Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Hires Corporate Security Chief Amid Legal Battle With FBI (fortune.com)

Posted by BeauHD on from the protecting-thy-assets dept.

An anonymous reader writes: Apple has hired a new security executive to oversee its corporate digital defenses as a result of the ongoing battle with the U.S. government over law enforcement's desire to crack into the San Bernardino shooter's iPhone 5c. George Stathakopoulos, former vice president of information security at Amazon.com and before that Microsoft's general manager of product security, is the new appointee designated to be the vice president of corporate information security. Stathakopoulos will be responsible for protecting corporate assets, such as the computers used to design products and develop software, as well as data about customers. The new hire is a sign of increased focus on security issues at Apple.

61 comments

  1. Comment removed by account_deleted · · Score: 3, Insightful

    Comment removed based on user account deletion

  2. Watch out for infiltration by ameline · · Score: 3, Insightful

    If I were them I'd be pretty careful about who I hired and what I had them do. I'm pretty sure their security/crypto engineers are long-time employees who have demonstrated their trustworthiness over the years.

    I certainly wouldn't put it past the NSA/FBI/CSIS/GCHQ/FSB etc to try to get people on the inside.

     

    --
    Ian Ameline
    1. Re:Watch out for infiltration by Noah+Haders · · Score: 3, Insightful

      this is why it's so dangerous to create a "one-time unlock key", even if it stays in apple's possession rather than going to the FBI. Once exists, it will become the hottest industrial espionage target. NOMORESECRETS

    2. Re:Watch out for infiltration by Anonymous Coward · · Score: 3, Funny

      But he once worked for Microsoft, the industry example of security.

    3. Re:Watch out for infiltration by dsmatthews9379 · · Score: 1

      So Apple just has to "un-exist" it when they are done. Develop and use it in a clean room, then destroy the contents of the room once they hand over the pin to the FBI, if it turns out that the FBI has a constitutional right to demand Apples assistance. You are worrying about the wrong things, this has never been a technical issue, it is a matter of law which has yet to be settled through due process.

    4. Re:Watch out for infiltration by dsmatthews9379 · · Score: 1

      All they have to do is compromise an existing staff member, same goes for any other foreign state or non-state group. Therefore what Apple needs to do is be very careful that they don't have any key employees with habits or secrets that could be used to black mail them. In fact that risk has always existed and your comment is pretty much redundant.

    5. Re:Watch out for infiltration by toonces33 · · Score: 2

      The main thing the FBI needs is the signing certificate. Undoubtedly this is something that Apple keeps tight control over, but at the end of the day it is just a file on disk somewhere.

    6. Re:Watch out for infiltration by shawn2772 · · Score: 3, Informative

      So Apple just has to "un-exist" it when they are done. Develop and use it in a clean room, then destroy the contents of the room once they hand over the pin to the FBI, if it turns out that the FBI has a constitutional right to demand Apples assistance.

      Oh, and then re-create it for each of the next 200 phones the FBI wants into... making sure that no copies every leak, each time.

      This case isn't about Farook's phone. Everyone knows there's nothing of use on it anyway... anything of value would have been on one of his burner phones, which the FBI knows he had and knows he destroyed, not on the phone that he knew was being backed up to iCloud under an employer-owned account. This is all about the precedent. The FBI picked this phone because "terrorist!", but even they don't care about this one. It's all about the rest.

    7. Re:Watch out for infiltration by spire3661 · · Score: 1

      The matter of law IS settled. The FBI is trying to go around the law. There are limits to what the government can do, the FBI just reached it. Either they back off or they are going to continue to get egg on their face. Crypto is here and its not going anywhere. They picked a fight they cant win.

      --
      Good-bye
    8. Re:Watch out for infiltration by Anonymous Coward · · Score: 0

      Hey.

      Shit happens.

    9. Re:Watch out for infiltration by Anonymous Coward · · Score: 1

      > Crypto is here and its not going anywhere. They picked a fight they cant win.

      You said it!

      If you use crypto but give someone else a key, you have no control over your data. You have zero security.

      The idea that we can "balance" the need for individual security with national security by weakening encryption is a dog that won't hunt.

    10. Re:Watch out for infiltration by Anonymous Coward · · Score: 0

      yeah... this one guy knows all the ins and outs of the security of the top 3 corps? If he wasn't a mole before, he is now. Surely he's getting offers he can't refuse.

    11. Re:Watch out for infiltration by Anonymous Coward · · Score: 0

      Even if there are some employees with skeletons in their closets, it's unlikely that any one engineer would know enough by themselves to crack all of the security measures and even if they did when would they find the time to work on it? Even engineers are still human and need time to eat and sleep. This might be more of an issue if the tool already existed and all the double agent had to do was facilitate access or exfiltrate the finished product, but even then it's hard to imagine the circumstances. This isn't like the old days when photographing documents on microscopic film and walking out the door with it was all you needed to do. Things are a bit more complex these days.

    12. Re:Watch out for infiltration by TheGratefulNet · · Score: 2

      you think 'staff members' have full *important* code access?

      ha!

      the more important the code is, the higher up you have to have authorization to even KNOW about. at least any real company does that. you can't even see some dirs unless you are authorized.

