Tag Archives: FBI

Can the police search your phone?

Enterprises work hard to protect company secrets. Here’s why the biggest threat may be law enforcement.

Can the police search your phone?

The answer to that question is getting complicated.

But it’s an important thing to know. The reason is that your phone, and the phones of every employee at your company, almost certainly contain company secrets — or provide access to those secrets.

Phones can provide access to passwords, contact lists, emails, phone call metadata, photos, spreadsheets and other company documents, location histories, photos and much more.

Proprietary data — including information that would enable systematic hacking of company servers for sabotage, industrial espionage and worse — is protected from legal exposure by a complex set of well-understood laws and norms in the United States. But that same data is accessible from company phones.

Can the police simply take that information?  Until recently, most professionals would have said no.

Why? Because business and IT professionals tend to believe that smartphones are covered by the Fourth Amendment’s strictures against “unreasonable searches and seizures,” a protection recently reaffirmed by the Supreme Court. And smartphones are also protected by the Fifth Amendment, many would say, because divulging a passcode is akin to being “compelled” to be a “witness” against yourself.

Unfortunately, these beliefs are wrong.

The trouble with passcodes

Apple last year quietly added a new feature to iPhones designed to protect smartphone data from police searches. When you quickly press the on/off button on an iPhone five times, it turns off Touch ID and Face ID.

The thinking behind the so-called cop button is that, because police can compel you to use biometrics, but not a passcode, to unlock your phone, the feature makes it impossible for the legal system to force you to hand over information.

Unfortunately, this belief has now been undermined.

We learned this week that a Florida man named William John Montanez was jailed for six months after claiming that he forgot the passcodes for his two phones.

Montanez was pulled over for a minor traffic infraction. Police wanted to search his car. He refused. The police brought in dogs, which found some marijuana and a gun. (Montanez said the gun was his mother’s.) During the arrest, his phone got a text that said, “OMG, did they find it,” prompting police to get a warrant to search his phones. That’s when Montanez claimed he didn’t remember the passcodes, and the judge sentenced him to up to six months in jail for civil contempt.

As a precedent, this cascading series of events changes what we thought we knew about the security of the data on our phones. What started as an illegal turn ended up with jail time over the inability or unwillingness to divulge what we thought was a constitutionally protected bit of information.

We’ve also learned a lot recently about the vulnerability of location data on a smartphone.

The solution for individual users who want to keep location and other data private is to simply switch off the feature, such as the Location History feature in Google’s Android operating system. Right?

Not really. It turns out Google has been storing location data even after users turn off Location History.

The fiasco was based on false information that used to exist on Google’s site. Turning off Location History, the site said, meant that “the places you go are no longer stored.” In fact, they were stored, just not in the user-accessible Location History area.

Google corrected the false language, adding, “Some location data may be saved as part of your activity on other services, like Search and Maps.”

Stored data matters.

The FBI recently demanded from Google the data about all people using location services within a 100-acre area in Portland, Maine, as part of an investigation into a series of robberies. The request included the names, addresses, phone numbers, “session” times and duration, log-in IP addresses, email addresses, log files and payment information.

The order also said that Google could not inform users of the FBI’s demand.

Google did not comply with the request. But that didn’t keep the FBI from pushing for it.

In fact, police are evolving their methods, intentions and technologies for searching smartphones.

Police data-harvesting machines

A device called GrayKey, from a company called GrayShift, can unlock any iPhone or iPad.

GrayShift licenses the devices for $15,000 per year and up to 300 phone cracks.

It’s a turnkey system. Each GrayKey has two Lightning cables. Police need only plug in a phone, and eventually the phone’s passcode appears on the phone’s screen, giving full access.

That may be why Apple introduced in the fall a new “USB Restricted Mode” for iPhones. That mode makes it harder for police (or criminals) to crack a phone via the Lightning port.

The mode is activated by default, which is to say that the “switch” in settings for USB Accessories is turned off. With that switch off, the Lightning port won’t connect to anything after an hour of the phone being locked.

Unfortunately for iPhone users, “USB Restricted Mode” is easily defeated with a widely available $39 dongle.

And the U.S. isn’t the only country with police data-harvesting machines.

A world of trouble for smartphone data

Chinese authorities have their own technology for harvesting the data from phones, and that technology is now being deployed by police in the field. Police anywhere in the country can demand that anyone hand over a phone, which is then scanned by a device, the use of which is reportedly spreading across China.

