FBI Paid Professional Hackers One-Time Fee To Crack San Bernardino iPhone

There's another new wrinkle in the never-ending FBI vs Apple saga. The Washington Post is claiming that FBI did not require Cellebrite's assistance in hacking San Bernardino iPhone. Instead, the report claims, the government intelligence organization bought a previously unknown security bug from a group of professional hackers. According to the report, the hacker group provided FBI with at least one zero-day flaw in the iPhone 5c's security, which enabled FBI to circumvent the lockscreen and other security features. The bug hasn't been disclosed. FBI has previously noted that the technique it utilized in breaking into the iPhone 5c does not work with any new iPhone models (iPhone 5s or newer).

And Vindicated....

[Lumpy]

i was telling people that the FBI was lying and Cellbright did not sell them anything to do this...

Remember kids, DO NOT TRUST law enforcement. they are not there for your protection.

Re:And Vindicated....

[bill_mcgonigle]

It's OK, the FBI eventually, after it's caught and cornered, tells the truth.

Re:And Vindicated....

[Joe_Dragon]

The truth is out there!

Re:

[antdude]

Trust no one.

Re:

[umghhh]

What is the truth?

Re: And Vindicated....

[Anonymous Coward]

The truth is that our tax dollars fund criminals.

Re:

[cellocgw]

What is the truth?

Paul Pierce, of course.

And another person wrote:

Since they have changed their "post-hack" story at least once,

So, you're saying they made a post-hac change to the post-hack story? //rimshot

Re:

[EETech1]

You can't HANDLE the TRUTH!!!

Re:

[ravenshrike]

Whistling and smoking a cigarette at the same time? Clearly an alien.

Re:And Vindicated....

[Anonymous Coward]

i was telling people that the FBI was lying and Cellbright did not sell them anything to do this...

Remember kids, DO NOT TRUST law enforcement. they are not there for your protection.

Neither are the software providers. Apple, Microsoft, Google, Facebook, Amazon, etc. are not there for your protection.

TRUST NO ONE.

Arn't they? Oh ok.

[Viol8]

So tell us great sage, who should we turn to for help against criminals, Apple?

Re:

[wvmarle]

Get a gun, be your own cop. Shoot first, ask questions later, That's the American way, no?

Re: Arn't they? Oh ok.

[Anonymous Coward]

Lol somebody mod this funny.

Re:

[phantomfive]

So tell us great sage, who should we turn to for help against criminals,

You probably have no recourse. If someone breaks into your house, the police aren't even going to take fingerprints, if they even come out at all [telegraph.co.uk].
If you get death threats, the police will tell you they can't protect you [jezebel.com]. They have no legal obligation to do so [fee.org].

Re:Arn't they? Oh ok.

[rgbatduke]

This is precisely my experience. Every time I've been broken into and called the police, a bored looking cop comes out, takes a statement, looks at the point of entry and then leaves, never to be heard from again. They only do this much so you can file your insurance, if you are stupid enough to file your insurance (since the insurance company will then just upgrade your risk and raise your rates enough to cover your payout plus an indefinite bleed of additional profit for them for the rest of eternity. No fingerprints. No searching area fences or eBay for your lost goods. No questioning likely suspects. If they are feeling enormously helpful, they may suggest that you get the broken lock fixed as the bad guys might come back and steal some more, and no, they aren't going to stake the joint out to find out.

Law enforcement is almost non-existent. Police are often called on to "keep the peace" -- to intervene in potentially dangerous situations involving human conflict or risk -- but they don't go out of their way to arrest anybody even then. They do arrest shoplifters, but that is because there is usually hard evidence and the perps are caught in the act. They do arrest anybody who rubs drug usage in their face and spend at least some time arresting the merely unwary. They do a decent job at pulling drunk drivers, when they catch them for obvious driving errors. Outside of that, by far -- far -- my most common interaction with Law Enforcement is getting pulled with a car tag a month out of date. Damn, they are hell on car registration. Makes me feel safe at night, knowing that no scofflaw is able to drive around without properly registered tags, unless of course they are an illegal alien without any driver's license or insurance at all driving a company truck.

