Slashdot Mirror

← Back to Stories (view on slashdot.org)

Israel-Based Vendor Cellebrite Can Unlock Every iPhone, including the Current-Gen iPhone X, That's On the Market: Forbes (forbes.com)

Posted by msmash on from the security-woes dept.

Cellebrite, an Israel-based company, knows of ways to unlock every iPhone that's on the market, right up to the iPhone X, Forbes reported on Monday, citing sources. From the report: Cellebrite, a Petah Tikva, Israel-based vendor that's become the U.S. government's company of choice when it comes to unlocking mobile devices, is this month telling customers its engineers currently have the ability to get around the security of devices running iOS 11 . That includes the iPhone X, a model that Forbes has learned was successfully raided for data by the Department for Homeland Security back in November 2017, most likely with Cellebrite technology.

The Israeli firm, a subsidiary of Japan's Sun Corporation, hasn't made any major public announcement about its new iOS capabilities. But Forbes was told by sources (who asked to remain anonymous as they weren't authorized to talk on the matter) that in the last few months the company has developed undisclosed techniques to get into iOS 11 and is advertising them to law enforcement and private forensics folk across the globe. Indeed, the company's literature for its Advanced Unlocking and Extraction Services offering now notes the company can break the security of "Apple iOS devices and operating systems, including iPhone, iPad, iPad mini, iPad Pro and iPod touch, running iOS 5 to iOS 11." Separately, a source in the police forensics community told Forbes he'd been told by Cellebrite it could unlock the iPhone 8. He believed the same was most probably true for the iPhone X, as security across both of Apple's newest devices worked in much the same way.

81 of 146 comments (clear)

  1. It's a bit disturbing to me by Anonymous Coward · · Score: 5, Insightful

    Our government works so hard to bypass security protocols for consumer technology. OK, so perhaps I'm naive. But a government what works for it's citizens should not be so focused on breaking into our computers without due process. (thank you Patriot Act).

    1. Re:It's a bit disturbing to me by alvinrod · · Score: 5, Insightful

      A government that worked for its people would be helping companies like Apple, Google, etc. to harden their security systems instead of trying to pry into them. That may make it more difficult for law enforcement to arrest or convict a few people, but it does significantly more to protect citizens from scammers and other threats.

      I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up, we wouldn't be seeing massive data breaches every few months.

    2. Re:It's a bit disturbing to me by Anonymous Coward · · Score: 1

      Ostensibly, the reason for breaking common encryption is because our adversaries are also using the same encryption in their efforts to undermine our security. At face value I don't think anyone would object to our country using all assets at its disposal to gather intelligence that could possibly save lives. The problem comes when our own privacy and liberty are undermined to achieve this objective.

    3. Re:It's a bit disturbing to me by viperidaenz · · Score: 3, Insightful

      Your government isn't working hard to bypass iPhone security.

      They just paid a private company to do it for them. Doesn't sound like they have any need to focus on it at all.

    4. Re:It's a bit disturbing to me by Nukenbar · · Score: 1

      There currently doesn't exist a way to get into many locked phones WITH due process.

      These tools may allow a locked phone to be searched after a search warrant is issued.

    5. Re:It's a bit disturbing to me by dj245 · · Score: 4, Insightful

      Our government works so hard to bypass security protocols for consumer technology. OK, so perhaps I'm naive. But a government what works for it's citizens should not be so focused on breaking into our computers without due process. (thank you Patriot Act).

      Israel's approach to cybersecurity is very different than the USA. Firstly, a majority of citizens must serve in the military for around 2-3 years. The cybersecurity division of their armed forces is quite substantial. Then, many if not most of those trained individuals are turned loose in the private sector. The skills learned in the military are very transferable to private practice, even if the exact vulnerabilities that a servicemember found in the military are classified and can not be used. Is it any surprise that Israel has a comparatively high percentage of cybersecurity companies?

      The US system appears to work mostly in reverse (to an outside observer). The NSA and other agencies find vulnerabilities and then keep them secret. Turnover to and from the private sector isn't as high as the Israeli system. The US military sector does a comparatively worse job training these skills and distributing them to the market, where they may do more good than spying on Angela Merkel.

      --
      Even those who arrange and design shrubberies are under considerable economic stress at this period in history.
    6. Re:It's a bit disturbing to me by Anonymous Coward · · Score: 4, Insightful

      In the real world the gov't protects the gov't. Your lost privacy is their gain.