Chinese authorities have both desktop and handheld scanner devices, which automatically extract and process emails, social posts, videos, photos, call histories, text messages and contact lists to aid them in looking for transgressions.

Some reports suggest that the devices, which are made by both Israeli and Chinese companies, are unable to crack newer iPhones but can access nearly every other kind of phone.

Another factor to be considered is that the protections of the U.S. Constitution end at the border — literally at the border.

As I’ve detailed here in the past, U.S. Customs is a “gray area” for Fifth Amendment constitutional protections.

And once abroad, all bets are off. Even in friendly, pro-privacy nations such as Australia.

The Australian government on Tuesday proposed a law called the Assistance and Access Bill 2018. If it becomes law, the act would require people to unlock their phones for police or face up to ten years in prison (the current maximum is two years).

It would empower police to legally bug or hack phones and computers.

The bill would force carriers, as well as companies such as Apple, Google, Microsoft and Facebook, to give police access to the private encrypted data of their customers if technically possible.

Failure to comply would result in fines of up $7.3 million and prison time.

Police would need a warrant to crack, bug or hack a phone.

Police would need a warrant to crack, bug or hack a phone.

The bill may never become law. But Australia is just one of many nations affected by a new political will to end smartphone privacy when it comes to law enforcement.

If you take anything away from this column, please remember this: The landscape for what’s possible in the realm of police searches of smartphones is changing every day.

In general, smartphones are becoming less protected from police searches, not more protected.

That’s why the assumption of every IT department, every enterprise and every business progressional — especially those of us who travel internationally on business — must be that the data on a smartphone is not safe from official scrutiny.

It’s time to rethink company policies, training, procedures and permissions around smartphones.

CoPilot settles with New York AG for delaying breach notification for over one year

This is only the beginning of what will happen in the future.

It took over a year to notify 220,000 individuals of a breach to its website. HHS is determining if it’s a HIPAA-covered business associate.

CoPilot Provider Services has settled with New York for $130,000 in penalties for waiting more than a year to notify its customers of a breach to the company’s website, NY Attorney General Eric Schneiderman announced Thursday.

The attorney general determined the healthcare administrative services and IT provider violated general business law, in its delayed breach notification to its 221,178 customers. CoPilot agreed to the monetary settlement and to reform its notification and legal compliance program.

The breach occurred in October 2015, when an unauthorized individual accessed confidential patient reimbursement data through the administration site. The hacker downloaded data that included names, birthdates, addresses, phone numbers and medical insurance card details.

However, CoPilot waited until January 2017 to begin formally notifying its customers of the breach.

The FBI began investigating the incident in February at CoPilot’s request, focusing on a former employee they believed was responsible.

CoPilot blamed the breach notification delay on the FBI investigation, but law enforcement didn’t say that customer notification would hinder the ongoing investigation and didn’t instruct CoPilot to delay. General business law instructs that companies must provide timely breach notification.

The Department of Health and Human Services is still looking into whether CoPilot is considered a covered business associate under HIPAA.

Thursday’s agreement also states that CoPilot will comply with New York’s consumer protection and data security laws.

“Healthcare services providers have a duty to protect patient records as securely as possible and to provide notice when a breach occurs,” said Schneiderman in a statement. “Waiting over a year to provide notice is unacceptable. My office will continue to hold businesses accountable to their responsibility to protect customers’ private information.”

Ex-NSA Contractor Stole 50 TB of Classified Data; Includes Top-Secret Hacking Tools

nsa

Almost two months ago, the FBI quietly arrested NSA contractor Harold Thomas Martin III for stealing an enormous number of top secret documents from the intelligence agency.

Now, according to a court document filed Thursday, the FBI seized at least 50 terabytes of data from 51-year-old Martin that he siphoned from government computers over two decades.

The stolen data that are at least 500 million pages of government records includes top-secret information about “national defense.” If all data stolen by Martin found indeed classified, it would be the largest NSA heist, far bigger than Edward Snowden leaks.

According to the new filing, Martin also took “six full bankers’ boxes” worth of documents, many of which were marked “Secret” and “Top Secret.” The stolen data also include the personal information of government employees. The stolen documents date from between 1996 through 2016.

“The document appears to have been printed by the Defendant from an official government account,” the court documents read. “On the back of the document are handwritten notes describing the NSA’s classified computer infrastructure and detailed descriptions of classified technical operations.”

