FBI Paid Professional Hackers One-Time Fee To Crack San Bernardino iPhone 149
There's another new wrinkle in the never-ending FBI vs Apple saga. The Washington Post is claiming that FBI did not require Cellebrite's assistance in hacking San Bernardino iPhone. Instead, the report claims, the government intelligence organization bought a previously unknown security bug from a group of professional hackers. According to the report, the hacker group provided FBI with at least one zero-day flaw in the iPhone 5c's security, which enabled FBI to circumvent the lockscreen and other security features. The bug hasn't been disclosed. FBI has previously noted that the technique it utilized in breaking into the iPhone 5c does not work with any new iPhone models (iPhone 5s or newer).
And Vindicated.... (Score:5, Informative)
i was telling people that the FBI was lying and Cellbright did not sell them anything to do this...
Remember kids, DO NOT TRUST law enforcement. they are not there for your protection.
Re:And Vindicated.... (Score:5, Funny)
It's OK, the FBI eventually, after it's caught and cornered, tells the truth.
Re:And Vindicated.... (Score:5, Funny)
The truth is out there!
Re: (Score:2)
Trust no one.
Re: (Score:1)
Re: And Vindicated.... (Score:2, Insightful)
The truth is that our tax dollars fund criminals.
Re: (Score:3)
What is the truth?
Paul Pierce, of course.
And another person wrote:
Since they have changed their "post-hack" story at least once,
So, you're saying they made a post-hac change to the post-hack story? //rimshot
Re: (Score:2)
You can't HANDLE the TRUTH!!!
Re: (Score:2)
Whistling and smoking a cigarette at the same time? Clearly an alien.
Re:And Vindicated.... (Score:4, Insightful)
i was telling people that the FBI was lying and Cellbright did not sell them anything to do this...
Remember kids, DO NOT TRUST law enforcement. they are not there for your protection.
Neither are the software providers. Apple, Microsoft, Google, Facebook, Amazon, etc. are not there for your protection.
TRUST NO ONE.
Arn't they? Oh ok. (Score:2, Insightful)
So tell us great sage, who should we turn to for help against criminals, Apple?
Re: (Score:1, Flamebait)
Get a gun, be your own cop. Shoot first, ask questions later, That's the American way, no?
Re: Arn't they? Oh ok. (Score:1)
Lol somebody mod this funny.
Re: (Score:1)
So tell us great sage, who should we turn to for help against criminals,
You probably have no recourse. If someone breaks into your house, the police aren't even going to take fingerprints, if they even come out at all [telegraph.co.uk].
If you get death threats, the police will tell you they can't protect you [jezebel.com]. They have no legal obligation to do so [fee.org].
Re:Arn't they? Oh ok. (Score:5, Interesting)
This is precisely my experience. Every time I've been broken into and called the police, a bored looking cop comes out, takes a statement, looks at the point of entry and then leaves, never to be heard from again. They only do this much so you can file your insurance, if you are stupid enough to file your insurance (since the insurance company will then just upgrade your risk and raise your rates enough to cover your payout plus an indefinite bleed of additional profit for them for the rest of eternity. No fingerprints. No searching area fences or eBay for your lost goods. No questioning likely suspects. If they are feeling enormously helpful, they may suggest that you get the broken lock fixed as the bad guys might come back and steal some more, and no, they aren't going to stake the joint out to find out.
Law enforcement is almost non-existent. Police are often called on to "keep the peace" -- to intervene in potentially dangerous situations involving human conflict or risk -- but they don't go out of their way to arrest anybody even then. They do arrest shoplifters, but that is because there is usually hard evidence and the perps are caught in the act. They do arrest anybody who rubs drug usage in their face and spend at least some time arresting the merely unwary. They do a decent job at pulling drunk drivers, when they catch them for obvious driving errors. Outside of that, by far -- far -- my most common interaction with Law Enforcement is getting pulled with a car tag a month out of date. Damn, they are hell on car registration. Makes me feel safe at night, knowing that no scofflaw is able to drive around without properly registered tags, unless of course they are an illegal alien without any driver's license or insurance at all driving a company truck.