      --

      --
      "It is now safe to switch off your computer."
    13. Re:Watch out for infiltration by Anonymous Coward · · Score: 0

      Yes! Needle meet haystack. It would be like finding one certain grain of sand on a California beach. Sounds easy to me! NOT!

    14. Re:Watch out for infiltration by Anonymous Coward · · Score: 0

      What're the odds the NSA doesn't already have Apple's signing key and the source code, or couldn't get it without an effort to compromise the company? This incident isn't, and has never been, about getting access to the contents of the shooter's phone. It's about the FBI getting the legal power to read anything they want with a warrant and allowing the NSA/DHS easy access without one.

    15. Re:Watch out for infiltration by swb · · Score: 1

      You would think that really important stuff like the signing keys would be stored in a special room more akin to a bank vault than anything else. Probably with 365/24 armed security and probably something that requires two people to go in at the same time so that no one person is alone with the equipment and a completely audit trail of the computer inside.

    16. Re:Watch out for infiltration by gnasher719 · · Score: 1

      Oh, and then re-create it for each of the next 200 phones the FBI wants into... making sure that no copies every leak, each time.

      One possibility would be to unlock the phone, send an appropriate bill (some major six digit number), and see if they really want the next phone unlocked at that cost.

    17. Re:Watch out for infiltration by ameline · · Score: 1

      The signing keys are almost certainly on secure signing modules. These will not allow the key to leave the module -- they will only sign blobs with it. They can be configured to require n of m access tokens -- passwords, biometrics, & physical tokens. So to sign a new SIF, it would require 3 or 4 employees all entering their passwords, fingerprints and secure tokens (usually USB dongles of some sort) This module itself will be in a very secure room -- behind several locked doors. It will not be connected to any network. The binary blobs to be signed will be brought in on USB keys.

      It would be useless to hand over they module without the passwords, tokens and fingerprints of the authorizers.

      --
      Ian Ameline
    18. Re:Watch out for infiltration by shawn2772 · · Score: 1

      Oh, and then re-create it for each of the next 200 phones the FBI wants into... making sure that no copies every leak, each time.

      One possibility would be to unlock the phone, send an appropriate bill (some major six digit number), and see if they really want the next phone unlocked at that cost.

      The FBI would just argue in court that Apple can't substantiate that cost, and get the court to find that they don't have to pay, or only have to pay a reduced amount. Especially for the nth device.

      Slippery slope arguments are generally fallacious, but not always, and this case really is a slippery slope.

    19. Re:Watch out for infiltration by gnasher719 · · Score: 1

      The FBI would just argue in court that Apple can't substantiate that cost, and get the court to find that they don't have to pay, or only have to pay a reduced amount. Especially for the nth device.

      Apple would then argue in court that since the FBI refuses to pay Apple's cost, this constitutes an unacceptable burden.

    20. Re:Watch out for infiltration by Agripa · · Score: 1

      Why wouldn't Apple be able to substantiate the cost? They would know how much time and effort went into creating the program earlier.

      Or are you suggesting that the court would penalize them for destroying something they had no reason to preserve?

    21. Re:Watch out for infiltration by shawn2772 · · Score: 1

      Apple couldn't substantiate a six digit cost because it wouldn't cost that much. Not every time.

  3. Re: Good move by Anonymous Coward · · Score: 1

    This. Obama is a DINO so everything he does is the fault of Republicans.

  4. Re:How do I get one of those gigs ? by __aaclcg7560 · · Score: 1

    Seriously, how does someone break into this scene ?

    Besides being extremely qualified, you need to be in the right place at the right time. That's how I got my job in government IT. Recruiter called me out of the blue. I applied for position, went through the interviews and filled out the paper work. Took six months to get everything in order. I'm finishing my second year on a prime contract that's fully funded for another three years. Although I get paid federal holidays off, 20 Paid Time Off (PTO) days per year, and a full benefit package, I'm making 40% less than I would make in a private sector job.

  5. Re: Good move by Anonymous Coward · · Score: 0

    Like his law that requires us to give money to corporations or pay a tax. ACA is so -pukian.

  6. Re: Good move by Anonymous Coward · · Score: 0

    He only does what the Republicans tell him to do.

  7. Illegal intrusions? nah. by Anonymous Coward · · Score: 0

    i'd be more inclined to say this guys job will be to make sure all the drives are wiped, if the government wins.
    That is, of course, if this whole thing isn't a farce after all.

    1. Re:Illegal intrusions? nah. by Anonymous Coward · · Score: 0

      So he's installing electromagnetic doorframes at every apple facility just in case the snowcrash protocol is required?

    2. Re:Illegal intrusions? nah. by Anonymous Coward · · Score: 0

      More like centralized drive encryption with key wipe capability.

    3. Re:Illegal intrusions? nah. by Coren22 · · Score: 1

      Those are two different books. The electromagnetic doorframe was in Cryptonomicon.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  8. Re:How do I get one of those gigs ? by __aaclcg7560 · · Score: 1

    I love my critics in the peanut gallery.