Sigh.

The two laws that get en

Re:

[phantomfive]

The only way I know to get police to act is to have your lawyer contact them. It's really frustrating, actually.

And yet

[Anonymous Coward]

And yet, they're clearly spread thin and underfunded in a lot of places. The same places defeat community policing measures. Because taxes. And the public is outraged, just outraged, that things are then relegated to minimal police response due to this reality. Reminds me of the nursing profession. Snake head? Meet snake tail!

Re:

[Lumpy]

Winchester.

Re:

[cwsumner]

The police are there to arrest criminals, but you are responsible for your own safety.

Call the police when you see criminals that they can arrest, but be prepared to defend yourself until they can get there.

It's supposed to be a team effort...

And, "Trust but verify".

Re:

[UnknowingFool]

I found the timing suspicious at first. Cellebrite's previous known technique was to copy the entire NAND RAM contents then use the copies to repeatedly try the code. That would take a while even with 10000 number combinations.

Re:And Vindicated....

[wonkey_monkey]

That would take a while even with 10000 number combinations.

I hear they have computers that can count up to 10000 now.

Re:

[UnknowingFool]

Well considering their technique would require

1. trying 10 codes
2. de-solder the chip
3. re-flash the chip
4. re-solder the chip
5. repeat step 1

That would take a long time.

Re:

[Lumpy]

dont have to desolder and resolder the chip.. Desolder existing chip, solder on advanced chip simulator connection. Run phone using the simulator hardware and reset image every attempt. It's not hard at all to have a modern PC completely simulate a chip with some extra hardware. Hell an FPGA could do the job easily.

Re:

[UnknowingFool]

It would still take a while to go through the combinations. A few weeks. I was suspicious that it took a few days (including time to get the phone to Cellebrite).

Re:

[wonkey_monkey]

On the plus side any sane person would connect the print to a socket for the proper chip type and just switch the chip in the socket.

Couldn't they even switch the chip between the board and the flasher electronically?

Re:

[UnknowingFool]

Cellbrite could speed up the process by using some sort of board/interface between the flash chip and iPhone board; however, I don't know if Apple's hardware protection would defeat that setup. It would reduce the steps to:

1. Try 10 codes
2. Reset to previous position (maybe a reboot of iOS)
3. Repeat

Still a tedious process.

Re:

[phantomfive]

I've really been wondering lately whether the FBI has ever done anything good. They must have done something, but I can't think of anything good they've done. Maybe stop some bank robbers in the early 1900s?

Re:

[Coren22]

Hard to lie when you don't say anything. The FBI using Cellebrite's service was only ever a rumor, they never actually said they used them. I know the Slashdot article indicated it was the way it happened, but other news sources listed the connection as presumed.

http://www.bbc.com/news/world-... [bbc.com]

If you read the article carefully, an Israeli newspaper said Cellebrite helped the FBI, the FBI did not state that, nor did Cellebrite.

Re:

[Coren22]

What lying would that be? That I don't consider a single person reviewing your code to be enough to be considered safe? That is the truth, and is true of many people. You are the developer, it is your job to engender trust in users by having code reviews done by many people, it isn't my job to blindly trust that your software won't turn my computer into a zombie.

Also, replying to ACs now and trying to claim that they are me? Grow up little one.

EAT YOUR WORDS Coren22 by ac (your bridge bs gave you away & I remember EVERYTHING...)

HAHAHAHHA, you mean YOUR bridge bullshit. You are the one w

Re:

[Coren22]

Holy hell, are you a moron?

You use a bridge connection to the internet?? That is like begging to be hacked, and inviting the trouble!

You claim you are a "security expert" and you run a bridged connection, which is the exact opposite of security, as it means you are turning off the firewall?

Wow, just wow, I think I have now lost any possible respect I could have had for you, you know nothing about security, and have now proven it.

Re:

[Coren22]

Keep walking it back, you are the one who claimed you bridged your router, not I.

Yeah, the brain damage is strong in this one, does it come with an inability to admit when you were wrong?

https://slashdot.org/comments.... [slashdot.org]

I used BRIDGED router firewalls to my cable modem

So, keep it up, this is great entertainment for me.