    7. Re:It's a bit disturbing to me by BronsCon · · Score: 4, Insightful

      Until your friend pranks you and you jokingly text them "I'm gonna kill you for that" in response and they end up dead a day or two later.

      Welcome to a murder 1 charge with pretty damning evidence against you, all because you didn't think privacy was important.

      In fact, it is those very situations that our guarantee of privacy from government snooping absent due process is intended to prevent.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    8. Re:It's a bit disturbing to me by Actually,+I+do+RTFA · · Score: 1

      But a government what works for it's citizens should not be so focused on breaking into our computers without due process.

      The government needs to attack iPhones owned by foreign powers. It would be nice if the technology could be restricted to avoid use on citizens, but that's just not possible, except via regulations.

      Look, we trust the government with: men with M-16's, fighter jets, and nukes. We have to to avoid getting conquered by China/Russia/Canada. Information warfare weapons are no less important.

      What we can do is criminalize their use by state police agencies and rigorously enforce regulations against abuse.

      --
      Your ad here. Ask me how!
    9. Re:It's a bit disturbing to me by gnick · · Score: 2

      Until your friend pranks you and you jokingly text them "I'm gonna kill you for that" in response and they end up dead a day or two later.

      Make a joke about an FBI "secret society" and there'll be hell to pay.

      --
      He's getting rather old, but he's a good mouse.
    10. Re:It's a bit disturbing to me by jwhyche · · Score: 4, Interesting

      I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up, we wouldn't be seeing massive data breaches every few months.

      You would like to think that but lets make no bones about it. The intelligence and LEA agencies are here for one purpose only. Keeping those in power, in power. Doesn't matter if they deserve it or not. They may operate under the guise of "protecting the country" but when it comes right down to it, its the same thing as keep those in power in power.

      --
      I read at +2. If your post doesn't reach that level I will not see or respond to it.
    11. Re:It's a bit disturbing to me by MBGMorden · · Score: 3, Insightful

      Meh - this is fine. They still need due process (eg, a warrant) - this just gives them the technical ability to get into a phone that they have the legal right to do so.

      I'm not at all for building INTENTIONAL backdoors into the software (and whatever hole in the security this company is using to gain access I'd hope Apple soon finds and closes), but if they have their warrant I have no issue with them hacking into the phone if they can figure it out. IMHO it's the same as cutting the lock off of a door to gain entry to a building they've secured a warrant to.

      --
      "People who think they know everything are very annoying to those of us who do."-Mark Twain
    12. Re:It's a bit disturbing to me by StormReaver · · Score: 4, Insightful

      These tools may allow a locked phone to be searched after a search warrant is issued.

      Or, more likely, allow the FBI/NSA to bypass the warrant entirely by saying, "We didn't do it. A private company, not subject to the constraints of warrants, did it. We just happened to stumble upon the results." They're quite fond of Parallel Construction and its bastard children.

    13. Re:It's a bit disturbing to me by eaglesrule · · Score: 1

      The entire Pentagon budget is worth it just so we don't have to put up with Canadians bragging about how they burned down the white house again, until the end of time. That'd just be insufferable. A Russian or Chinese invasion pales in comparison.

    14. Re:It's a bit disturbing to me by Actually,+I+do+RTFA · · Score: 1

      In fairness, all the Candians I've met are too polite to mention burning it down the first time.

      --
      Your ad here. Ask me how!
    15. Re:It's a bit disturbing to me by Trogre · · Score: 2

      And now they've conned gullible liberals into taking away your guns so you can't fix it like you were supposed to.

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
    16. Re:It's a bit disturbing to me by dgatwood · · Score: 1

      Make a joke about an FBI "secret society" and there'll be hell to pay.

      You mean the FBI isn't a secret society? Crap. They tricked me again. Now what am I going to do with a thousand gallons of goats' blood?

      --

      Check out my sci-fi/humor trilogy at PatriotsBooks.

    17. Re:It's a bit disturbing to me by i286NiNJA · · Score: 1

      -- Filter error: You can type more than that for your comment.
      (Ahem that's like trollface.png except with less aliasing and a record deal.)

    18. Re:It's a bit disturbing to me by HiThere · · Score: 1

      IIRC that $500 hammer was because the government wanted them to go through authorized channels and fill out a ream of paperwork rather than just going down to the hardware store. For a gross of hammers, that's not too unreasonable, for one hammer, though.... well, the company didn't want to jump through hoops, but the government insisted, so they set a discouraging price...but the government wasn't discouraged.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    19. Re:It's a bit disturbing to me by KBentley57 · · Score: 1

      And now they've conned gullible liberals into taking away your guns so you can't fix it like you were supposed to.

