Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Government The Almighty Buck Encryption IOS Iphone Privacy Security Software Apple News Hardware Technology Your Rights Online

FBI Paid More Than $1 Million For San Bernardino 'Hack' (cbsnews.com) 99

An anonymous reader writes: FBI Director James Comey has indicated the bureau paid more than $1 million for the method used to hack into the iPhone 5c belonging to one of the San Bernadino shooters. How did he allude to it? He said the FBI paid more money than he would make in the time left as FBI director. He makes just under $200,000 a year based on public files and has over seven years left on his term. "How much did you pay for this software?" Comey was asked. "A lot," he said. "More -- let's see. More than I will make in the remainder of this job, which is seven years and four months, for sure," Comey said. "And so it's a -- but it was in my view, worth it, because it's a tool that helps us with a 5c running iOS 9, which is a bit of a corner case, increasingly as the devices develop and move on to the 6 and 6s and whatnot and iOS's change, but I think it's very, very important that we get into that device." Comey said.
This discussion has been archived. No new comments can be posted.

FBI Paid More Than $1 Million For San Bernardino 'Hack'

Comments Filter:
  • by sycodon ( 149926 ) on Thursday April 21, 2016 @04:46PM (#51959839)

    ...what they found on the phone.

    My guess....porn.

    • by JackieBrown ( 987087 ) on Thursday April 21, 2016 @04:53PM (#51959913)

      The government is just pissed Apple beat them in the war of public opinion and that they said no to the government.

      That is why we keep hearing them say now that Apple devices are not secure and trying to hurt Apple in a new war of public opinion.

      I wish there would be a push back against the government's use of Apple phones and make public officials give them up since they are apparently so "insecure."

      • Re: (Score:3, Insightful)

        by ooloorie ( 4394035 )

        The government is just pissed Apple beat them in the war of public opinion and that they said no to the government.

        Maybe among Apple fans, not among the public at large.

        That is why we keep hearing them say now that Apple devices are not secure and trying to hurt Apple in a new war of public opinion.

        By Apple's own admission, Apple devices are not secure.

        • Relax... nothing valuable was lost here.

          They just purchased the usual $5 wrench at normal government markup.

          • by Anonymous Coward

            No, what was lost was $999,995 worth of schools, or healthcare, or tuition aid, or any number of other more socially useful things.

            • by qwijibo ( 101731 )
              The funds would never have been available for those purposes anyway.

              No government would fund those, else how would they convince people of the need to raise taxes? Do you think it's a coincidence that education, law enforcement, etc are always underfunded, no matter how many times those reasons are used to justify new taxes, bonds, etc?

              If the net result is that the FBI spends that much less time and resources going after people who violate federal statutes against pot in states where it was been legalized
          • The FBI has a $8.1b budget and they are going to spend it. Apparently, that's far more than they need, which is why they engage in lots of sting operations and want to criminalize more and more of our daily lives. If they waste $1m on a computer consultant to do anything, that's $1m they can't waste on operations that actually do harm.

            If you don't want this kind of waste, you need to vote for people who will cut the FBI's budget; complaining about how they end up spending the money that was budgeted for the

    • Re: (Score:3, Interesting)

      by Anonymous Coward

      Nothing of importance. We know they already were given a copy of the information on the phone from Apple (most recent backup), of which they found nothing. The FBI then themselves said they don't believe they would find anything important, but decided to push through with it anyways. Now they've gotten in, and haven't announced they found anything interesting, so guess what that means?

      • Bullshit, please show a single citation for that "fact" you offer up. If they already had the data, there would have been no case.

    • by Hussman32 ( 751772 ) on Thursday April 21, 2016 @05:49PM (#51960423)

      Funny, but it's even worse...they confirmed that they did not contact other people during the 18 minute window that they were trying to close, and they called it useful information [cnn.com].

      They knew that the shooters went out of their way to destroy every single electric device they owned, yet they demanded to know that the phone was not used for unlawful purposes. And they paid someone a fortune who probably looked up how to do it on /.

      That's not a good use of taxpayer money to make a point.

    • ...what they found on the phone.

      My guess....porn.

