Slashdot Mirror

← Back to Stories (view on slashdot.org)

FBI Paid More Than $1 Million For San Bernardino 'Hack' (cbsnews.com)

Posted by BeauHD on from the right-tool-for-the-job dept.

An anonymous reader writes: FBI Director James Comey has indicated the bureau paid more than $1 million for the method used to hack into the iPhone 5c belonging to one of the San Bernadino shooters. How did he allude to it? He said the FBI paid more money than he would make in the time left as FBI director. He makes just under $200,000 a year based on public files and has over seven years left on his term. "How much did you pay for this software?" Comey was asked. "A lot," he said. "More -- let's see. More than I will make in the remainder of this job, which is seven years and four months, for sure," Comey said. "And so it's a -- but it was in my view, worth it, because it's a tool that helps us with a 5c running iOS 9, which is a bit of a corner case, increasingly as the devices develop and move on to the 6 and 6s and whatnot and iOS's change, but I think it's very, very important that we get into that device." Comey said.

64 of 99 comments (clear)

  1. Guess We'll Never Know... by sycodon · · Score: 4, Funny

    ...what they found on the phone.

    My guess....porn.

    --
    When Fascism comes to America, it will call itself Anti-Fascism, and tell you to give up your guns.
    1. Re:Guess We'll Never Know... by JackieBrown · · Score: 4, Interesting

      The government is just pissed Apple beat them in the war of public opinion and that they said no to the government.

      That is why we keep hearing them say now that Apple devices are not secure and trying to hurt Apple in a new war of public opinion.

      I wish there would be a push back against the government's use of Apple phones and make public officials give them up since they are apparently so "insecure."

    2. Re:Guess We'll Never Know... by Anonymous Coward · · Score: 3, Interesting

      Nothing of importance. We know they already were given a copy of the information on the phone from Apple (most recent backup), of which they found nothing. The FBI then themselves said they don't believe they would find anything important, but decided to push through with it anyways. Now they've gotten in, and haven't announced they found anything interesting, so guess what that means?

    3. Re:Guess We'll Never Know... by Hussman32 · · Score: 4, Insightful

      Funny, but it's even worse...they confirmed that they did not contact other people during the 18 minute window that they were trying to close, and they called it useful information.

      They knew that the shooters went out of their way to destroy every single electric device they owned, yet they demanded to know that the phone was not used for unlawful purposes. And they paid someone a fortune who probably looked up how to do it on /.

      That's not a good use of taxpayer money to make a point.

      --
      "Who are you?" "No one of consequence." "I must know." "Get used to disappointment."
    4. Re:Guess We'll Never Know... by Ol+Olsoc · · Score: 2

      ...what they found on the phone.

      My guess....porn.

      Million dollar porn.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    5. Re:Guess We'll Never Know... by Anonymous Coward · · Score: 1

      Million dollar porn.

      Bionic?

    6. Re:Guess We'll Never Know... by Ol+Olsoc · · Score: 1

      Million dollar porn.

      Bionic?

      Shemale midget scat porn.

      --
      The shepherds did so well protecting the flock that the sheep no longer believed that wolves existed.
    7. Re:Guess We'll Never Know... by ooloorie · · Score: 2, Insightful

      The government is just pissed Apple beat them in the war of public opinion and that they said no to the government.

      Maybe among Apple fans, not among the public at large.

      That is why we keep hearing them say now that Apple devices are not secure and trying to hurt Apple in a new war of public opinion.

      By Apple's own admission, Apple devices are not secure.

    8. Re:Guess We'll Never Know... by Rande · · Score: 2

      Shemale midget scat donkey porn. ...Sorry, I meant 'interspecies erotica'.

    9. Re:Guess We'll Never Know... by AbRASiON · · Score: 1

      Very little if the rumours are true (it's his WORK phone and he deliberately destroyed his personal phone) one would conclude if he's smart enough to destroy the personal one deliberately, then clearly the work one had fuck all on it.

    10. Re:Guess We'll Never Know... by thunderclap · · Score: 1

      Rule 34

    11. Re:Guess We'll Never Know... by sumdumass · · Score: 2

      Unfortunately that is a common mistake. The 72 virgins is interpreyed wrongly. They are perpetual virgins which means you would be surrounded by 72 twelve year old sisters and it is supposed to represent the worst kind of hell there is.