Former NSA Insider Could Be Behind The Shadow Brokers

It’s not clear exactly what Martin allegedly stole, but The New York Times reported Wednesday that the stolen documents also included the NSA’s top secret hacking tools posted online by a supposed hacking group, calling itself Shadow Brokers, earlier this year.

Earlier this summer, Shadow Brokers claimed to have infiltrated NSA servers and stolen enormous amounts of data, including working exploits and hacking tools.

The NY Times report suggests that the FBI has found forensic evidence that the hacking tools and cyber-weapons posted online by the alleged hacking group had actually been on a contractor’s machine.

NSA Contractor to Face Espionage Charges

Martin, a former Booz Allen Hamilton staffer like NSA whistleblower Snowden, should remain locked up and the government also plans to charge him with violations of the Espionage Act, Prosecutors said.

If convicted, one can face the death penalty.

Martin has “obtained advanced educational degrees” and has also “taken extensive government training courses on computer security,” including in the areas of encryption as well as secure communications.

A former US Navy veteran, Martin allegedly used a sophisticated software that “runs without being installed on a computer system and provides anonymous Internet access, leaving no digital footprint on the Machine.”

It’s believed that Martin was using TAILS operating system or another USB-bootable operating system in conjunction with Tor or a VPN that would not leave any forensic evidence of his computer activities.

Martin’s motives are still unclear, but among the seized documents, investigators uncovered a letter sent to Martin’s colleagues in 2007, in which he criticized the information security practices of government and refers to those same co-workers as “clowns.”

The letter reads: “I will leave you with this: if you do not get obnoxious, obvious, and detrimental to my future, then I will not bring you; into the light, as it were. If you do, well, remember that you did it to yourselves.”

Martin is due to appear before US Magistrate Judge Beth P. Gesner for his detention hearing on Friday in Baltimore.

 

Yahoo says 500 million accounts stolen

500 million accounts stolen
Yahoo_Hacked
Yahoo (YHOO, Tech30) confirmed on Thursday data “associated with at least 500 million user accounts” have been stolen in what may be one of the largest cybersecurity breaches ever.

The company said it believes a “state-sponsored actor” was behind the data breach, meaning an individual acting on behalf of a government. The breach is said to have occurred in late 2014.

“The account information may have included names, email addresses, telephone numbers, dates of birth, hashed passwords (the vast majority with bcrypt) and, in some cases, encrypted or unencrypted security questions and answers,” Yahoo said in a statement.

Yahoo urges users to change their password and security questions and to review their accounts for suspicious activity.

The silver lining for users — if there is one — is that sensitive financial data like bank account numbers and credit card data are not believed to be included in the stolen information, according to Yahoo.

Yahoo is working with law enforcement to learn more about the breach.

“The FBI is aware of the intrusion and investigating the matter,” an FBI spokesperson said. “We take these types of breaches very seriously and will determine how this occurred and who is responsible. We will continue to work with the private sector and share information so they can safeguard their systems against the actions of persistent cyber criminals.”

A large-scale data breach was first rumored in August when a hacker who goes by the name of “Peace” claimed to be selling data from 200 million Yahoo users online. The same hacker has previously claimed to sell stolen accounts from LinkedIn (LNKD, Tech30) and MySpace.

Yahoo originally said it was “aware of a claim” and was investigating the situation. Nearly two months later, it turns out the situation is even worse.

“This is massive,” said cybersecurity expert Per Thorsheim on the scale of the hack. “It will cause ripples online for years to come.”

U.S. Sen. Richard Blumenthal called for tougher legislation to “make sure companies are properly and promptly notifying consumers when their data has been compromised.”

“If Yahoo knew about the hack as early as August, and failed to coordinate with law enforcement, taking this long to confirm the breach is a blatant betrayal of their users’ trust,” he said in a statement.

160922095225-yahoo-hack-780x439

Re/code first reported Yahoo would confirm the data breach.

The data breach comes at a sensitive time for Yahoo.

Verizon (VZ, Tech30) agreed to buy Yahoo’s core properties for $4.83 billion in late July, just days before the hack was first reported. The deal is expected to close in the first quarter of 2017.

Verizon says it only learned of the breach this week.

“Within the last two days, we were notified of Yahoo’s security incident,” a spokesperson for Verizon said in a statement provided to CNNMoney.