Sigh.
The two laws that get en
Re: (Score:2)
And yet (Score:1)
And yet, they're clearly spread thin and underfunded in a lot of places. The same places defeat community policing measures. Because taxes. And the public is outraged, just outraged, that things are then relegated to minimal police response due to this reality. Reminds me of the nursing profession. Snake head? Meet snake tail!
Re: (Score:2)
Winchester.
Re: (Score:1)
The police are there to arrest criminals, but you are responsible for your own safety.
Call the police when you see criminals that they can arrest, but be prepared to defend yourself until they can get there.
It's supposed to be a team effort...
And, "Trust but verify".
Re: (Score:2, Interesting)
Re:And Vindicated.... (Score:4, Insightful)
That would take a while even with 10000 number combinations.
I hear they have computers that can count up to 10000 now.
Re: (Score:2)
That would take a long time.
Re: (Score:2)
dont have to desolder and resolder the chip.. Desolder existing chip, solder on advanced chip simulator connection. Run phone using the simulator hardware and reset image every attempt. It's not hard at all to have a modern PC completely simulate a chip with some extra hardware. Hell an FPGA could do the job easily.
Re: (Score:2)
Re: (Score:2)
On the plus side any sane person would connect the print to a socket for the proper chip type and just switch the chip in the socket.
Couldn't they even switch the chip between the board and the flasher electronically?
Re: (Score:2)
Still a tedious process.
Re: (Score:2)
Re: (Score:2)
Hard to lie when you don't say anything. The FBI using Cellebrite's service was only ever a rumor, they never actually said they used them. I know the Slashdot article indicated it was the way it happened, but other news sources listed the connection as presumed.
http://www.bbc.com/news/world-... [bbc.com]
If you read the article carefully, an Israeli newspaper said Cellebrite helped the FBI, the FBI did not state that, nor did Cellebrite.
Re: (Score:2)
What lying would that be? That I don't consider a single person reviewing your code to be enough to be considered safe? That is the truth, and is true of many people. You are the developer, it is your job to engender trust in users by having code reviews done by many people, it isn't my job to blindly trust that your software won't turn my computer into a zombie.
Also, replying to ACs now and trying to claim that they are me? Grow up little one.
EAT YOUR WORDS Coren22 by ac (your bridge bs gave you away & I remember EVERYTHING...)
HAHAHAHHA, you mean YOUR bridge bullshit. You are the one w
Re: (Score:2)
Holy hell, are you a moron?
You use a bridge connection to the internet?? That is like begging to be hacked, and inviting the trouble!
You claim you are a "security expert" and you run a bridged connection, which is the exact opposite of security, as it means you are turning off the firewall?
Wow, just wow, I think I have now lost any possible respect I could have had for you, you know nothing about security, and have now proven it.
Re: (Score:2)
Keep walking it back, you are the one who claimed you bridged your router, not I.
Yeah, the brain damage is strong in this one, does it come with an inability to admit when you were wrong?
https://slashdot.org/comments.... [slashdot.org]
I used BRIDGED router firewalls to my cable modem
So, keep it up, this is great entertainment for me.
Re: (Score:2)
Keep walking it back. You can't say anything to change what you claimed, all the proof is here in this thread that you know nothing about network security. You keep posting more and more digging the hole deeper and deeper.
http://slashdot.org/comments.p... [slashdot.org]
You can keep bringing it up, but it doesn't change anything. You are the one claiming that you are using a bridge to get by the Slashdot posting limits, as it that is even possible. You are now trying to claim that bridging your connection is the same
Re: (Score:3)
Re: (Score:1)
Re: (Score:2)
how is someone selling a bug exploit to someone else illegal?, or are you assuming everyone who calls themselves hackers are doing illegal stuff and have found the exploits illegally?
If they are selling it on the open market to the highest bidder without vetting who they are selling it to then yes they are a criminal too.
Re: (Score:2)
If they are selling it on the open market to the highest bidder without vetting who they are selling it to then yes they are a criminal too.