Re:

[Coren22]

Keep walking it back. You can't say anything to change what you claimed, all the proof is here in this thread that you know nothing about network security. You keep posting more and more digging the hole deeper and deeper.

http://slashdot.org/comments.p... [slashdot.org]
You can keep bringing it up, but it doesn't change anything. You are the one claiming that you are using a bridge to get by the Slashdot posting limits, as it that is even possible. You are now trying to claim that bridging your connection is the same

Re:

[Kkloe]

how is someone selling a bug exploit to someone else illegal?, or are you assuming everyone who calls themselves hackers are doing illegal stuff and have found the exploits illegally?

Re:

[Iamthecheese]

He's saying they're lying again. Them money given to the "professional hacking group" was sent to a slush fund and Apple probably updated the individual phone's firmware to allow the crack, something they can do on any other iphone.

Re:

[Wycliffe]

how is someone selling a bug exploit to someone else illegal?, or are you assuming everyone who calls themselves hackers are doing illegal stuff and have found the exploits illegally?

If they are selling it on the open market to the highest bidder without vetting who they are selling it to then yes they are a criminal too.

Re:

[Frosty Piss]

If they are selling it on the open market to the highest bidder without vetting who they are selling it to then yes they are a criminal too.

How so? What laws are being broken?

Re:

[Wycliffe]

If they are selling it on the open market to the highest bidder without vetting who they are selling it to then yes they are a criminal too.

How so? What laws are being broken?

They've already fought this is court many times. They can get you for aiding a criminal. They use it all the time in the war on drugs. They bust contractors for digging tunnels and installing secret compartments in cars even if the person didn't ever touch the drugs.

Re:

[Kkloe]

There is a law here that says that you can get charged for making someone angry, yes that is a law, in practice someone can report you to the police for walking inside your own home becuase that made them angry, does it mean I am a criminal because I am potentially making someone angry for walking inside my own home?

same thing here, I can potentially be charged for aiding a criminal but that doesnt mean that I am a criminal before when I did not

Re:

[Wycliffe]

There is a law here that says that you can get charged for making someone angry, yes that is a law, in practice someone can report you to the police for walking inside your own home becuase that made them angry, does it mean I am a criminal because I am potentially making someone angry for walking inside my own home?
same thing here, I can potentially be charged for aiding a criminal but that doesnt mean that I am a criminal before when I did not

That's like saying that you bear no responsibility for selling weapons, bomb making material, or nuclear material to ISIS. If you have good reason to suspect that what you're selling is going to be used by a criminal to do a crime then that makes you a criminal or at least an accomplice. Sure there are neutral cases like selling a hunting rifle that later is used in a crime but there are also cases where there's a high probability that the other person is a criminal and you shouldn't participate in the tr

Re:

[Kkloe]

So whats the harm of finding bugs in a software\hardware?, why is it criminal?, there are alot of people that do that and then tell the companies for rewards, they could have read about the phone in the news and then later decided to find some vulnerability to sell to the fbi only, is that criminal?

Re:

[whh3]

What they did is in violation of the DMCA -- not that I agree with the DMCA, but the law is the law. Malum prohibitum -- they are criminals.

Will

Re:

[Kkloe]

doesnt i depends on where they sold it?, just becuase the fbi bought it doesnt mean they bought the fix in the us and thus the DMCA would not apply, same answer as above

Re:

[Kkloe]

doesnt i depends on where they sold it?, just becuase the fbi bought it doesnt mean they bought the fix in the us and thus the DMCA would not apply

Re:Evidence

[ChrisMaple]

The story is that the FBI was looking for a contact list: people or organizations to be considered for further investigation. If such a list contained Joe's Pizza, Al's Garage, and 9 people named Mohammed, some of that list is likely to be terrorist related.

It's a question of looking for likely suspects, and being on the list is by itself not evidence of guilt.

Re:

[boristdog]

being on the list is by itself not evidence of guilt.

You keep telling yourself that when your contact info shows up on a suspected terrorist's phone and you are hauled off for extensive interrogation.

