Slashdot Mirror
FBI Paid Professional Hackers One-Time Fee To Crack San Bernardino iPhone
There's another new wrinkle in the never-ending FBI vs Apple saga. The Washington Post is claiming that FBI did not require Cellebrite's assistance in hacking San Bernardino iPhone. Instead, the report claims, the government intelligence organization bought a previously unknown security bug from a group of professional hackers. According to the report, the hacker group provided FBI with at least one zero-day flaw in the iPhone 5c's security, which enabled FBI to circumvent the lockscreen and other security features. The bug hasn't been disclosed. FBI has previously noted that the technique it utilized in breaking into the iPhone 5c does not work with any new iPhone models (iPhone 5s or newer).
i was telling people that the FBI was lying and Cellbright did not sell them anything to do this...
Remember kids, DO NOT TRUST law enforcement. they are not there for your protection.
Do not look at laser with remaining good eye.
how is someone selling a bug exploit to someone else illegal?, or are you assuming everyone who calls themselves hackers are doing illegal stuff and have found the exploits illegally?
In two weeks they'll come out and say that the phone was never cracked at all and that they just wanted to set a precedent.
Just kidding, why would they lie. /s
Have you ever fallen asleep at the keybhanusdiog?
if these guys can do it, and the FBI can now do it, then ANYONE can do it. The chinese, north korea, data theives -
and the american government wants to force companies to put shit like this in their software on PURPOSE?
It will be something more embarrassing than that: cat videos.
It was John McAfee! The FBI didn't admit it because they still want to see him eat a shoe!
Which has more power: the hammer, or the anvil?
Do the same (pay a hacker to break a giant's product) and go to jail.
jes sayin'
"FBI has previously noted that the technique it utilized in breaking into the iPhone 5c does not work with any new iPhone models (iPhone 5s or newer). "
GO GET ONE!!! (And we already broke 5s, so don't bother expecting better provacy)
So tell us great sage, who should we turn to for help against criminals, Apple?
Give them a little time - assuming the phone has actually been cracked - and they'll come out and say that they found all kinds of terrorism-related material on the phone. Then they'll start telling us that this is why we shouldn't be able to have encryption or privacy and restart the fight to get laws passed banning it, because terrorism and for the children.
After they "cracked" the San Bernardino phone the FBI publicly came out and said they would use the information they gleaned to start assisting local law enforcement agencies to crack iPhones for their cases as well. I guess that was a bold-face lie, told to make Apple look bad to their security-conscious customers who are concerned that the FBI now has the ability to crack iPhones.
The story is that the FBI was looking for a contact list: people or organizations to be considered for further investigation. If such a list contained Joe's Pizza, Al's Garage, and 9 people named Mohammed, some of that list is likely to be terrorist related.
It's a question of looking for likely suspects, and being on the list is by itself not evidence of guilt.
Contribute to civilization: ari.aynrand.org/donate
He's saying they're lying again. Them money given to the "professional hacking group" was sent to a slush fund and Apple probably updated the individual phone's firmware to allow the crack, something they can do on any other iphone.
If video games influenced behavior the Pac Man generation would be eating pills and running away from their problems.
I really wonder which hackers they hired... someone they are investigating, or just a dark web personal ad from Estonia. The more they say the more idiotic they sound. The FBI sounds as inefficient as the TSA and Congress. A bunch of blowhards with authority that can't get the job done properly because nobody trusts or likes how they operate. Public servants that are always at odds with the public, and never have any good news to report. Nevertheless, never getting the job done is the only job security that exists anymore.
They then arrested the cracker for DMCA violations and got their money back through civil forfeiture. Whilst at the same time being able to claim they reduced computer crime and cut off funding to terrorists and strike a blow against child pornography rings.
Yeah. As a general rule of thumb, I would expect reality to be roughly the opposite of what they claim.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
They paid a one time fee for an exploit. That exploit could in theory work on any iPhone 5c (unpatched), and there are plenty of those waiting around in evidence lockers.
If the article stated somewhere that the FBI paid for a one-time crack only, not the exploit itself (which is stupid beyond belief for a government agency) then I'm sorry.
and a potential boon for Apple as all these customers still using last year's model now have to upgrade to this year's models!
