple Engineers Discussing Civil Disobedience If Ordered to Unlock IPhone
Senator Dianne Feinstein Claims That the FBI Paid $900,000 to Break Into a Locked iPhone
Federal Court Rules That the FBI Does Not Have to Disclose Name of iPhone Hacking Vendor


Original Submission

This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)
  • (Score: 0) by Anonymous Coward on Monday October 02 2017, @06:29PM (1 child)

    by Anonymous Coward on Monday October 02 2017, @06:29PM (#576052)

    Of course they don't... transparency is for losers. You should at all times just blindly trust the Powers That Be</sarc>
    (can we get a <cynical> tag as well because that's really what I needed here!)

  • (Score: 3, Insightful) by nobu_the_bard on Monday October 02 2017, @07:15PM (1 child)

    by nobu_the_bard (6373) on Monday October 02 2017, @07:15PM (#576104)

    “It is logical and plausible that the vendor may be less capable than the FBI of protecting its proprietary information in the face of a cyberattack,” the court said.

    Wow. I bet the that developed this "phone hack" are hanging their heads in shame that their defense is that they're more incompetent than the client that hired them for their expertise.

    I know I'm not being totally fair here ("cyberattack" mitigation not being the same as a phone hack) but I'd expect they're related enough to be at least minimally competent.

    • (Score: 1, Insightful) by Anonymous Coward on Monday October 02 2017, @09:09PM

      by Anonymous Coward on Monday October 02 2017, @09:09PM (#576193)

      Or they are quite pissed to be used as the scape goat after they saved the FBI from having deal with the fallout of hacking the phone. I'm sure they're still happy to remain unidentified so they don't become the target of apple fan bois.

  • (Score: 0) by Anonymous Coward on Tuesday October 03 2017, @07:25AM

    by Anonymous Coward on Tuesday October 03 2017, @07:25AM (#576477)

    Are these FOIA requests pretty much useless?

    Or is it just that we only hear about the ones that get rejected?

    Then again, all the ones we hear about is the ones that matter, so why wouldn't we hear about a successful FOIA request that mattered? Maybe it's just the ones that actually matter that get rejected?

(1)