    12. Re:Guess We'll Never Know... by sumdumass · · Score: 1

      Well, if you're going to invoke rule 34, I would like to request a guitar in one hand and kitten slippers on her feet in addition. Perhaps some clown make-up too.

      Uhh.. i gotta go do something.

    13. Re:Guess We'll Never Know... by rmdingler · · Score: 1
      Relax... nothing valuable was lost here.

      They just purchased the usual $5 wrench at normal government markup.

      --
      Happiness in intelligent people is the rarest thing I know.

      Ernest Hemingway

    14. Re:Guess We'll Never Know... by Anonymous Coward · · Score: 1

      No, what was lost was $999,995 worth of schools, or healthcare, or tuition aid, or any number of other more socially useful things.

    15. Re:Guess We'll Never Know... by qwijibo · · Score: 2

      The funds would never have been available for those purposes anyway.

      No government would fund those, else how would they convince people of the need to raise taxes? Do you think it's a coincidence that education, law enforcement, etc are always underfunded, no matter how many times those reasons are used to justify new taxes, bonds, etc?

      If the net result is that the FBI spends that much less time and resources going after people who violate federal statutes against pot in states where it was been legalized, lets call it a reduced-loss for society as a whole and move on.

    16. Re:Guess We'll Never Know... by ooloorie · · Score: 2

      The FBI has a $8.1b budget and they are going to spend it. Apparently, that's far more than they need, which is why they engage in lots of sting operations and want to criminalize more and more of our daily lives. If they waste $1m on a computer consultant to do anything, that's $1m they can't waste on operations that actually do harm.

      If you don't want this kind of waste, you need to vote for people who will cut the FBI's budget; complaining about how they end up spending the money that was budgeted for them is silly.

    17. Re:Guess We'll Never Know... by Coren22 · · Score: 1

      Bullshit, please show a single citation for that "fact" you offer up. If they already had the data, there would have been no case.

      --
      APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?
  2. How many hackers? by JoeMerchant · · Score: 4, Insightful

    Assuming these guys are really, really good, and worth a billable rate of $250/hr - if they pulled off the job in under 90 days, were there 10+ of them on the job, or did the FBI just pay a super premium for a high profile case to make a political statement?

    1. Re:How many hackers? by alvinrod · · Score: 5, Insightful

      It's the government. When you're used to $500 hammers, a $1 million phone hack hardly matters. Part of the cost could simply be that whatever was done would make it obvious how the hack works so it's really only a one-time sale for the person doing the hacking.

      But considering that the hacked device yielded no useful information, I think the only statement that the FBI has made is that they're fucking idiots.

    2. Re:How many hackers? by rhysweatherley · · Score: 2

      Or the hackers know that they'll be faced with a huge legal shitstorm if their name is ever revealed and need the $1 million to cover their liability just in case.

    3. Re:How many hackers? by Anonymous Coward · · Score: 2, Informative

      If it really cost $1 million, I want to know if they found anything useful or not, without some bullshit delay until everyone forgets about it.

      No, they did not.

      but I think it's very, very important that we get into that device." Comey said.

      They didn't GET into the device, past tense.
      They aren't IN that device, present tense.

      But he is hopeful at some time in the far future he may GET INTO that device, future tense.

    4. Re:How many hackers? by tlhIngan · · Score: 4, Interesting

      Assuming these guys are really, really good, and worth a billable rate of $250/hr - if they pulled off the job in under 90 days, were there 10+ of them on the job, or did the FBI just pay a super premium for a high profile case to make a political statement?

      Or they paid the going rate.

      iOS vulnerabilities and zero-days really are that expensive, because there's so few of them. I mean, there was one last year - 3 prizes of $1M each to break iOS, and only one of the three available was claimed.

      It's why Apple doesn't bother with bug bounties - if people are willing to pay $1M for it, even a $100,000 bug bounty is too little.

      It's not that iOS is bug-free, far from it. It's really because Apple has hardened the entry points that results in breaking in requiring an elaborate set of steps and timing to get in. And the perceived value of the data.

      The FBI didn't overpay, they just paid the going rate.

    5. Re:How many hackers? by AchilleTalon · · Score: 1

      For 250$/hr you get a lame lawyer, why do you expect to get a really, really good hacker for that price?

      --
      Achille Talon
      Hop!
    6. Re:How many hackers? by mysidia · · Score: 2

      But considering that the hacked device yielded no useful information, I think the only statement that the FBI has made is that they're fucking idiots.