Unlikely. It was Farouk's work phone, and he and his wife had personal phones. Before the attack, he and his wife made sure to destroy their personal phones. They left this one alone so either he forgot about it or there was nothing on it worth destroying. Even Bernandino County officials admitted they suspected the phone had little information on it.
Well, there's spam egg sausage and spam, that's not got much spam in it.
And the information they'll provide is: "Here use these guys. Don't tell anyone who you paid."
Well, there's spam egg sausage and spam, that's not got much spam in it.
You know the director will be dragged in on the carpet by congress on the ethics of using hackers at this level.
If they paid them using gov't funds, lets hope they kept track of the funds used.
First rule of holes; When in one, stop digging.
Because encryption alone won't stop the state, who will find a way to get in somehow. Especially considering they have access to all the other data products a telecommunications device like a phone produces, without needing one.
My ism, it's full of beliefs.
being on the list is by itself not evidence of guilt.
You keep telling yourself that when your contact info shows up on a suspected terrorist's phone and you are hauled off for extensive interrogation.
They paid a one time fee for an exploit. That exploit could in theory work on any iPhone 5c (unpatched), and there are plenty of those waiting around in evidence lockers.
If the article stated somewhere that the FBI paid for a one-time crack only, not the exploit itself (which is stupid beyond belief for a government agency) then I'm sorry.
Actually, that was one of Apple's less-successful models in terms of sales numbers. So, I would imagine that, while there are undoubtedly some in evidence rooms, they are not as prevalent as some of the other models.
and a potential boon for Apple as all these customers still using last year's model now have to upgrade to this year's models!
The 5c was three revisions ago at this point. Do try to keep up.
Not at all. This whole thing was one big security circus. Apple got tons of free press and saved it's face, FBI got what it wanted - a precedent. An local police has a new best friend.
Only one who got fucked in this deal is you, dear tax payer.
You're so full of shit it's running out of your ears.
Apple got as much negative press as positive. Maybe more. There are a BUNCH of people that still think that Apple is marketing to Terrists. THAT kind of publicity really DOESN'T fall under the adage of "Any publicity is good publicity."
Also, the FBI got NO legal precedent. They FOLDED, right before they were going to court for that, probably because the Amicus Curiae Briefs and even some really high-up Government Officials in the Intelligence Sector in support of Apple were piling up as high as the sky, and the FBI was AFRAID of the "Precedent" they WERE going to set...
how is someone selling a bug exploit to someone else illegal?, or are you assuming everyone who calls themselves hackers are doing illegal stuff and have found the exploits illegally?
If they are selling it on the open market to the highest bidder without vetting who they are selling it to then yes they are a criminal too.
FBI has previously noted that the technique it utilized in breaking into the iPhone 5c does not work with any new iPhone models (iPhone 5s or newer).
I wouldn't believe a single word from these assholes.
I wouldn't either; but it is true that after the 5c, all iPhones have the "Secure Enclave" chip, and thus are MUCH harder to crack. So, it is at least plausible.
Have you had Joe's Pizza? It's so good it should be criminal.
Considering how common the name Mohammed is, your statement could read:
and be just as meaningless. Unless you know something about Joe's Pizza that you're not telling the rest of us.
My question is: Have they said whether they found useful information on the phone? (Not that I necessarily trust them to answer that truthfully at this stage.)
And they couldn't get that information from the telecommunications provider?
If they are selling it on the open market to the highest bidder without vetting who they are selling it to then yes they are a criminal too.
How so? What laws are being broken?
If you want news from today, you have to come back tomorrow.
As likely as not a bald-faced lie to make Apple look good. They can probably hack into any Iphone now, but made a big show about a legal case against Apple and now to buy an exploit into an almost obsolete phone as a distraction. People especially bad actors will stay with Apple thinking they are secure.
Apocalypse Cancelled, Sorry, No Ticket Refunds
Keep in mind that the exploit could be as simple as brute forcing the PIN and cutting the power after each unsuccessful attempt: http://blog.mdsec.co.uk/2015/0...
At the machine's rate of one PIN every 40 seconds, that's only about 111 hours to brute force a 4 digit PIN.
Do try to keep up.
And the benefit in doing that would be...?