How so? What laws are being broken?
Re: (Score:2)
If they are selling it on the open market to the highest bidder without vetting who they are selling it to then yes they are a criminal too.
How so? What laws are being broken?
They've already fought this is court many times. They can get you for aiding a criminal. They use it all the time in the war on drugs. They bust contractors for digging tunnels and installing secret compartments in cars even if the person didn't ever touch the drugs.
Re: (Score:2)
same thing here, I can potentially be charged for aiding a criminal but that doesnt mean that I am a criminal before when I did not
Re: (Score:2)
There is a law here that says that you can get charged for making someone angry, yes that is a law, in practice someone can report you to the police for walking inside your own home becuase that made them angry, does it mean I am a criminal because I am potentially making someone angry for walking inside my own home?
same thing here, I can potentially be charged for aiding a criminal but that doesnt mean that I am a criminal before when I did not
That's like saying that you bear no responsibility for selling weapons, bomb making material, or nuclear material to ISIS. If you have good reason to suspect that what you're selling is going to be used by a criminal to do a crime then that makes you a criminal or at least an accomplice. Sure there are neutral cases like selling a hunting rifle that later is used in a crime but there are also cases where there's a high probability that the other person is a criminal and you shouldn't participate in the tr
Re: (Score:2)
Re: (Score:1)
What they did is in violation of the DMCA -- not that I agree with the DMCA, but the law is the law. Malum prohibitum -- they are criminals.
Will
Re: (Score:2)
Re: (Score:2)
Re:Evidence (Score:5, Insightful)
The story is that the FBI was looking for a contact list: people or organizations to be considered for further investigation. If such a list contained Joe's Pizza, Al's Garage, and 9 people named Mohammed, some of that list is likely to be terrorist related.
It's a question of looking for likely suspects, and being on the list is by itself not evidence of guilt.
Re: (Score:3, Insightful)
being on the list is by itself not evidence of guilt.
You keep telling yourself that when your contact info shows up on a suspected terrorist's phone and you are hauled off for extensive interrogation.
Re: (Score:2)
You keep telling yourself that when your contact info shows up on a suspected terrorist's phone and you are hauled off for extensive interrogation.
Fine with me. I either know nothing which I invite them to verify, or I do know something and I will readily share with them since I'm not a fan of terrorists.
Re: (Score:1)
Have you had Joe's Pizza? It's so good it should be criminal.
Re: (Score:2, Insightful)
Considering how common the name Mohammed is, your statement could read:
and be just as meaningless. Unless you know something about Joe's Pizza that you're not telling the rest of us.
Re: (Score:1)
To be fair it's actually pretty weird to know 9 separate people named John and even weirder to have only them and a couple small local businesses in you phone contacts.
Re: (Score:1)
To be fair it's actually pretty weird to know 9 separate people named John and even weirder to have only them and a couple small local businesses in you phone contacts.
.
Re: Evidence (Score:2)
These kids today don't remember the Lectroid invasion...
Re: (Score:1)
And they couldn't get that information from the telecommunications provider?
Re: (Score:2)
How can the evidence have integrity at that rate?
The story is that the FBI was looking for a contact list
The contact list as evidence is sound and has a full chain of custody.
The state department that owns the phone asked the FBI to request the last iCloud backup from Apple, which Apple provided the next day.
That was at least one if not two weeks before the FBIs request to decrypt the phone.
In fact the FBI had in their posession the entire iCloud backup (All contacts, SMS and iMessage destinations, all apps installed, all photos and music data, etc)
From the phone company the FBI had full call records, recorded
Re: (Score:2)
Re:Find what they were looking for? (Score:5, Informative)
Freaking Butthurt Idiots (Score:2)
In two weeks they'll come out and say that the phone was never cracked at all and that they just wanted to set a precedent.
Just kidding, why would they lie. /s
proving the point: (Score:3, Insightful)
if these guys can do it, and the FBI can now do it, then ANYONE can do it. The chinese, north korea, data theives -
and the american government wants to force companies to put shit like this in their software on PURPOSE?