      They were going on a fishing expedition...... Seeing as they had no real reason to believe the phone would have contained evidence of a crime. They just figured that since they knew who the criminals were, there might be a chance that they left some incriminating artifact on their cell phones ---- whose nature they were only guessing.

      If they had put that $1 million into actual legwork, true sleuthing and investigative work on this case early on, and no lazy "Hope to scan their phones bullshit", then they might have solved whatever mystery remained open.

    7. Re:How many hackers? by JoeMerchant · · Score: 1

      Lame, and good, lawyers work regularly, and command those stupidly exhorbitant hourly rates throughout decades of their career. It's an established market rate that large numbers of people are willing to pay.

      "Really really good hackers" are sniffing around for a major payday, and many eat Ramen noodles in their parents' basement while they wait for the "big one" to hit, while others work day jobs no more glamorous than average people. As others mentioned above, if that mega-payday comes from the private sector - people spending their own money, then fine - that's value for money. I don't think my government should be splashing out lottery payouts any time they want to make a point.

    8. Re:How many hackers? by tom229 · · Score: 1

      This is hardly a "hack". Think for a second how iPhone encryption is designed. Your phone is likely encrypted with a weak numeric pin code. This is so trivial to brute force that phones have to have "kill switches" in place to limit the number of attempts. Encrypted data is not volatile, while a program that monitors your number of attempts to access it is. Therefore what's stopping you from mounting that non-volatile data outside of its natural container and brute forcing it? Well, the method used to encrypt the data. They would only need to find someone that knew this. Any number is security researchers and former Apple employees would probably qualify.

      --
      If it ain't broke, don't fix it.
    9. Re:How many hackers? by Rakarra · · Score: 1

      It's not necessarily that it's the government, but if the hacking group was the only one with the knowledge of the hack, and they knew the government was quite eager to have it, then they get to charge a premium. Name their own price. Obviously something one "One Billion Dollars" wasn't going to fly, but they found a price that the government was willing to give up.

  3. Re:Total HAXX, man! by __aaclcg7560 · · Score: 1

    Just a cool million, for what exactly?

    Cat videos.

  4. Sounds like it was very cheap by gurps_npc · · Score: 2

    Glad to know that my ex-girlfriend can't pay someone to do it on her salary.

    But it sounds a lot cheaper than the legal case would have been if they had tried to go through the courts.

    Morons should have started with that option, not used it only after Apple complained.

    --
    excitingthingstodo.blogspot.com
    1. Re:Sounds like it was very cheap by Anonymous Coward · · Score: 1

      Agreed. What girl in her right mind would want to break up with GP?

    2. Re:Sounds like it was very cheap by Col.+Klink+(retired) · · Score: 1

      Just because that's the price the FBI paid doesn't mean your girlfriend would have to pay the same price. The government has been known, from time to time, to overpay for things.

      --

      -- Don't Tase me, bro!

    3. Re:Sounds like it was very cheap by thegarbz · · Score: 2

      But it sounds a lot cheaper than the legal case would have been if they had tried to go through the courts.

      Morons should have started with that option, not used it only after Apple complained.

      You're talking as if this was about the FBI wanting access to a specific phone.

  5. And yet... by BigU+03C0mpin · · Score: 2

    Basic income is too much money for nothing.

    1. Re:And yet... by JoeMerchant · · Score: 1

      Universal Basic Income for 350 million people is many orders of magnitude more expensive than a one-time boondoggle for $2M. Every three letter agency in the Federal government can go out and blow $2M a week on stupid stuff, and that doesn't amount to UBI for more than about 100,000 people: less than 0.03% of the population (assuming 10 TLAs).

    2. Re:And yet... by rjhubs · · Score: 1

      Luckily, just today we had a story about a $400 billion govt boondoggle

    3. Re:And yet... by zlives · · Score: 1

      and the 1.5 trillion iraq boondoggle, not sure the total in afghanistan.

    4. Re:And yet... by JoeMerchant · · Score: 2

      Those larger boondoggles employ millions of people. Unfortunately, they disrupt the economy, force retraining onto the working class - migration to find employment, mass consumption of natural resources, and piss off the rest of the world in the process, but there are some jobs for awhile.

    5. Re:And yet... by ceoyoyo · · Score: 2

      So you're saying it's just like universal basic income except it's not so universal, quite a bit more than basic, and it requires the recipients to waste resources, piss people off and kill some for good measure?