      Perhaps you don't live in the US, but there hasn't been any attempt to remove guns from anyone. You didn't happen to post this from Russia, did you?

    20. Re:It's a bit disturbing to me by HiThere · · Score: 1

      The problem is "why he joined" and "what he's working for five years later" can be rather extremely different...and he may not even realize it after 5 years of being socialized to a particular viewpoint. All too often it morphs into "supporting my comrades in whatever they do". During the 1960's thinking that was "being paranoid", but since then lots of new evidence has come out, to the point where people supporting the normal police policies are reduced to finding exceptional cases to point out. And this isn't fair either, because most police most of the time try to do a good job and be good citizens. But because they worry that they might make a mistake, or need someone else's support, they don't work to get the bad apples disciplined. The saying "one bad apple..." is a bit of an overstatement, but as far as public support there's a lot of truth to it, and justifiably so.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    21. Re:It's a bit disturbing to me by gnick · · Score: 1

      Cut it with kale and fish sauce and tell people it's Clamato. Or you could get charitable and open a free clinic for goats in need of transfusions.

      --
      He's getting rather old, but he's a good mouse.
    22. Re:It's a bit disturbing to me by jcr · · Score: 1

      a government what works for it's citizens

      I think I see the root of your confusion.

      -jcr

      --
      The only title of honor that a tyrant can grant is "Enemy of the State."
    23. Re:It's a bit disturbing to me by T.E.D. · · Score: 1

      I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up,...

      You would like to think that but lets make no bones about it. The intelligence and LEA agencies are here for one purpose only.

      Gathering intelligence. That is literally their job.

      You might think it would be nice if some agency spend taxpayer $ all day helping software vendors to harden their OS's, and you may even be right. But no such agency exists today, and if Congress were to create one, it would most likely be a separate agency.

    24. Re:It's a bit disturbing to me by T.E.D. · · Score: 1

      ...that company would likely find itself sued. Quick history: What enabled Ralph Nader to found his first consumer organization was his invasion of privacy lawsuit after GM got caught tapping his phones.

      There's a REASON all those telecom companies insist on getting warrants before turning over personal info, and it isn't because they are all good citizens.

    25. Re:It's a bit disturbing to me by The+Snowman · · Score: 1

      The saying "one bad apple..." is a bit of an overstatement

      Finish the quote:

      One bad apple spoils the bunch

      Suppose we have a "good cop" who refuses to cross the blue line and stop a fellow officer from abusing a suspect in custody, for example, beating a person in handcuffs laying on the floor who offers no resistance. Clearly the officer abusing authority by beating a prone suspect is a bad cop. However, the good cop is now bad too, for failing to stand up for basic human rights. The bad apple spoiled at least one other.

      That is the problem we, in the USA (and elsewhere but I live in the USA) have: our government and its agents have little to no accountability when they do wrong. Yes, some bad cops get convicted of felonies and go to jail. Others get fired and have their names dragged through the mud. Meanwhile, alleged "good cops" watch the bad cops do bad things, complicit in their crimes.

      --
      24 beers in a case, 24 hours in a day. Coincidence? I think not!
    26. Re:It's a bit disturbing to me by david_thornley · · Score: 1

      The government also has different requirements than most people. For example, a $600 coffee maker in an aircraft was designed to not be a hazard under enemy attack. Since this is a very small market niche, the coffee makers cost more than they would have in a larger market. Military tools may be designed to work in environments where other tools would break or be unusable.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    27. Re:It's a bit disturbing to me by david_thornley · · Score: 1

      "Yes, Your Honor, the iPhone accidentally found itself in a shipment to Israel, and somebody, not us, must have paid the company, because imagine our surprise when we found...." To use for that purpose, the LEOs would have to have some sort of method to just take a phone and crack it, not send it to an Israeli company.

      Parallel construction is used when they can covertly get information by illegitimate means. This isn't covert.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    28. Re:It's a bit disturbing to me by Trogre · · Score: 1

      Apart from the first sentence, I agree with everything you just said.

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
    29. Re:It's a bit disturbing to me by Trogre · · Score: 1

      You don't read the news much, do you?