Re: (Score:2)
According to the article, they had to craft specific hardware to retrieve the PIN and I'm guessing you need to not only possess the phone, but pull it apart to use this exploit. I had a suspicion that the firmware security in that phone could be exploited with a hardware hack and it turns out that is true. From the sound of it, a remote exploit isn't possible using the method described.
I know!!! (Score:4, Funny)
It was John McAfee! The FBI didn't admit it because they still want to see him eat a shoe!
FBI can, but you cannot. (Score:2)
Re: (Score:1)
The warrant is what makes it legal. With a warrant the FBI can legally ransack someone's house. Do the same without a warrant and you're called a burglar and you may go to jail.
Re: (Score:2)
warrant covers all.
no day didn' (Score:2)
Undercover AD? (Score:1)
"FBI has previously noted that the technique it utilized in breaking into the iPhone 5c does not work with any new iPhone models (iPhone 5s or newer). "
GO GET ONE!!! (And we already broke 5s, so don't bother expecting better provacy)
Wait for it (Score:1)
Re: (Score:2)
the WMD's were on hiding this phone!!! i knew it.
Why did FBI claim they would start helping police? (Score:5, Interesting)
Re: (Score:1)
They paid a one time fee for an exploit. That exploit could in theory work on any iPhone 5c (unpatched), and there are plenty of those waiting around in evidence lockers.
If the article stated somewhere that the FBI paid for a one-time crack only, not the exploit itself (which is stupid beyond belief for a government agency) then I'm sorry.
Re: (Score:2)
They paid a one time fee for an exploit. That exploit could in theory work on any iPhone 5c (unpatched), and there are plenty of those waiting around in evidence lockers.
If the article stated somewhere that the FBI paid for a one-time crack only, not the exploit itself (which is stupid beyond belief for a government agency) then I'm sorry.
Actually, that was one of Apple's less-successful models in terms of sales numbers. So, I would imagine that, while there are undoubtedly some in evidence rooms, they are not as prevalent as some of the other models.
Re: (Score:2)
Re: (Score:3)
and a potential boon for Apple as all these customers still using last year's model now have to upgrade to this year's models!
Re: (Score:3)
and a potential boon for Apple as all these customers still using last year's model now have to upgrade to this year's models!
The 5c was three revisions ago at this point. Do try to keep up.
Re: Why did FBI claim they would start helping pol (Score:2)
Do try to keep up.
And the benefit in doing that would be...?
Re: (Score:2)
So...about a year-and-a-half, then.
Re: (Score:2)
So...about a year-and-a-half, then.
Nope, sorry.
The iPhone 5C was released in September, 2013 [wikipedia.org].
The iPhone SE (which is the closest thing to an heir-apparent to the 5C, and is also the most-recent model) was shipped in the U.S. and several other countries starting on March 31, 2016 [macrumors.com].
By my estimation, that is around 2 1/2 years. And in that time, there has been the 5s, the 6 and the 6s in between the 5C and the SE. So that actually sounds like FOUR revisions, not even counting concurrent variants, like the 6 plus and the 6s plus.
Re: (Score:2)
Re: (Score:2)
As likely as not a bald-faced lie to make Apple look good. They can probably hack into any Iphone now, but made a big show about a legal case against Apple and now to buy an exploit into an almost obsolete phone as a distraction. People especially bad actors will stay with Apple thinking they are secure.
Re: (Score:3)
Not at all. This whole thing was one big security circus. Apple got tons of free press and saved it's face, FBI got what it wanted - a precedent. An local police has a new best friend.
Only one who got fucked in this deal is you, dear tax payer.
You're so full of shit it's running out of your ears.
Apple got as much negative press as positive. Maybe more. There are a BUNCH of people that still think that Apple is marketing to Terrists. THAT kind of publicity really DOESN'T fall under the adage of "Any publicity is good publicity."