    6. Re:And yet... by JoeMerchant · · Score: 1

      As they say: "It ain't perfect, but there are plenty of worse examples to study - and few better."

  6. Yeah, right. by Bob_Who · · Score: 3, Insightful

    So they pick up the yellow pages and call "Hackers R Us" and hire a million dollar zero day exploit for an Apple 5c so they can find any information not already captured in the telco's network traffic. What a load of crap. Nothing about this story, the preposterous claim of the value of `anything on an iphone that is not already a matter of record in telecommunication logs sounds like complete baloney. I don't believe a word of what these liars are saying. Not a word of it. If they really believe there is anything of value on a cell phone that does not involve actual network transmission then I would like to know what that is. Lets be clear here - if its on an encrypted iPhone, and it never involved a network connection or transmission, then why does it even matter? If they really think there is anything more of real value then perhaps they should pursue all of the known connections. Or how about, don't shoot ten thousand bullets into the suspects after you have them completely surrounded by armies of law enforcement. Perhaps if these gun slinging assholes stopped to think about the value of a living terrorist over a dead one we wouldn't be wasting tax payer dollars on their bad learning curve on common sense.

    1. Re:Yeah, right. by zlives · · Score: 1

      no no they called the elite C0m3y Consortium... nothing to see here

    2. Re:Yeah, right. by tom229 · · Score: 1

      All they would need to find is someone with knowledge of the specific encryption algorithm used in iPhones. With that it should then be relatively simple to mount the data externally and brute force the password (probably a simple pin code). So more likely someone approached them who had that knowledge (perhaps a former Apple employee or just a dedicated reverse engineer) and said "Hey, know that problem you have? How about a million dollars? " Apple cost you this money. They knew very well it was this easy to do.

      --
      If it ain't broke, don't fix it.
  7. Clever way to launder money by Trachman · · Score: 1

    This could be a clever way to pay launder money from FBI.

    Here is how it works:

        - FBI hacker finds a flaw, but does not tell the boss.
        - You tell your boss that you have a cousin who can o stuff
        - Your boss pays your cousin $1M. What you and your cousin do is between you two.

    Quite frankly, FBI hack was useless. FBI said that they found something valuable, but they only said to justify the expense. They found that he did not communicate with anybody else. THAT, they already knew anyway.

    1. Re:Clever way to launder money by dwillden · · Score: 1

      Or more likely it's all designed to push sales of newer iPhones. They've said repeatedly that this only works on older devices. So Apple recruited the FBI to increase sales by scaring people in to rushing out and updating older but still fully functional devices. This was it doesn't look like an ad campaign, and they get tons of global Airtime pushing the name of Apple as being secure. Especially if you have a device newer and better than the 5c.

      It's all Marketing.

      (yes I am joking. I hope.)

      --
      I'm too lazy to compose a creative sig.
  8. Why does the FBI director have such a long term? by swb · · Score: 2

    I guess I thought that FBI directors served at the pleasure of the President, but thinking back on recent history it seems like there has always been a continuity of FBI directors regardless of Presidential elections. I'm kind of mentally excluding Hoover, who mostly kept his job because the Presidents in his era were afraid of his blackmail files and he generally made himself into a useful bully on their behalf.

    But 10 years? That sounds a little too secure, too much like a master of an empire and not a public servant. I don't buy any functional reason to keep a single director that long, either. The Chairman of the Joint Chiefs and the CIA director don't serve that long.

    Surely in a democratic-oriented country changing one's police leaders regularly is just good hygiene.

  9. Lies by ArchieBunker · · Score: 4, Insightful

    Nearly everything the FBI says so far is a lie. Why should I believe this statement?

    --
    Only the State obtains its revenue by coercion. - Murray Rothbard
    1. Re:Lies by Anonymous Coward · · Score: 1

      FBI is an anagram for FIB

    2. Re:Lies by sociocapitalist · · Score: 1

      Nearly everything the FBI says so far is a lie. Why should I believe this statement?

      Because it's not limited. "paid more than $1 million" could be anything above a million. There is no upper limit.

      So why not say something like this? It could have been 10 million or 100 million. There's no lie in the statement and yet most people will assume that 'more than a million' means something like 1.2 million which is probably palatable to the great milling masses of sheep-ass taxpayers.

