Hacker Steals 900 GB of Cellebrite Data

An anonymous reader shares a Motherboard report: Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. The breach is the latest chapter in a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies. Cellebrite is an Israeli company whose main product, a typically laptop-sized device called the Universal Forensic Extraction Device (UFED), can rip data from thousands of different models of mobile phones. That data can include SMS messages, emails, call logs, and much more, as long as the UFED user is in physical possession of the phone.

Good

Bad people suck.

Re:Good

[Oswald+McWeany]

Bad people suck.

Good people swallow.

Re:Good

[fbobraga]

Bad people suck.

Good people swallow.

Other people spits

Re: Good

Open borders for Israel.

Re: Good

Anti-semite!

Re:Good

[grep+-v+'.*'+*]

Bad people suck.

Good people swallow.

Sorry?? I thought good people just got screwed. I didn't realize they were actively involved in the process.

Sweet.

[zenlessyank]

2 sets of rules works for no one.

Seriously?

Why in holy hell do these companies continue to keep mission critical systems connected to the internet?

Re:Seriously?

[mlts]

Because security has no ROI...

Re:Seriously?

Nobody makes floppies anymore. How the hell do you think files could be moved around without floppies or the world wide web? It's either or.

Re: Seriously?

Haven't you heard? The cloud is a wonderful thing!

Re: Seriously?

It's too bad nobody invented a storage device that connects via USB.

Re:Seriously?

[taustin]

They don't necessarily. They only have to put their database server on a network that's connected to the internet, and lose control of something else on the network. That's why computers than handle classified information cannot be connected to a network that is capable, at the hardware level, of connecting to the internet. If the wiring's there, it's not secure.

Re:Seriously?

[postbigbang]

Everyone thinks they're immune, even when they use crypto. Then people leave the certs laying around in someone's browser cache, and it's all plain text again.

No one is immune, not me, not you. Rename your dbs to .mp4. Do weird things, low-hanging-fruit things. People stoked up on coffee just swear and move on. Their parsers fail, and their attention span gets wiped.

Don't believe me? Go to CCC and see how many people are wired.

Re: Seriously?

Are you insane?! USB?

Do you want Stuxnet? Because that's how you get Stuxnet.

Re:Seriously?

[zlives]

is this because a breach has no consequnce?

i am sure there is atleast one example out there that showed some real consequences of a breach?!! (real==money)

Re:Seriously?

[SeaFox]

Because security has no ROI...

You forgot the "until customers start going to your competitors because of your shitty security" part.
You can ask any cloud service provider about that.

Re:Seriously?

[RuffMasterD]

Consequences only appear after a breach happens, and nobody thinks a breach will ever happen to them. That only happens to incompetent companies. Anyway, if you prevent a breach from happening, then no breach ever occurs, and the cost of preventing such a breach was money wasted as far as management cares. Better spend that money on bonuses. You do want a bonus this year, don't you?

Two questions

[Locke2005]

1) What's a "cellebrite"? 2) When are slashdot editors going to start using spellcheck to compensate for their dyslexia?

Re: Two questions

[cyber-vandal]

You could read the summary at least.

Re:Two questions

[fbobraga]

Please, read at least a good part of the summary before posting: it's talking about a company, not people

Re:Two questions

[The-Ixian]

Cellebrite was the company that "resolved" the issue for the FBI when they wanted access to a locked iPhone and Apple wouldn't help them by circumventing their own software.

So, enter Cellebrite and their cracking software to the rescue. The FBI then withdrew their request to Apple.

The whole thing was covered ad nauseam and, in my opinion, was largely a publicity stunt by Apple to showcase how secure their device is.

Re:Two questions

One question, how long until pedantry kills you? I'll take your answer in seconds.

Re: Two questions

No, it was a publicity stunt by the FBI to hide the fact that they have had the ability to get into people's iPhones all along.

Re:Two questions

If you don't know who Cellebrite is, why are you here?

Your cracker jack box "geek" card has been revoked.

Re: Two questions

[cfalcon]

I think it was a political stunt to try to soft-ban encryption solutions, by overtly forcing a very prominent privacy oriented company into unlocking their own crypto by pushing in a backdoored update. The end result would be that any company that didn't have a backdoor ready to go for any device or OS that it touched would look like it was standing in opposition to law enforcement, and that this would be considered a legal risk, and therefore, no one would continue making encryption easier and/or more reliable.

Re:Two questions

"a publicity stunt by Apple to showcase how secure their device is"
If they were trying to showcase their security they failed in spectacular fashion. Apples refusal to obey a court order was nothing more than a marketing ploy aimed at convincing the proles that they actually give a shit about privacy.