      Million dollar porn.

    • Very little if the rumours are true (it's his WORK phone and he deliberately destroyed his personal phone) one would conclude if he's smart enough to destroy the personal one deliberately, then clearly the work one had fuck all on it.

  • How many hackers? (Score:5, Insightful)

    by JoeMerchant ( 803320 ) on Thursday April 21, 2016 @04:51PM (#51959897)

    Assuming these guys are really, really good, and worth a billable rate of $250/hr - if they pulled off the job in under 90 days, were there 10+ of them on the job, or did the FBI just pay a super premium for a high profile case to make a political statement?

    • by alvinrod ( 889928 ) on Thursday April 21, 2016 @04:56PM (#51959939)
      It's the government. When you're used to $500 hammers, a $1 million phone hack hardly matters. Part of the cost could simply be that whatever was done would make it obvious how the hack works so it's really only a one-time sale for the person doing the hacking.

      But considering that the hacked device yielded no useful information, I think the only statement that the FBI has made is that they're fucking idiots.
      • by mysidia ( 191772 )

        But considering that the hacked device yielded no useful information, I think the only statement that the FBI has made is that they're fucking idiots.

        They were going on a fishing expedition...... Seeing as they had no real reason to believe the phone would have contained evidence of a crime. They just figured that since they knew who the criminals were, there might be a chance that they left some incriminating artifact on their cell phones ---- whose nature they were only guessing.

        If they had pu

      • by Rakarra ( 112805 )

        It's not necessarily that it's the government, but if the hacking group was the only one with the knowledge of the hack, and they knew the government was quite eager to have it, then they get to charge a premium. Name their own price. Obviously something one "One Billion Dollars" wasn't going to fly, but they found a price that the government was willing to give up.

    • Or the hackers know that they'll be faced with a huge legal shitstorm if their name is ever revealed and need the $1 million to cover their liability just in case.
    • by s.petry ( 762400 ) on Thursday April 21, 2016 @05:34PM (#51960295)

      It's OUR money they paid, not THEIR money. The FBI gets it's money from tax payers, and exists because of tax payers.

      This is the same issue with all of Government really. The Government is always better off when they are not accountable for spending. I just wonder if they will use this as ammo to convince tax payers that we need a bigger GAO to investigate this incident and others just like it.

      Before you say it, Anarchy is not the only or even best alternative. There is a whole lot of space between anarchy and our current overly bloated Government.

      • In the 60s, Anarchy was the best apparent alternative to being drafted and sent to die in a war that nobody believed in.

        Today, I think Transparency is the better revolution - attainable with our technology, and worth trying. If only we could get people to believe in and vote for a Transparency party that could gain real traction in the Legislature and Courts.

        • There the 'crypto-anarchy' approach, which focuses on solving political issues through technological means. Transparency is a big part of that.

    • Re:How many hackers? (Score:5, Interesting)

      by tlhIngan ( 30335 ) <slashdot@worf.ERDOSnet minus math_god> on Thursday April 21, 2016 @06:00PM (#51960529)

      Assuming these guys are really, really good, and worth a billable rate of $250/hr - if they pulled off the job in under 90 days, were there 10+ of them on the job, or did the FBI just pay a super premium for a high profile case to make a political statement?

      Or they paid the going rate.

      iOS vulnerabilities and zero-days really are that expensive, because there's so few of them. I mean, there was one last year - 3 prizes of $1M each to break iOS, and only one of the three available was claimed.

      It's why Apple doesn't bother with bug bounties - if people are willing to pay $1M for it, even a $100,000 bug bounty is too little.

      It's not that iOS is bug-free, far from it. It's really because Apple has hardened the entry points that results in breaking in requiring an elaborate set of steps and timing to get in. And the perceived value of the data.

      The FBI didn't overpay, they just paid the going rate.

    • For 250$/hr you get a lame lawyer, why do you expect to get a really, really good hacker for that price?
      • Lame, and good, lawyers work regularly, and command those stupidly exhorbitant hourly rates throughout decades of their career. It's an established market rate that large numbers of people are willing to pay.