  9. Apple security by Anonymous Coward · · Score: 0

    Apple will increase security on devices, cloud instances and corporate assets. It is time to remove ALL country claims from Apple customer assets. You cannot comply with a legal claim you have zero access to.

  10. Re: How do I get one of those gigs ? by Anonymous Coward · · Score: 0

    So, when you stroked, licked, sucked and lovingly caressed that government bigger cock, did you spit or did you swallow every wriggling sperm cell of that warm, salty, gooey cum?

  11. Re:How do I get one of those gigs ? by Anonymous Coward · · Score: 0

    Because you are a moron?

  12. Microsoft's general manager of product security by Anonymous Coward · · Score: 0

    Welp, if there's one thing Microsoft is famous for, it's producing secure products.

    Maybe next they can hire Kaylee Anthony to do some babysitting.

    1. Re:Microsoft's general manager of product security by Anonymous Coward · · Score: 0

      You mean Casey Anthony. Kaylee was the daughter.

  13. Re:How do I get one of those gigs ? by __aaclcg7560 · · Score: 1

    Nah, it just shows how popular I'm on Slashdot.

  14. Re: How do I get one of those gigs ? by Anonymous Coward · · Score: 0

    Slob Tim Cook's knob. He's a homo after all.

  15. Re:How do I get one of those gigs ? by Anonymous Coward · · Score: 0

    That's a lot of effort to troll him, rechecking your AC comments for responses. You seem butthurt kid.

  16. Wow by Anonymous Coward · · Score: 0

    and before that Microsoft's general manager of product security

    Not something I'd put on my resume...

  17. Re: How do I get one of those gigs ? by Type44Q · · Score: 1

    How do you know it was warm?

  18. Huh by Anonymous Coward · · Score: 0

    If they don't tell the truth... They may hide an awful truth. It happened before, and will happen again.

  19. Re:Good move by AHuxley · · Score: 1

    PRISM worked well and never had any internal problems.
    The end result will be a court ready master key, conscripted from any US brand or a rediscovery of strong crypto.

    --
    Domestic spying is now "Benign Information Gathering"
  20. Why don't by rossdee · · Score: 3, Insightful

    why don't they just buy the entire FBI
    I am sure President Donald will give them a good deal...

    1. Re:Why don't by tsa · · Score: 1

      Probably because Donald isn't president yet.

      --

      -- Cheers!

    2. Re:Why don't by Anonymous Coward · · Score: 0

      ... President Donald will ...

      Tonight's entertainment is The mad world of Donald Trump and an op-ed.

  21. Apple hires WHOM?!? by Anonymous Coward · · Score: 0

    Apple hired somebody who used to be responsible for the level of security of Microsoft products?!?

    I'm guessing this is a concession to the FBI.

  22. Re: How do I get one of those gigs ? by __aaclcg7560 · · Score: 1

    Blame Bill Gates. If he built a secured operating system from the beginning, I wouldn't have the job security that comes from fixing Windows five days a week.

  23. Re:Good move by frovingslosh · · Score: 5, Insightful

    before that Microsoft's general manager of product security

    I wonder if he was in charge of Microsoft product security when they turned over the source code for most of the computers used in the U.S. to the Chinese government.

    --
    I'm an American. I love this country and the freedoms that we used to have.
  24. Re:Good move by Aighearach · · Score: 2

    Even going back to the 90s, the major customers had the source, including India.

    Writing drivers was a PITA, major device vendors had the source.

    It isn't secret, only proprietary and not available for general distribution.

  25. Re:How do I get one of those gigs ? by Anonymous Coward · · Score: 0

    No mate....I'm not talking "consulting"...I get $1000/day for doing that now... I'm talking the big, fat CISO gig..... $500k-800k + salary package, options, bonuses, the whole enchilada.

    If I wanted a $250k/year gig I've got that now. I'm thinking wayyyyyyy beyond that.

  26. Insert map trap equivalents. by niftymitch · · Score: 1

    Apple needs to renew the insertion of Map Trap equivalents in their sources.

    https://www.gislounge.com/map-...

    Done correctly they are an easy way to watermark your code and
    sets of them can be searched for from time to time.

    your_ardvark(Ants_in_Pants_timer_knob) /*about 15 seconds this is 15 year old code */

    Let's see how long it takes for google to find the one above.

    --
    Truth is stranger than fiction, but it is because Fiction is obliged to stick to possibilities; Truth isn't. Mark Twain.
  27. To all the pro-gun anti-encryption folks by Chewbacon · · Score: 1

    Encryption: it's like a gun for your info. 128-bit, 256-bit. It's as big of gun as you want it to be!

    --
    Chewbacon
    The Bible is like Wikipedia: written by a bunch of people and verifiable by questionable sources.
  28. Re: How do I get one of those gigs ? by Anonymous Coward · · Score: 0

    To be honest Apple didn't had a secured operating system until 2001.

  29. Re: How do I get one of those gigs ? by Alypius · · Score: 1

    Said the Bernie supporter who wants more government programs...

  30. Total sense by paiute · · Score: 1

    The guy's last name alone is an unbreakable password.

    --
    If Slashdot were chemistry it would look like this:Cadaverine