So...about a year-and-a-half, then.
But it also needed some custom hardware created to make use of the exploit. So unless they are going to build hardware for all the police departments out there, or have them send the phones off to the FBI, it isn't going to do much good.
-- ssoorrrryy,, dduupplleexx sswwiittcchh oonn.. -Quote found on actual fortune cookie.
The lying they did and folding at the last minute should count as precedent anyway. The next judge should say to the FBI, "you lied to the court last time about a large number of things. dismissed with prejudice!".
-- ssoorrrryy,, dduupplleexx sswwiittcchh oonn.. -Quote found on actual fortune cookie.
To be fair it's actually pretty weird to know 9 separate people named John and even weirder to have only them and a couple small local businesses in you phone contacts.
So...about a year-and-a-half, then.
Nope, sorry.
The iPhone 5C was released in September, 2013.
The iPhone SE (which is the closest thing to an heir-apparent to the 5C, and is also the most-recent model) was shipped in the U.S. and several other countries starting on March 31, 2016.
By my estimation, that is around 2 1/2 years. And in that time, there has been the 5s, the 6 and the 6s in between the 5C and the SE. So that actually sounds like FOUR revisions, not even counting concurrent variants, like the 6 plus and the 6s plus.
The lying they did and folding at the last minute should count as precedent anyway. The next judge should say to the FBI, "you lied to the court last time about a large number of things. dismissed with prejudice!".
We can but hope!
If they are selling it on the open market to the highest bidder without vetting who they are selling it to then yes they are a criminal too.
How so? What laws are being broken?
They've already fought this is court many times. They can get you for aiding a criminal. They use it all the time in the war on drugs. They bust contractors for digging tunnels and installing secret compartments in cars even if the person didn't ever touch the drugs.
How can the evidence have integrity at that rate?
The story is that the FBI was looking for a contact list
The contact list as evidence is sound and has a full chain of custody.
The state department that owns the phone asked the FBI to request the last iCloud backup from Apple, which Apple provided the next day.
That was at least one if not two weeks before the FBIs request to decrypt the phone.
In fact the FBI had in their posession the entire iCloud backup (All contacts, SMS and iMessage destinations, all apps installed, all photos and music data, etc)
From the phone company the FBI had full call records, recorded call contents (thanks AT&T!), plus all SMS destinations and the contents.
They were also fully aware he didn't even try to wipe his work phone, in fact he left it on his desk at work before doing his killing spree thing. Didn't even try dropping it on the floor or using the microwave trick or anything.
His personal iPhone however was fully wiped and factory reset, no iCloud backup ever made, and was physically destroyed and recovered in many pieces.
It would take an FBI agent to not realize where the incriminating evidence was actually stored...
What they did is in violation of the DMCA -- not that I agree with the DMCA, but the law is the law. Malum prohibitum -- they are criminals.
Will
remove nospam. to email!
To be fair it's actually pretty weird to know 9 separate people named John and even weirder to have only them and a couple small local businesses in you phone contacts.
.
These kids today don't remember the Lectroid invasion...
Strange things are afoot at the Circle-K.
You keep telling yourself that when your contact info shows up on a suspected terrorist's phone and you are hauled off for extensive interrogation.
Fine with me. I either know nothing which I invite them to verify, or I do know something and I will readily share with them since I'm not a fan of terrorists.
Apple has no interest in running afoul of the US government. What they are concerned about is letting the public know that they cooperated. Do they really care if the FBI gains access to this phone? Of course not. I'd have to guess that Mr. Cook is opposed to terrorism and would like it stopped.
My guess is that this was a shady, unofficial back-alley deal between Apple and the FBI. "Here's how you do it. Here's some hardware to help. You never saw us. We don't exist."
There is a law here that says that you can get charged for making someone angry, yes that is a law, in practice someone can report you to the police for walking inside your own home becuase that made them angry, does it mean I am a criminal because I am potentially making someone angry for walking inside my own home?
same thing here, I can potentially be charged for aiding a criminal but that doesnt mean that I am a criminal before when I did not
doesnt i depends on where they sold it?, just becuase the fbi bought it doesnt mean they bought the fix in the us and thus the DMCA would not apply
doesnt i depends on where they sold it?, just becuase the fbi bought it doesnt mean they bought the fix in the us and thus the DMCA would not apply, same answer as above
The agency they should have turned to for help in the first place?