        "Really really good hackers" are sniffing around for a major payday, and many eat Ramen noodles in their parents' basement while they wait for the "big one" to hit, while others work day jobs no more glamorous than average people. As others mentioned above, if that mega-payday comes from the private s

    • by tom229 ( 1640685 )
      This is hardly a "hack". Think for a second how iPhone encryption is designed. Your phone is likely encrypted with a weak numeric pin code. This is so trivial to brute force that phones have to have "kill switches" in place to limit the number of attempts. Encrypted data is not volatile, while a program that monitors your number of attempts to access it is. Therefore what's stopping you from mounting that non-volatile data outside of its natural container and brute forcing it? Well, the method used to encry
  • by gurps_npc ( 621217 ) on Thursday April 21, 2016 @04:58PM (#51959959) Homepage

    Glad to know that my ex-girlfriend can't pay someone to do it on her salary.

    But it sounds a lot cheaper than the legal case would have been if they had tried to go through the courts.

    Morons should have started with that option, not used it only after Apple complained.

    • Just because that's the price the FBI paid doesn't mean your girlfriend would have to pay the same price. The government has been known, from time to time, to overpay for things.

    • But it sounds a lot cheaper than the legal case would have been if they had tried to go through the courts.

      Morons should have started with that option, not used it only after Apple complained.

      You're talking as if this was about the FBI wanting access to a specific phone.

  • Basic income is too much money for nothing.
    • Universal Basic Income for 350 million people is many orders of magnitude more expensive than a one-time boondoggle for $2M. Every three letter agency in the Federal government can go out and blow $2M a week on stupid stuff, and that doesn't amount to UBI for more than about 100,000 people: less than 0.03% of the population (assuming 10 TLAs).

      • by rjhubs ( 929158 )
        Luckily, just today we had a story about a $400 billion govt boondoggle
        • by zlives ( 2009072 )

          and the 1.5 trillion iraq boondoggle, not sure the total in afghanistan.

          • Those larger boondoggles employ millions of people. Unfortunately, they disrupt the economy, force retraining onto the working class - migration to find employment, mass consumption of natural resources, and piss off the rest of the world in the process, but there are some jobs for awhile.

            • by ceoyoyo ( 59147 )

              So you're saying it's just like universal basic income except it's not so universal, quite a bit more than basic, and it requires the recipients to waste resources, piss people off and kill some for good measure?

  • Yeah, right. (Score:4, Insightful)

    by Bob_Who ( 926234 ) on Thursday April 21, 2016 @05:04PM (#51960033) Journal

    So they pick up the yellow pages and call "Hackers R Us" and hire a million dollar zero day exploit for an Apple 5c so they can find any information not already captured in the telco's network traffic. What a load of crap. Nothing about this story, the preposterous claim of the value of `anything on an iphone that is not already a matter of record in telecommunication logs sounds like complete baloney. I don't believe a word of what these liars are saying. Not a word of it. If they really believe there is anything of value on a cell phone that does not involve actual network transmission then I would like to know what that is. Lets be clear here - if its on an encrypted iPhone, and it never involved a network connection or transmission, then why does it even matter? If they really think there is anything more of real value then perhaps they should pursue all of the known connections. Or how about, don't shoot ten thousand bullets into the suspects after you have them completely surrounded by armies of law enforcement. Perhaps if these gun slinging assholes stopped to think about the value of a living terrorist over a dead one we wouldn't be wasting tax payer dollars on their bad learning curve on common sense.

    • by zlives ( 2009072 )

      no no they called the elite C0m3y Consortium... nothing to see here

    • by tom229 ( 1640685 )
      All they would need to find is someone with knowledge of the specific encryption algorithm used in iPhones. With that it should then be relatively simple to mount the data externally and brute force the password (probably a simple pin code). So more likely someone approached them who had that knowledge (perhaps a former Apple employee or just a dedicated reverse engineer) and said "Hey, know that problem you have? How about a million dollars? " Apple cost you this money. They knew very well it was this easy
  • This could be a clever way to pay launder money from FBI.

    Here is how it works:

    - FBI hacker finds a flaw, but does not tell the boss.
    - You tell your boss that you have a cousin who can o stuff
    - Your boss pays your cousin $1M. What you and your cousin do is between you two.