We understand Yahoo is conducting an active investigation of this matter, but we otherwise have limited information and understanding of the impact.”

The mega-breach could create a headache for both companies, including damaging press, scrutiny from regulators and a user exodus, just as they’re working to close the deal and figure out the future of Yahoo.

Blumenthal said law enforcement and regulators “should investigate whether Yahoo may have concealed its knowledge of this breach in order to artificially bolster its valuation in its pending acquisition by Verizon.”

 

 

Napolitano: FBI Plan to Access Browser History “Major Step Towards Police State

It never gets better no matter who is in the White House, he said

DOJ

The Obama administration is pushing Congress to amend existing surveillance laws to give the FBI unquestionable authority to access a person’s browser history without a warrant, a move Judge Andrew Napolitano slammed as “a major step towards a police state.”

Under existing law, the FBI and National Security Agency (NSA) are required to obtain a surveillance warrant from the Foreign Intelligence Surveillance Court (FISA) before accessing an individual’s electronic records.

However, the FBI is able to bypass the court system and access information relating to an individual’s phone records through the use of a “National Security Letter.”

“NSLs are shadowy administrative subpoenas for information issued by the FBI, whose authority to use them was bolstered by the Patriot Act in 2001,” as reported by US News and World Report. “The requests often are accompanied by a gag order disallowing the company from which information is sought from discussing it.”

FBI Director James B. Comey has requested Congress pass legislation to amend a “typo” in the Electronic Communications Privacy Act that, he claims, has allowed some tech companies to refuse to provide data that Congress originally intended them to hand over to the FBI.

The new legislation, if passed, would allow the FBI to access an individual’s browser history by using a National Security Letter, rather than a warrant from the FISA Court. A National Security Letter only requires approval from the special agent in charge of a FBI Field Office.

Appearing before the Senate Intelligence Committee in February, Comey claimed the inability to obtain electronic information without a NSL affects the FBI’s work, “in a very, very big and practical way.” The Intelligence Authorization Act of 2017, with the NSL amendment attached, will now head to the full Senate for a vote.

Senator Ron Wyden (D-Ore.) was the sole member of the Intelligence Committee in opposition to the amendment.

“This bill takes a hatchet to important protections for Americans’ liberty,” he said. “This bill would mean more government surveillance of Americans, less due process, and less independent oversight of US intelligence agencies.”

Texas Republican Senator John Cornyn is a co-sponsor of a similar amendment that is set to be voted on by the Senate Judiciary Committee on Thursday; He has argued a “scrivener’s error” in the law is “needlessly hamstringing our counterintelligence and counterterrorism efforts.”

A coalition of tech firms and privacy advocates submitted a letter to the members of the Senate Judiciary Committee expressing concern over the amendment and the threat it poses to civil liberties.

“This expansion of the NSL statute has been characterized by some government officials as merely fixing a ‘typo’ in the law,” they wrote. In reality, however, it would dramatically expand the ability of the FBI to get sensitive information about users’ online activities without court oversight.”

Appearing with Shepard Smith on Fox News, Judge Andrew Napolitano expressed anger over the amendment and warned the American people to wake up to the ongoing erosion of their civil liberties.

“It gets worse, it never gets better no matter who is in the White House, no matter which party controls the Congress,” he said. “The American people should wake up….This is a major step towards a police state.”

“It’s done in the name of, it’s always done in the name of keeping us safe. Who or what will keep our liberties safe?”

 

 

 

US warns of hacking threat to interbank payment network

_89909468_thinkstockphotos-507473994

US regulators have warned banks about potential cyber attacks linked to the interbank messaging system.

The statement came two weeks after the Federal Bureau of Investigations sent a notice cautioning US banks after the hacking of Bangladesh’s central bank.

The FBI message warned of a “malicious cyber group” that had already targeted foreign banks.

In February, hackers stole $81m (£56m) from Bangladesh’s account with the Federal Reserve Bank of New York.

The hackers used the Bangladesh central bank’s Swift credentials to transfer money to accounts in the Philippines. Swift is the system banks use to exchange messages and transfer requests.

The hackers attempted to steal nearly $1bn, but several of their requests were rejected because of irregularities.

The Federal Financial Institutions Examination Council (FFIEC) – a group of US banking regulators- issued a statement encouraging banks to check the security of their links with interbank messaging and payment systems.