There is a law here that says that you can get charged for making someone angry, yes that is a law, in practice someone can report you to the police for walking inside your own home becuase that made them angry, does it mean I am a criminal because I am potentially making someone angry for walking inside my own home?
same thing here, I can potentially be charged for aiding a criminal but that doesnt mean that I am a criminal before when I did not
That's like saying that you bear no responsibility for selling weapons, bomb making material, or nuclear material to ISIS. If you have good reason to suspect that what you're selling is going to be used by a criminal to do a crime then that makes you a criminal or at least an accomplice. Sure there are neutral cases like selling a hunting rifle that later is used in a crime but there are also cases where there's a high probability that the other person is a criminal and you shouldn't participate in the transaction. This goes for engineers too. If you are asked to design a product whose primary purpose is likely to be criminal then you shouldn't participate.
And yet, they're clearly spread thin and underfunded in a lot of places. The same places defeat community policing measures. Because taxes. And the public is outraged, just outraged, that things are then relegated to minimal police response due to this reality. Reminds me of the nursing profession. Snake head? Meet snake tail!
So whats the harm of finding bugs in a software\hardware?, why is it criminal?, there are alot of people that do that and then tell the companies for rewards, they could have read about the phone in the news and then later decided to find some vulnerability to sell to the fbi only, is that criminal?
What lying would that be? That I don't consider a single person reviewing your code to be enough to be considered safe? That is the truth, and is true of many people. You are the developer, it is your job to engender trust in users by having code reviews done by many people, it isn't my job to blindly trust that your software won't turn my computer into a zombie.
Also, replying to ACs now and trying to claim that they are me? Grow up little one.
EAT YOUR WORDS Coren22 by ac (your bridge bs gave you away & I remember EVERYTHING...)
HAHAHAHHA, you mean YOUR bridge bullshit. You are the one who claimed you were using bridges to anonymize yourself. You are the one with a lack of basic knowledge of networking that thought a bridge would do things that it plainly cannot do.
https://en.wikipedia.org/wiki/...
Learn about technology before trying to claim you are an expert it in. I didn't claim you were using a bridge, you did.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Holy hell, are you a moron?
You use a bridge connection to the internet?? That is like begging to be hacked, and inviting the trouble!
You claim you are a "security expert" and you run a bridged connection, which is the exact opposite of security, as it means you are turning off the firewall?
Wow, just wow, I think I have now lost any possible respect I could have had for you, you know nothing about security, and have now proven it.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Keep walking it back, you are the one who claimed you bridged your router, not I.
Yeah, the brain damage is strong in this one, does it come with an inability to admit when you were wrong?
https://slashdot.org/comments....
I used BRIDGED router firewalls to my cable modem
So, keep it up, this is great entertainment for me.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
Keep walking it back. You can't say anything to change what you claimed, all the proof is here in this thread that you know nothing about network security. You keep posting more and more digging the hole deeper and deeper.
http://slashdot.org/comments.p...
You can keep bringing it up, but it doesn't change anything. You are the one claiming that you are using a bridge to get by the Slashdot posting limits, as it that is even possible. You are now trying to claim that bridging your connection is the same thing you were talking about then, and that it is better security than a firewalled connection. Next you change the story again, it is now a bridged cable modem hooked to a router! So, how does that bridge help you post on Slashdot while normal ACs have serious posting limits that you so easily bypass? How is a bridged connection the exact same thing as a bridge to a router, and adds to your proxying of your connection?
https://slashdot.org/comments....
I have consistently refuted all your points, yet you keep bringing them up, without changing a damn thing. Here is where I go through your whole DNS vs hosts shit posting and explain why it is a terrible way to do it.
https://slashdot.org/comments....
Here you are saying you would stop the shitposting, but you couldn't resist, could you?
I have the popcorn cooking, this shit is entertaining. I love tearing apart your comments, it is great entertainment for me, as you can't actually fight your way out of a wet paper bag, and you make the same arguments over and over like they are somehow novel or correct the more they are said. Oh, and then you claim to have won the argument, because you say so.
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?