And going after or harassing an Israeli company is really not the smartest thing to do if you don't want to spend an inordinate amount of time trying to hide from their reprisal if they deem the offense against them requires a response. Israel is the only country on the planet who never asks for permission before they kick the shit out of whoever happens to be threatening them. They don't really give a shit about any political fallout either since they produce some of the best military technology on the planet and all the main foreign powers line up to buy it. US drone technology was built upon on Israeli technology. Israel provides the most advanced short range, mid-range, and ballistic anti-missile technology testing grounds. Any US funding given to Israel in this area is to guarantee access and allows Raytheon and other US military technology firms to partner with the Israeli firms.

Re:Two questions

Better than Apple being an authoritarian cock sucking bootlicker like you.

Re: Two questions

this article said nothing about decrypting more than likely a device thats kiosk like that can get the data off phones and now all that data is public at least thats how i read it.

Re: Two questions

The only reason they have been able to become a high tech and military industry powerhouse is thanks to the endless supply of money that keeps flowing in from the US. There are universities, tech, and medical campuses in Israel that are funded solely by US 'donations.' The entire country functions on favors and shady backroom deals. It is basically a nation equivalent of Hollywood.

Re:Two questions

1) What's a "cellebrite"? 2) When are slashdot editors going to start using spellcheck to compensate for their dyslexia?

Cellulite is the herniation of subcutaneous fat within fibrous connective tissue that manifests topographically as skin dimpling and nodularity, often on the pelvic region, lower limbs, and abdomen

Re:Two questions

This was almost certainly a state sponsored hack and not some kid in his basement. Russia or China or maybe Iran. I would actually bet Russia since selling security exploits and doing exactly what Cellebrite does is like their fastest growing industry. Probably a Russian "competitor" with an okay from the Kremlin since no Russian hacker would dare do anything without political cover first.

Re:Two questions

... cracking software ...

It's so rare to use the word 'cracking' when talking about bypassing cyber-security; thank you. Sometimes I can't blame the media, it's difficult to create a context for the word 'cracking', so the universal word, 'hacking' is used. Then again, sometimes I can: I noticed yesterday, a news show talked about Uber 'hacking' bank accounts: No, fraudulent EFTPOS withdrawals isn't hacking, or cracking an online service.

Re:Two questions

yees yeeees, the mighty russians under every stone ...

Re: Two questions

[cavreader]

Almost all of the money the US has given to Israel over the years could only be used to purchase US military tech. The most recent deal with them is the first time they are allowed to spend a higher percentage on non-US weapons.
"The entire country functions on favors and shady backroom deals"
Can you name one other country on the planet who doesn't do the same thing?

Re:Two questions

The whole thing was covered ad nauseam and, in my opinion, was largely a publicity stunt by Apple to showcase how secure their device is.

And backfired because their device actually isn't secure at all.

Re:Two questions

Better than Apple being an authoritarian cock sucking bootlicker like you.

In the end that's what happened anyway. Apple were proven to be liars and the whole time they didn't need to write a custom OS to be able to get access to the phone at all, that was all just a 100% bullshit tagline. Regardless of your position on this politically you'd have to have Apple's collective hand up your ass operating you like a puppet if you pretend like you can't see their bullshit.

Re: Two questions

[athmanb]

Israel's budget is $70b, and they receive $3b in direct government aid from the US. That creates a whole bunch of weird incentives that pop up when a large amount of the money you spend doesn't come out of your own pocket. And I doubt that since the end of the Soviet Union, there is any other country that finances 5% of its operation through foreign aid. Even Venezuela currently only gets less than $100m a year total, and the Chinese probably aren't spending a lot of money on North Korea either although it's of course impossible to get real numbers there.

Re: Two questions

The majority of that $3B gets fed back into US military technology corporations. That $3B has also given the US some control over what Israeli military technology gets exported to countries such as Russia and China. The only real benefit Israel receives from the US is the US veto powers in the UN. However, Russia or China could provide the same veto powers if Israel decided to seriously downgrade ties with the US. While the US and Europe wring their hands over the Palestinians do you think the Russians or Chinese would let that issue stand in the way of luring Israel away from their relationship with the US?

Good... Good....

[freeze128]

Millions of souls laughed and laughed at this breach, until they realized that the hack could contain their own data.

Too bad they didn't publish the data.

[volodymyrbiryuk]

Too bad they didn't publish the data.

Pot meet Kettle

[nehumanuscrede]

This is a company who specializes in selling products whose purpose is to bypass built in protections in order to gain access to others data without permission.

Am curious how they feel when it happens to them.

Re:Pot meet Kettle

Am curious how they feel when it happens to them.

i'm sure mossad will ensure we never know.