    Quite frankly, FBI hack was useless. FBI said that they found something valuable, but they only said to justify the expense. They found that he did not communicate with anybody else. THAT, they a

    • Or more likely it's all designed to push sales of newer iPhones. They've said repeatedly that this only works on older devices. So Apple recruited the FBI to increase sales by scaring people in to rushing out and updating older but still fully functional devices. This was it doesn't look like an ad campaign, and they get tons of global Airtime pushing the name of Apple as being secure. Especially if you have a device newer and better than the 5c.

      It's all Marketing.

      (yes I am joking. I hope.)
  • by swb ( 14022 ) on Thursday April 21, 2016 @05:09PM (#51960087)

    I guess I thought that FBI directors served at the pleasure of the President, but thinking back on recent history it seems like there has always been a continuity of FBI directors regardless of Presidential elections. I'm kind of mentally excluding Hoover, who mostly kept his job because the Presidents in his era were afraid of his blackmail files and he generally made himself into a useful bully on their behalf.

    But 10 years? That sounds a little too secure, too much like a master of an empire and not a public servant. I don't buy any functional reason to keep a single director that long, either. The Chairman of the Joint Chiefs and the CIA director don't serve that long.

    Surely in a democratic-oriented country changing one's police leaders regularly is just good hygiene.

    • by SuricouRaven ( 1897204 ) on Friday April 22, 2016 @01:06AM (#51962377)

      Standard process: Appointed by president, confirmed by senate. The term is ten years, but in practice almost every single director has left before their term is up. I'm surprised the appointment is not more politically contested, given that the director is in a position to influence what crimes the FBI focuses on and thus to advance either party agenda easily.

    • The Director's term is long in order to make the position less political. The Director has a lot of power; so it would be very bad if the Director was strongly partisan. Making the Director's term longer than the maximum term of a president (2*4 years) provides a strong incentive to the president (who appoints the Director) to appoint someone who will be negligibly partisan.
      • by swb ( 14022 )

        Not really buying this logic -- what exactly have lifetime appointments done for partisanship on the Supreme Court? And why wouldn't we worry about partisanship in the CIA or military leadership, with the former being at least nominally more risky due to its clandestine nature.

        I would think that you could avoid partisanship in selection by making his term expire two years after a new President takes the oath, thus guaranteeing his post will outlast that of the President who elected him.

  • Lies (Score:5, Insightful)

    by ArchieBunker ( 132337 ) on Thursday April 21, 2016 @05:12PM (#51960115)

    Nearly everything the FBI says so far is a lie. Why should I believe this statement?

    • by Anonymous Coward

      FBI is an anagram for FIB

    • Nearly everything the FBI says so far is a lie. Why should I believe this statement?

      Because it's not limited. "paid more than $1 million" could be anything above a million. There is no upper limit.

      So why not say something like this? It could have been 10 million or 100 million. There's no lie in the statement and yet most people will assume that 'more than a million' means something like 1.2 million which is probably palatable to the great milling masses of sheep-ass taxpayers.

  • There, fixed that for you.

  • Considering we spend hundreds of billions bombing and fighting in countries over terrorism and potential terrorism, this is a bargain.

    • Yeah, less than 1 millionth the price of either recent war, and probably more effective at fighting terrorism since it didn't foster new ones.

  • Especially from the government
    ESPECIALLY from the FBI
    SUPEREXTRASPECIALLY if they make a months-long media spectacle of it

    cuz its true :))))

  • WE PAID FOR IT.

    taxes.

    did we get any say in this? of course not.

    will there be any reasonable return on this 'investment' ? of course not! everyone who cares will be dumping this model of phone as soon as they possibly can.

    nice that our fbi ASSHOLES waste money on ego bullshit. really nice.

    (god dammit so much!)

    • And how do you know it is just ego bullshit? I'll tell ya, it is because they bragged about it instead of keeping it quiet so it would preserve some value for a while longer. . Now every one who cares will be getting a new phone.

No spitting on the Bus! Thank you, The Mgt.

Working...