Re:

[farble1670]

You keep telling yourself that when your contact info shows up on a suspected terrorist's phone and you are hauled off for extensive interrogation.

Fine with me. I either know nothing which I invite them to verify, or I do know something and I will readily share with them since I'm not a fan of terrorists.

Re:

[Anonymous Coward]

Have you had Joe's Pizza? It's so good it should be criminal.

Re:

[Anonymous Coward]

If such a list contained Joe's Pizza, Al's Garage, and 9 people named Mohammed, some of that list is likely to be terrorist related.

Considering how common the name Mohammed is, your statement could read:

If such a list contained Joe's Pizza, Al's Garage, and 9 people named John, some of that list is likely to be terrorist related.

and be just as meaningless. Unless you know something about Joe's Pizza that you're not telling the rest of us.

Re:

[Anonymous Coward]

To be fair it's actually pretty weird to know 9 separate people named John and even weirder to have only them and a couple small local businesses in you phone contacts.

Re:

[TimSSG]

Not if you are from the 8th Dimension. Tim S.

To be fair it's actually pretty weird to know 9 separate people named John and even weirder to have only them and a couple small local businesses in you phone contacts.

.

Re: Evidence

[Lije Baley]

These kids today don't remember the Lectroid invasion...

Re:

[phorm]

And they couldn't get that information from the telecommunications provider?

Re:

[dissy]

How can the evidence have integrity at that rate?

The story is that the FBI was looking for a contact list

The contact list as evidence is sound and has a full chain of custody.

The state department that owns the phone asked the FBI to request the last iCloud backup from Apple, which Apple provided the next day.
That was at least one if not two weeks before the FBIs request to decrypt the phone.

In fact the FBI had in their posession the entire iCloud backup (All contacts, SMS and iMessage destinations, all apps installed, all photos and music data, etc)
From the phone company the FBI had full call records, recorded

Re:

[__aaclcg7560]

It will be something more embarrassing than that: cat videos.

Re:Find what they were looking for?

[UnknowingFool]

Unlikely. It was Farouk's work phone, and he and his wife had personal phones. Before the attack, he and his wife made sure to destroy their personal phones. They left this one alone so either he forgot about it or there was nothing on it worth destroying. Even Bernandino County officials admitted they suspected the phone had little information on it.

Freaking Butthurt Idiots

[wkwilley2]

In two weeks they'll come out and say that the phone was never cracked at all and that they just wanted to set a precedent.

Just kidding, why would they lie. /s

proving the point:

[Anonymous Coward]

if these guys can do it, and the FBI can now do it, then ANYONE can do it. The chinese, north korea, data theives -

and the american government wants to force companies to put shit like this in their software on PURPOSE?

Re:

[Creepy]

According to the article, they had to craft specific hardware to retrieve the PIN and I'm guessing you need to not only possess the phone, but pull it apart to use this exploit. I had a suspicion that the firmware security in that phone could be exploited with a hardware hack and it turns out that is true. From the sound of it, a remote exploit isn't possible using the method described.

I know!!!

[Lab Rat Jason]

It was John McAfee! The FBI didn't admit it because they still want to see him eat a shoe!

FBI can, but you cannot.

[Parker Lewis]

Do the same (pay a hacker to break a giant's product) and go to jail.

Re:

[Anonymous Coward]

The warrant is what makes it legal. With a warrant the FBI can legally ransack someone's house. Do the same without a warrant and you're called a burglar and you may go to jail.

Re:

[zlives]

warrant covers all.

no day didn'

[turkeydance]

jes sayin'

Undercover AD?

[Anonymous Coward]

"FBI has previously noted that the technique it utilized in breaking into the iPhone 5c does not work with any new iPhone models (iPhone 5s or newer). "
GO GET ONE!!! (And we already broke 5s, so don't bother expecting better provacy)

Wait for it

[Varenthos]

Give them a little time - assuming the phone has actually been cracked - and they'll come out and say that they found all kinds of terrorism-related material on the phone. Then they'll start telling us that this is why we shouldn't be able to have encryption or privacy and restart the fight to get laws passed banning it, because terrorism and for the children.