The council said that following recent attacks banks should “actively manage the risks associated with interbank messaging and wholesale payment networks”.

The FFIEC said the statement was intended to alert banks to specific security steps that could protect their messaging and payment networks from “unauthorized entry”.

It warned that unauthorised transactions may subject the originating bank to losses and compliance breaches.

The Bangladesh central bank and Swift have blamed each other for the security shortfalls that led to the February hacking.

The FBI sent its warning to US banks on 23 May, telling them to pay particular attention to potentially fraudulent international transfer requests.

“The actors have exploited vulnerabilities in the internal environments of the banks and initiated unauthorised monetary transfers over an international payment messaging system,” the alert said.

The Bureau said it would not comment on these alerts, but a spokesman added: “The FBI routinely advises private industry of various cyber threat indicators observed during the course of our investigations. This data is provided in order to help systems administrators guard against the actions of persistent cyber criminals.”

FBI Quietly Admits to Multi-Year APT Attack, Sensitive Data Stolen

shutterstock_70882576-680x400

he FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 and for years stole sensitive data.

The FBI alert was issued in February and went largely unnoticed. Nearly a month later, security experts are now shining a bright light on the alert and the mysterious group behind the attack.

“This is a rare alert and a little late, but one that is welcomed by all security vendors as it offers a chance to mitigate their customers and also collaborate further in what appears to be an ongoing FBI investigation,” said Deepen Desai, director of security research at the security firm Zscaler in an email to Threatpost.

Details regarding the actual attack and what government systems were infected are scant. Government officials said they knew the initial attack occurred in 2011, but are unaware of who specifically is behind the attacks.

“Given the nature of malware payload involved and the duration of this compromise being unnoticed – the scope of lateral movement inside the compromised network is very high possibly exposing all the critical systems,” Deepen said.

In its February bulletin, the FBI wrote: “The FBI has obtained and validated information regarding a group of malicious cyber actors who have compromised and stolen sensitive information from various government and commercial networks.

The FBI said the “group of malicious cyber actors” (known as APT6 or 1.php) used dedicated top-level domains in conjunction with the command and control servers to deliver “customized malicious software” to government computer systems. A list of domains is listed in the bulletin.

“These domains have also been used to host malicious files – often through embedded links in spear phish emails. Any activity related to these domains detected on a network should be considered an indication of a compromise requiring mitigation and contact with law enforcement,” wrote the FBI in its bulletin.

When asked for attack specifics, the FBI declined Threatpost’s request for an interview. Instead, FBI representatives issued a statement calling the alert a routine advisory aimed at notifying system administrators of persistent cyber criminals. “The release was important to add credibility and urgency to the private sector announcements and ensure that the message reached all members of the cyber-security information sharing networks,” wrote the FBI.

Deepen told Threatpost the group has been operating since at least since 2008 and has targeted China and US relations experts, Defense Department entities, and geospatial groups within the federal government. According to Deepen, APT6 has been using spear phishing in tandem with malicious PDF and ZIP attachments or links to malware infected websites that contains a malicious SCR file. The payload, Deepen said, is often the Poison Ivy remote access tool/Trojan or similar. He said the group has varied its command-and-control check-in behavior, but it is typically web-based and sometimes over HTTPS.

Experts believe that attacks are widespread and not limited to the US federal government systems. “The same or similar actors are compromising numerous organizations in order to steal sensitive intellectual property,” wrote Zscaler in a past report on APT6.

In December 2014, US government systems were compromised by hackers who broke into the Office of Personnel Management computer systems. That data breach, where 18 million people had their personal identifiable information stolen, didn’t come to light until months later in June of 2015.

Russian cyber criminal targets elite Chicago law firms

russian-cyber-criminal-targets-elite-chicago-law-firms

Photo by ThinkStock

A Russian cyber criminal has targeted nearly 50 elite law firms, including four in Chicago, to collect confidential client information for financial gain.

The mastermind, a broker named “Oleras” living in Ukraine, has been attempting since January to hire hackers to break into the firms’ computer systems so he can trade on insider information, according to a Feb. 3 alert from Flashpoint, a New York threat intelligence firm.

Kirkland & Ellis, Sidley Austin, McDermott Will & Emery and Jenner & Block all were listed on a spreadsheet of potential marks. It named 46 of the country’s largest law firms, plus two members of the UK’s Magic Circle.