      --
      blindly antisocialist = antisocial
  10. "US taxpayers paid more than $1 Million..." by davidwr · · Score: 2

    There, fixed that for you.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  11. Like the FBI cares... by s.petry · · Score: 5, Insightful

    It's OUR money they paid, not THEIR money. The FBI gets it's money from tax payers, and exists because of tax payers.

    This is the same issue with all of Government really. The Government is always better off when they are not accountable for spending. I just wonder if they will use this as ammo to convince tax payers that we need a bigger GAO to investigate this incident and others just like it.

    Before you say it, Anarchy is not the only or even best alternative. There is a whole lot of space between anarchy and our current overly bloated Government.

    --

    -The wise argue that there are few absolutes, the fool argues that there are no probabilities.

    1. Re:Like the FBI cares... by JoeMerchant · · Score: 1

      In the 60s, Anarchy was the best apparent alternative to being drafted and sent to die in a war that nobody believed in.

      Today, I think Transparency is the better revolution - attainable with our technology, and worth trying. If only we could get people to believe in and vote for a Transparency party that could gain real traction in the Legislature and Courts.

    2. Re:Like the FBI cares... by SuricouRaven · · Score: 1

      There the 'crypto-anarchy' approach, which focuses on solving political issues through technological means. Transparency is a big part of that.

  12. Re:Subject of Comment by gweihir · · Score: 1

    In the area of government waste of taxpayer money, 1 million is not even a small blip...

    --
    Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
  13. Perspective by Tablizer · · Score: 1

    Considering we spend hundreds of billions bombing and fighting in countries over terrorism and potential terrorism, this is a bargain.

    --
    Table-ized A.I.
    1. Re:Perspective by Plus1Entropy · · Score: 1

      Yeah, less than 1 millionth the price of either recent war, and probably more effective at fighting terrorism since it didn't foster new ones.

      --
      Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
  14. Believe everything you hear by axewolf · · Score: 1

    Especially from the government
    ESPECIALLY from the FBI
    SUPEREXTRASPECIALLY if they make a months-long media spectacle of it

    cuz its true :))))

  15. Re:why must our tax dollars be spent on this? by GrahamCox · · Score: 1

    Yes, it's a waste of taxpayer's money. But the solution isn't joining the Tea Party. That's like saying the only way to fix a leak in your roof is to move your entire house inside another building that has a non-leaky roof.

  16. FBI did not pay for that hacking by TheGratefulNet · · Score: 1

    WE PAID FOR IT.

    taxes.

    did we get any say in this? of course not.

    will there be any reasonable return on this 'investment' ? of course not! everyone who cares will be dumping this model of phone as soon as they possibly can.

    nice that our fbi ASSHOLES waste money on ego bullshit. really nice.

    (god dammit so much!)

    --

    --
    "It is now safe to switch off your computer."
    1. Re:FBI did not pay for that hacking by sumdumass · · Score: 1

      And how do you know it is just ego bullshit? I'll tell ya, it is because they bragged about it instead of keeping it quiet so it would preserve some value for a while longer. . Now every one who cares will be getting a new phone.

  17. Re:Why does the FBI director have such a long term by SuricouRaven · · Score: 3, Interesting

    Standard process: Appointed by president, confirmed by senate. The term is ten years, but in practice almost every single director has left before their term is up. I'm surprised the appointment is not more politically contested, given that the director is in a position to influence what crimes the FBI focuses on and thus to advance either party agenda easily.

  18. Re:Why does the FBI director have such a long term by Sara+Chan · · Score: 2

    The Director's term is long in order to make the position less political. The Director has a lot of power; so it would be very bad if the Director was strongly partisan. Making the Director's term longer than the maximum term of a president (2*4 years) provides a strong incentive to the president (who appoints the Director) to appoint someone who will be negligibly partisan.

  19. Re:why must our tax dollars be spent on this? by Plus1Entropy · · Score: 1

    Yep, because that's what the Tea Party is about. Until you ask them what they want to cut, and they say foreign aid and... well... hmm.

    --
    Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
  20. Re:Why does the FBI director have such a long term by swb · · Score: 1

    Not really buying this logic -- what exactly have lifetime appointments done for partisanship on the Supreme Court? And why wouldn't we worry about partisanship in the CIA or military leadership, with the former being at least nominally more risky due to its clandestine nature.

    I would think that you could avoid partisanship in selection by making his term expire two years after a new President takes the oath, thus guaranteeing his post will outlast that of the President who elected him.