Re:

[zlives]

the WMD's were on hiding this phone!!! i knew it.

Why did FBI claim they would start helping police?

[JoeyRox]

After they "cracked" the San Bernardino phone the FBI publicly came out and said they would use the information they gleaned to start assisting local law enforcement agencies to crack iPhones for their cases as well. I guess that was a bold-face lie, told to make Apple look bad to their security-conscious customers who are concerned that the FBI now has the ability to crack iPhones.

Re:

[Anonymous Coward]

They paid a one time fee for an exploit. That exploit could in theory work on any iPhone 5c (unpatched), and there are plenty of those waiting around in evidence lockers.

If the article stated somewhere that the FBI paid for a one-time crack only, not the exploit itself (which is stupid beyond belief for a government agency) then I'm sorry.

Re:

[macs4all]

They paid a one time fee for an exploit. That exploit could in theory work on any iPhone 5c (unpatched), and there are plenty of those waiting around in evidence lockers.

If the article stated somewhere that the FBI paid for a one-time crack only, not the exploit itself (which is stupid beyond belief for a government agency) then I'm sorry.

Actually, that was one of Apple's less-successful models in terms of sales numbers. So, I would imagine that, while there are undoubtedly some in evidence rooms, they are not as prevalent as some of the other models.

Re:

[Agent0013]

But it also needed some custom hardware created to make use of the exploit. So unless they are going to build hardware for all the police departments out there, or have them send the phones off to the FBI, it isn't going to do much good.

Re:

[wvmarle]

and a potential boon for Apple as all these customers still using last year's model now have to upgrade to this year's models!

Re:

[macs4all]

and a potential boon for Apple as all these customers still using last year's model now have to upgrade to this year's models!

The 5c was three revisions ago at this point. Do try to keep up.

Re: Why did FBI claim they would start helping pol

[Type44Q]

Do try to keep up.

And the benefit in doing that would be...?

Re:

[R3d M3rcury]

So...about a year-and-a-half, then.

Re:

[macs4all]

So...about a year-and-a-half, then.

Nope, sorry.

The iPhone 5C was released in September, 2013 [wikipedia.org].

The iPhone SE (which is the closest thing to an heir-apparent to the 5C, and is also the most-recent model) was shipped in the U.S. and several other countries starting on March 31, 2016 [macrumors.com].

By my estimation, that is around 2 1/2 years. And in that time, there has been the 5s, the 6 and the 6s in between the 5C and the SE. So that actually sounds like FOUR revisions, not even counting concurrent variants, like the 6 plus and the 6s plus.

Re:

[UnknowingFool]

And the information they'll provide is: "Here use these guys. Don't tell anyone who you paid."

Re:

[budgenator]

As likely as not a bald-faced lie to make Apple look good. They can probably hack into any Iphone now, but made a big show about a legal case against Apple and now to buy an exploit into an almost obsolete phone as a distraction. People especially bad actors will stay with Apple thinking they are secure.

Re:

[macs4all]

Not at all. This whole thing was one big security circus. Apple got tons of free press and saved it's face, FBI got what it wanted - a precedent. An local police has a new best friend.

Only one who got fucked in this deal is you, dear tax payer.

You're so full of shit it's running out of your ears.

Apple got as much negative press as positive. Maybe more. There are a BUNCH of people that still think that Apple is marketing to Terrists. THAT kind of publicity really DOESN'T fall under the adage of "Any publicity is good publicity."

Also, the FBI got NO legal precedent. They FOLDED, right before they were going to court for that, probably because the Amicus Curiae Briefs and even some really high-up Government Officials in the Intelligence Sector i

Re:

[Agent0013]

The lying they did and folding at the last minute should count as precedent anyway. The next judge should say to the FBI, "you lied to the court last time about a large number of things. dismissed with prejudice!".

Re:

[macs4all]

The lying they did and folding at the last minute should count as precedent anyway. The next judge should say to the FBI, "you lied to the court last time about a large number of things. dismissed with prejudice!".

We can but hope!

Did they call The Hackers R Us Store?