A spokeswoman for Flashpoint said the firm had notified law enforcement and declined to comment further.

The FBI was investigating as of March 4, when it published its own industry alert detailing the threat. The agency’s press office did not return a message seeking comment.

Kirkland was aware of the threat, and no client data was accessed, the firm’s chief information officer, Dan Nottke, said in an email. The firm subscribes to several security information-sharing services, including ones operated by the FBI and the Financial Services Information Sharing and Analysis Center, the cybersecurity information clearinghouse for the financial services industry.

Spokesmen for McDermott and Jenner declined to comment. Messages to Sidley seeking comment were not returned.

Law firms have largely trailed their clients in confronting the possibility of hackers accessing their networks for illegal profit. Though they hold vast repositories of confidential information, many firms are slow to adopt up-to-date defenses against malware and spyware, said Jay Kozie, principal at Keno Kozie Associates, a Chicago-based law firm technology consultancy.

“I’ve always been surprised, frankly, that the law firms have not been more aggressively targeted in the past,” he said. “If you’ve got confidential information about a merger or a patent, it’s going to be very valuable.”

In this latest scheme, Oleras posted on a cyber criminal forum a plan to infiltrate the law firms’ networks, then use keywords to locate drafts of merger agreements, letters of intent, confidentiality agreements and share purchase agreements. The list of targeted law firms also included names, email address and social media accounts for specific employees at the firms.

“Overall, Oleras wanted to know in advance which companies were going to be merged with the help of the stolen law firm documents and subsequently leverage this information to execute algorithmic insider trading activities,” the Flashpoint alert says, with the money then laundered through front companies in Belize and Cypriot bank accounts.

The broker hoped to recruit a black-hat hacker to handle the job’s technical aspects for $100,000, plus another 45,000 rubles (about $564). He offered to split the proceeds of any insider trading 50-50 after the first $1 million.

On Feb. 22, another Flashpoint alert noted that Oleras had singled out eight lawyers from top firms, including one from Kirkland’s management committee, for a sophisticated phishing attack. The phishing email appeared to originate from an assistant at trade journal Business Worldwide and asked to profile the lawyer for excellence in M&A.

Targeted Firms
A Russian cyber criminal has targeted 48 law firms, including four in Chicago.

Firm
Akin Gump Strauss Hauer & Feld
Allen & Overy
Baker & Hostetler
Baker Botts
Cadwalader Wickersham & Taft
Cleary Gottlieb Steen & Hamilton
Covington & Burling
Cravath Swaine & Moore
Davis Polk & Wardwell
Debevoise & Plimpton
Dechert
DLA Piper
Ellenoff Grossman & Schole
Freshfields Bruckhaus Deringer
Fried Frank Harris Shriver & Jacobson
Gibson Dunn & Crutcher
Goodwin Procter
Hogan Lovells
Hughes Hubbard & Reed
Jenner & Block
Jones Day
Kaye Scholer
Kirkland & Ellis
Kramer Levin Naftalis & Frankel
Latham & Watkins
McDermott Will & Emery
Milbank Tweed Hadley & McCloy
Morgan Lewis & Bockius
Morrison & Foerster
Nixon Peabody
Paul Hastings
Paul Weiss Rifkind Wharton & Garrison
Pillsbury Winthrop Shaw Pittman
Proskauer Rose
Ropes & Gray
Schulte Roth & Zabel
Seward & Kissel
Shearman & Sterling
Sidley Austin
Simpson Thacher & Bartlett
Skadden Arps Slate Meagher & Flom
Sullivan & Cromwell
Vinson & Elkins
Wachtell Lipton Rosen & Katz
Weil Gotshal & Manges
White & Case
Wilkie Farr & Gallagher

Source: Flashpoint Feb. 3 email alert

The end of the iPhone encryption case and the questions we must ask

Apple_FBI

It is official. The FBI has accessed the San Bernardino iPhone, and they didn’t need Apple’s help. To quote the court document, found at:

https://assets.documentcloud.org/documents/2778264/Apple-Status-Report.pdf

“Applicant United States of America, by and through its counsel of record, the United States Attorney for the Central District of California, hereby files this status report called for by the Court’s order issued on March 21, 2016. (CR 199.) The government has now successfully accessed the data stored on Farook’s iPhone and therefore no longer requires the assistance from Apple Inc. mandated by Court’s Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016. Accordingly, the government hereby requests that
the Order Compelling Apple Inc. to Assist Agents in Search dated February 16, 2016 be vacated. ”

More questions than I can put down here come to mind, but here are a few:

Was the FBI genuine when it filed initially, claiming they had no way to access the San Bernardino iPhone without Apple’s help?