Re:Pot meet Kettle

[BlueStrat]

Am curious how they feel when it happens to them.

i'm sure mossad will ensure we never know.

If the hacker(s) is/are smart the first thing he/they did was set up multiple deadman caches of the data that would automatically splash the data all over the web and physically send multiple copies of the data by multiple means/routes to multiple news/press/media outlets across the world if anything happened to them, as insurance against any possible reprisals/arrests/etc. I would, and I'm no uber-1337 h4x0r. Just in no hurry to find out if there's an afterlife or if my cellmate's name would actually be 'Bubba'. :)

Strat

Re:Pot meet Kettle

[zlives]

i am sure they feel great about the publicity that they can hack "successfully" data on phones. I mean it took FBI like months to figure out to use them.

Re:Pot meet Kettle

[Xest]

I'm actually rather concerned that contrary to the implication in the summary that this is no longer simply citizen hacking but in fact escalation of state sponsored hacking. It seems we're beginning to find out more and more that nation states are engaged in hacking from the hacks we know about for sure such as the North Korean hack of Sony, through to the ones that we can make a reasonable assumption on such as the Russian hacks of the DNC (even Trump finally said on Wednesday he thinks it was the Russians), through to those we simply don't know about.

Even if we step back a few years we had the Syrian cyber army being quite active in it's hacking attempts. Given that Syria worked closely with North Korea on their attempted nuclear program (Syria's nuclear program destroyed by Israel in 2007 was shown to be a clone of North Korea's) then would it really be far fetched to assume that given that North Korea also has strong offensive hacking capabilities that it wasn't engaging with them on that too? Similarly the UEA ClimateGate hack was eventually believed based on analysis to be an act by Russia as it was carried out just days before a major climate conference in 2009 that sought to reduce emissions by cutting fossil fuel use - far and away the foundation of Russia's entire economy so they had clear interest also in sabotaging such an agreement and it worked, the conference was largely a failure as a result.

Of course it's not one sided, we know about Stuxnet being a likely US-Israeli attack, and we know that the five eyes countries have been engaging in these sorts of things for years thanks to the revelations by Snowden. I'm not saying it's just some countries or others doing it, on the contrary, I think everyone is doing it. Frankly I suspect at least some of the purported hacks by anonymous were merely just nation states using the broad anonymous idea as cover for their actions.

Could this Cellebrite hack for example be revenge by Iran for Stuxnet? At this point I do not think that's far-fetched for one minute, though hopefully time will tell.

My concern is that this is getting out of control. How long before this escalates and what we once laughed at as being paranoia, the idea of "cyber war" becomes a reality and someone decides to break a damn, or overload a powerplant? Ukraine already saw last year an outage on their powergrid because of hackers. Thankfully I believe no one died, but how long before someone does and it stops just being a cyber war?

We're learning more and more about this and so far solutions
have been purely political and diplomatic. A couple of years back we were seeing constant hacks on the US from China, and this died down - I saw an article recently explaining what happened, and it turns out that there was more than meets the eye to the US charges against 5 Chinese mentioned here:

https://www.justice.gov/opa/pr...

The images that the US used for these arrest warrants were apparently personal images the US themselves had stolen from these Chinese general's laptops after their own hacks against them. The effect was to send a public message to the Chinese that "we can do it too" and it seems to have been succesful as China/US relations on this front seem to have significantly improved and this seems to have been the driver for the China/US cyber agreement agreed late last year. It appears the Chinese cyber command got spooked when they saw their own non-publicly available data used to provide pictures in arrest warrants against them and forced a whole Chinese reconsideration of the issue.

It's clear therefore that increased state hacking isn't merely the paranoia that people once thought it was and that it's generally becoming more prolific, or at least, we're becoming far more aware of it as time goes on and more information is released. So the point I was going to make in reply to your post was this - I'm

Re:Pot meet Kettle

[BlueStrat]

I'm actually rather concerned that contrary to the implication in the summary that this is no longer simply citizen hacking but in fact escalation of state sponsored hacking.

As true as the things you bring up may be re: State-sponsored hacking, none of that really matters and nor will anyone in the US/Five-Eyes nations be able to appreciably change things until spying on domestic populations by their respective domestic governments in those nations is halted/brought under control. That, by far, is the most immediate and proximate threat, and the most likely to directly and negatively affect the average person in those nations as they try to change the status quo. It is domestic spying that supports companies like Cellebrite, after all, as there logically must be orders of magnitude more cases of the US and other Five-Eyes nations wanting/requesting tools for their domestic use than there are opportunities for use against foreign targets of interest.

Regaining control over Western domestic governments and their intelligence agencies will go far towards being able to control such State sponsored hacking operations as those you refer to and, I would argue, a necessary prerequisite for any meaningful change to occur.