[Bob_Who]

I really wonder which hackers they hired... someone they are investigating, or just a dark web personal ad from Estonia. The more they say the more idiotic they sound. The FBI sounds as inefficient as the TSA and Congress. A bunch of blowhards with authority that can't get the job done properly because nobody trusts or likes how they operate. Public servants that are always at odds with the public, and never have any good news to report. Nevertheless, never getting the job done is the only job security

Re:Did they call The Hackers R Us Store?

[macs4all]

I really wonder which hackers they hired... someone they are investigating, or just a dark web personal ad from Estonia. The more they say the more idiotic they sound. The FBI sounds as inefficient as the TSA and Congress. A bunch of blowhards with authority that can't get the job done properly because nobody trusts or likes how they operate. Public servants that are always at odds with the public, and never have any good news to report. Nevertheless, never getting the job done is the only job security that exists anymore.

Since they have changed their "post-hack" story at least once, I submit that the FBI either already had the phone hacked (sans Apple's help), OR they never DID get into the phone (more likely); but needed a plausible excuse to sabotage their own legal efforts, since it was pretty clear that the Court case was NOT going to go their way, and they didn't want to set THAT Precedent.

Re:

[macs4all]

They wanted an out because they did not want a legal precedent set that looked like it was going against them. Simple as that.

Do you have your half-duplex switch set correctly? There seems to be an echo in here.

Re:

[Bob_Who]

They wanted an out because they did not want a legal precedent set that looked like it was going against them. Simple as that.

Do you have your half-duplex switch set correctly? There seems to be an echo in here.

I think that's how everything sounds to the Feds. It's a cacophony of echos and feedback loops, like a church choir warming up backstage.

NAh it ws a two-fer for the fbi

[Anonymous Coward]

They then arrested the cracker for DMCA violations and got their money back through civil forfeiture. Whilst at the same time being able to claim they reduced computer crime and cut off funding to terrorists and strike a blow against child pornography rings.

Ethics kick in on this one.

[TheHawke]

You know the director will be dragged in on the carpet by congress on the ethics of using hackers at this level.

If they paid them using gov't funds, lets hope they kept track of the funds used.

Re:

[TheHawke]

They were paid on this one as "consultants" and that comes under the auspices of the GAO and the bean-counters that reside there. Everyone in big government is held accountable, ranging from the d-bag EPA rep up in Alaska to the Oval Office desk-polisher. Keep your receipts and anything over a certain amount requires additional approval!

Do they have a warrant?

[MrKaos]

Because encryption alone won't stop the state, who will find a way to get in somehow. Especially considering they have access to all the other data products a telecommunications device like a phone produces, without needing one.

Useful information?

[ikirudennis]

My question is: Have they said whether they found useful information on the phone? (Not that I necessarily trust them to answer that truthfully at this stage.)

Remember: It can be as simple as cutting the power

[SB5407]

Keep in mind that the exploit could be as simple as brute forcing the PIN and cutting the power after each unsuccessful attempt: http://blog.mdsec.co.uk/2015/0... [mdsec.co.uk]

At the machine's rate of one PIN every 40 seconds, that's only about 111 hours to brute force a 4 digit PIN.

Apple itself

[farble1670]

Apple has no interest in running afoul of the US government. What they are concerned about is letting the public know that they cooperated. Do they really care if the FBI gains access to this phone? Of course not. I'd have to guess that Mr. Cook is opposed to terrorism and would like it stopped.

My guess is that this was a shady, unofficial back-alley deal between Apple and the FBI. "Here's how you do it. Here's some hardware to help. You never saw us. We don't exist."

Professional hackers? Like the NSA?

[sabbede]

The agency they should have turned to for help in the first place?

Re:

[Maritz]

Yeah. As a general rule of thumb, I would expect reality to be roughly the opposite of what they claim.

Re:

[macs4all]

FBI has previously noted that the technique it utilized in breaking into the iPhone 5c does not work with any new iPhone models (iPhone 5s or newer).

I wouldn't believe a single word from these assholes.

I wouldn't either; but it is true that after the 5c, all iPhones have the "Secure Enclave" chip, and thus are MUCH harder to crack. So, it is at least plausible.