If they were not genuine, and that seems to be the prevailing view in the technical field, was this behaviour becoming, or acceptable, from law enforcement? The simplified timeline of this case was that the FBI sought their court order, Apple said they would fight it, public opinion turned on the FBI, it appeared the legal argument may not stand up to challenge, the FBI sought a stay in the case while they tested a new way to get into the phone themselves, they then came out with the above statement claiming they have accessed the phone and requested the order be vacated. At face value the fact that the stay was sought when it was seems very convenient.

Since the net result of this exercise has been nothing and worked out as if the FBI never went to court at all, Apple did not render assistance, the FBI got into the phone anyway, no legal precedent was set, was this a good use of taxpayer funds?

Will the FBI tell Apple how they got into the phone? If they won’t on national security grounds, is it acceptable that Apple customers are vulnerable to attacks that can happen in the wild due to some intangible threat that cannot be measured?

Did the FBI find anything of value?

What do dormant cyber pathogens look like?

http://arstechnica.com/tech-policy/2016/03/what-is-a-lying-dormant-cyber-pathogen-san-bernardino-da-wont-say/

It’s important we ask these questions, because if we don’t we run the risk of setting our own precedent, normalising dishonesty, vexatious use of the court system, wasting of taxpayer funds, leaving of the general public unsafe, and the utterance of wild claims, all in the name of national security.

National security should not be doing this to us.

Mobile Forensics Firm to Help FBI Hack Shooter’s iPhone

Terrorist

Israel-based mobile forensics firm Cellebrite is believed to be the mysterious “outside party” that might be able to help the FBI hack the iPhone belonging to the San Bernardino shooter.

Israeli newspaper Yedioth Ahronoth broke the news, which appears to be confirmed by a $15,000 contract signed by the FBI with Cellebrite on March 21, the day when the agency announced that it may have found a way to crack Islamic Terrorist Syed Rizwan Farook’s iPhone without Apple’s help.

The FBI convinced a judge in mid-February to order Apple to create special software that would allow the law enforcement agency to brute-force the PIN on Farook’s iPhone 5C without the risk of destroying the data stored on it.

Apple, backed by several other technology giants, has been preparing to fight the order, which it believes would set a dangerous precedent.

Just as the US government and Apple were about to face each other in court, the FBI announced on Monday that it may no longer need Apple’s help in cracking the phone. Federal prosecutors later cancelled the hearing set for Tuesday, stating that the FBI will be aided by an unidentified “outside party.”

That “outside party” appears to be Cellebrite, which has been working with the FBI since 2013. The company’s website shows that it has assisted law enforcement investigations in several countries over the past period.

“Cellebrite mobile forensics solutions give access to and unlock the intelligence of mobile data sources to extend investigative capabilities, accelerate investigations, unify investigative teams and produce solid evidence,” the company writes on its official site.

Experts have suggested several methods that could be used to gain access to the data on the San Bernardino shooter’s iPhone, including ones involving acid and lasers, but they didn’t appear to be very practical.

After the FBI announced that it might have found a practical alternative, iOS forensics expert Jonathan Zdziarski published a blog post describing some of the likely methods that might be used to accomplish the task.

The expert believes the technique that will be used has likely already been developed, as the FBI says it only needs two weeks to test the proposed method.

Zdziarski believes the company that will aid the FBI will either use a software exploit or a hardware technique known as NAND mirroring.

“This is where the NAND chip is typically desoldered, dumped into a file (likely by a chip reader/programmer, which is like a cd burner for chips), and then copied so that if the device begins to wipe or delay after five or ten tries, they can just re-write the original image back to the chip,” the researcher explained. “It’s possible they’ve also made hardware modifications to their test devices to add a socket, allowing them to quickly switch chips out, or that they’re using hardware to simulate this chip so that they don’t have to.”

“My gut still tells me this is likely a NAND hardware technique. A software exploit doesn’t scale well. I know this because my older forensics tools used them, and it required slightly different bundles for every hardware and firmware combination. Some also work against certain versions, but not against others,” he noted.

Zdziarski believes that if the technique already exists, it has likely been sold privately for well over $1 million.