Also, the FBI got NO legal precedent. They FOLDED, right before they were going to court for that, probably because the Amicus Curiae Briefs and even some really high-up Government Officials in the Intelligence Sector i
Re: (Score:2)
Re: (Score:2)
The lying they did and folding at the last minute should count as precedent anyway. The next judge should say to the FBI, "you lied to the court last time about a large number of things. dismissed with prejudice!".
We can but hope!
Did they call The Hackers R Us Store? (Score:2)
I really wonder which hackers they hired... someone they are investigating, or just a dark web personal ad from Estonia. The more they say the more idiotic they sound. The FBI sounds as inefficient as the TSA and Congress. A bunch of blowhards with authority that can't get the job done properly because nobody trusts or likes how they operate. Public servants that are always at odds with the public, and never have any good news to report. Nevertheless, never getting the job done is the only job security
Re:Did they call The Hackers R Us Store? (Score:4, Interesting)
I really wonder which hackers they hired... someone they are investigating, or just a dark web personal ad from Estonia. The more they say the more idiotic they sound. The FBI sounds as inefficient as the TSA and Congress. A bunch of blowhards with authority that can't get the job done properly because nobody trusts or likes how they operate. Public servants that are always at odds with the public, and never have any good news to report. Nevertheless, never getting the job done is the only job security that exists anymore.
Since they have changed their "post-hack" story at least once, I submit that the FBI either already had the phone hacked (sans Apple's help), OR they never DID get into the phone (more likely); but needed a plausible excuse to sabotage their own legal efforts, since it was pretty clear that the Court case was NOT going to go their way, and they didn't want to set THAT Precedent.
Re: (Score:2)
They wanted an out because they did not want a legal precedent set that looked like it was going against them. Simple as that.
Do you have your half-duplex switch set correctly? There seems to be an echo in here.
Re: (Score:2)
They wanted an out because they did not want a legal precedent set that looked like it was going against them. Simple as that.
Do you have your half-duplex switch set correctly? There seems to be an echo in here.
I think that's how everything sounds to the Feds. It's a cacophony of echos and feedback loops, like a church choir warming up backstage.
NAh it ws a two-fer for the fbi (Score:1)
They then arrested the cracker for DMCA violations and got their money back through civil forfeiture. Whilst at the same time being able to claim they reduced computer crime and cut off funding to terrorists and strike a blow against child pornography rings.
Ethics kick in on this one. (Score:4, Interesting)
You know the director will be dragged in on the carpet by congress on the ethics of using hackers at this level.
If they paid them using gov't funds, lets hope they kept track of the funds used.
Re: (Score:2)
They were paid on this one as "consultants" and that comes under the auspices of the GAO and the bean-counters that reside there. Everyone in big government is held accountable, ranging from the d-bag EPA rep up in Alaska to the Oval Office desk-polisher. Keep your receipts and anything over a certain amount requires additional approval!
Do they have a warrant? (Score:2)
Because encryption alone won't stop the state, who will find a way to get in somehow. Especially considering they have access to all the other data products a telecommunications device like a phone produces, without needing one.
Useful information? (Score:2)
Remember: It can be as simple as cutting the power (Score:1)
At the machine's rate of one PIN every 40 seconds, that's only about 111 hours to brute force a 4 digit PIN.
Apple itself (Score:2)
Apple has no interest in running afoul of the US government. What they are concerned about is letting the public know that they cooperated. Do they really care if the FBI gains access to this phone? Of course not. I'd have to guess that Mr. Cook is opposed to terrorism and would like it stopped.
My guess is that this was a shady, unofficial back-alley deal between Apple and the FBI. "Here's how you do it. Here's some hardware to help. You never saw us. We don't exist."
Professional hackers? Like the NSA? (Score:2)
Re: (Score:2)
Re: (Score:2)
FBI has previously noted that the technique it utilized in breaking into the iPhone 5c does not work with any new iPhone models (iPhone 5s or newer).
I wouldn't believe a single word from these assholes.
I wouldn't either; but it is true that after the 5c, all iPhones have the "Secure Enclave" chip, and thus are MUCH harder to crack. So, it is at least plausible.