Strat

Re:Pot meet Kettle

[Xest]

I think you're right, but I think it's a similar situation across the globe - realistically spy agencies in Russia, China and so forth shouldn't be doing those things to innocent citizens either so I don't think it's entirely a Western problem.

I think it's a general issue here that governments need to get together and accept that they all need to reign in their agencies before shit really does hit the fan with some mutual agreement to start actually following the Universal Declaration of Human Rights (that governs against this sort of thing), and to start governing cyber operations against each other in the same way military operations are governed against each other - i.e. it's not just some routine thing you do on a whim, and that there are consequences for it.

I mean, let's be clear, the sort of shit you are describing already has in some countries has profoundly damaging real world consequences - the whole arab spring started in Tunisia precisely because overreaching security services eventually pushed one man just that bit too far for example.

So you're absolutely right to point out that uncontrolled security services can cause more harm than good if they are not reigned in appropriately, and if left to go to far, they in themselves can become a catalyst for national collapse as in the arab spring.

Re:Pot meet Kettle

[BlueStrat]

I think you're right, but I think it's a similar situation across the globe - realistically spy agencies in Russia, China and so forth shouldn't be doing those things to innocent citizens either so I don't think it's entirely a Western problem.

Well, it's the same problem in Western nations and Russia, China, etc. Government gaining too much power and control. The only difference being that Russia, China, etc are just further down the same road. We here in Western nations can realistically only affect change in our own nations.

Because our nations are already heading down the total-surveillance road, we can only offer minimal support to those in Russia, China, etc attempting to change things in those nations. We in the West, in order to be able to offer real assistance to the people of those nations, must first get a handle on our own governments, as our governments are our people's main instrument in dealing in foreign affairs. The clock is ticking, as history shows us that once freedom is lost it is highly unlikely to be regained until multiple generations have passed, that is if it is regained at all, which is not assured and becomes less and less likely as time passes.

Strat

What in the world Batman?

Israeli forensics software company owned by a Japanese console game development company? What kind of weird crap is that?

900 GB? How many.,.

...Libraries of Congress is this?

Historic Quote

"I'll grab whoever's and whomever's pussy that I want with whatever and whumever hand is not in my pocket jiggling my junk. It's the American way. Grab one pussy or grab two. You grab me and I'll grab you".

- Donald Trump

Re:Historic Quote

[GLMDesigns]

Funny how you latch on to locker room talk and think it represents a person you don't like but ignore statements like:

"he's clean and articulate" by politicians you do like.

Re:Historic Quote

Ah yes the "But Bill Clinton!!!" comeback. "It's okay for someone on my team to do bad things if I can point out someone else doing something bad."

Re:Historic Quote

Which of these two people was elected president and is now meeting with a french fascist?

Now what?

They get the data and see the applications and attack vectors. Unless they provide software to counter this stuff there is nothing useful here.

Re:Now what?

[MrL0G1C]

Except that Google, Apple, MS et al might have to fix the vulnerabilities if this info is released which it probably will be.

Gay Anal Sex!

Anyone here tried it?

I heard Rob Malda gave timothy AIDS so they both promptly died and kdawson didn't know how to log into his Windows machine without timothy to guide him through typing his user name and password. Only time can tell how long this site will stay up. Will the lone T1 go down, or will the scrappers find the Pentium Pro running the Mandrake Linux server and scavenge it for gold?

Only time will tell.

Re:Gay Anal Sex!

I want to mod you up for the Pentium Pro gold reference, but I just *can't*, I'm so sorry :(

Re:Gay Anal Sex!

NT 4 r0cked on teh Pentium Pro.

Re:Gay Anal Sex!

nt4 was the DEC Alpha dream workstation.

Mandrake Linux is for Slackware wannabees and LinuxFromScratch noobs. I endorse TurboLinux for my high performance desktop needs.

Gay Butt Sex is amazing!!

kdawson. Now that's a name I've not heard in a long time. A long time...

Re:Gay Butt Sex is amazing!!

kdawson. Now that's a name I've not heard in a long time. A long time...

Did you hear it in a galaxy far, far away...?

Help is on its way

[troll+-1]

Does Giuliani know about this?

DNC

It's not DNC so who cares..

anti-anti-semite

Anti-anti-semite!

Pythonesque

Those responsible for hacking the people who have just been hacked have been hacked.

There, I fixed that for you...

Hacker Steals 900 GB of Cellebrite Data

Should read:

Hacker Copies 900 GB of Cellebrite Data

I'm pretty sure that Cellebrite still has the data.

Waah waah waah

But Billy peed under his chair!!!

littlekids.