      --
      "Nine times out of ten, starting a fire is not the best way to solve the problem." - my wife
  2. On The Bright Side... by TechyImmigrant · · Score: 3, Insightful

    At least there are plenty of us who are working on unbreakable hardware primitives in silicon that will keep these bastards at bay. It's about as nontrivial as it gets and we and many other have been at it for several years. The endpoint is pretty clear though. We will prevail.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    1. Re:On The Bright Side... by PPH · · Score: 1

      I thought the newer iPhones were supposed to have hardware-based encryption and security.

      --
      Have gnu, will travel.
    2. Re:On The Bright Side... by Anonymous Coward · · Score: 1

      They do. And as every device till now they are susceptible to an attack where the password is brute-forced while the in-silicon failed login counter is restored (likely with the whole memory content, since it's all indeed encrypted).

      To defend against such a vector one would need to ensure that external writes or reads are either not possible, or alter the state. Or very slow and expensive, which might be good enough. I am absolutely sure the solution involves some very clever electrical engineering at the very edge of the state of the art in IC design. But - that's where Apple and other commercial players are anyway. Fingers crossed.

    3. Re:On The Bright Side... by TechyImmigrant · · Score: 1

      I thought the newer iPhones were supposed to have hardware-based encryption and security.

      Not all hardware security circuits are immune to attack though. Especially lid-off attacks where the chip is disassembled, probed and reverse engineered. There are defenses against those attacks but it take a lot of work to perfect those defenses.
       

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    4. Re:On The Bright Side... by CustomBuild · · Score: 1

      At least there are plenty of us who are working on unbreakable hardware primitives in silicon that will keep these bastards at bay. It's about as nontrivial as it gets and we and many other have been at it for several years. The endpoint is pretty clear though. We will prevail.

      Ha ha ha ah ahah ha. Your work aside, take a pill for that paranoia.

    5. Re:On The Bright Side... by Actually,+I+do+RTFA · · Score: 1

      I imagine any sufficiently motivated entity can completely disassemble the silicon while recording the state, and rebuild it as needed to brute force it. I assume there's some secrecy if you're trying to race to a solution, but I assume there's something you can say on what's going to stop them from salami slicing, observing and salami slicing again?

      --
      Your ad here. Ask me how!
    6. Re:On The Bright Side... by PPH · · Score: 1

      lid-off attacks where the chip is disassembled

      This is the case where I've done something Really Bad and they've recovered my phone from my dead body. And since I'm not a complete moron, it's unlikely that I'd use my phone while doing Evil anyway.

      If they sneak in and lift my phone from the gym locker, all I have to worry about is stuff that they can put back as it was before I'm done on the treadmill.

      --
      Have gnu, will travel.
    7. Re:On The Bright Side... by TechyImmigrant · · Score: 1

      You need to work with the assumption that that can happen and make it not matter.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    8. Re:On The Bright Side... by david_thornley · · Score: 1

      They do. There's no such thing as perfect security. There's got to be flaws somewhere.

      What the Secure Enclave mostly does is ensure that the PIN/password can't be brute-forced, and keep the AES-256 key where it can't normally be extracted. This is a massive improvement over the 5C or earlier, but it seems unlikely to me that there's no point of attack. If you're not worried about putting anything back, you can try to figure out things at the hardware level. It won't be easy, and I don't know how practical it is.

      An iPhone is in a state much like DRM: the AES-256 key has to be in the phone somehow for it to be useful.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
    9. Re:On The Bright Side... by TechyImmigrant · · Score: 1

      lid-off attacks where the chip is disassembled

      This is the case where I've done something Really Bad and they've recovered my phone from my dead body. And since I'm not a complete moron, it's unlikely that I'd use my phone while doing Evil anyway.

      If they sneak in and lift my phone from the gym locker, all I have to worry about is stuff that they can put back as it was before I'm done on the treadmill.

      Criminals will be criminals and they often aren't smart enough to leave the phone at home. However plenty of governments are evil and tech companies have insider attacks. So the need to protect information remains real.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
    10. Re:On The Bright Side... by TechyImmigrant · · Score: 1

      > I am absolutely sure the solution involves some very clever electrical engineering at the very edge of the state of the art in IC design.

      Yep. You're right on the ball there. that's what I meant by primitives. Circuits that raise the security bar beyond the government actor level.

      --
      I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  3. Pinhead visits the DHS... by magusxxx · · Score: 1

    "We have such data to show you."

    --
    Care killed the cat, but satisfaction brought it back.
  4. Forbes is a total rag these days by kalpol · · Score: 4, Insightful

    No source checking and very little editing of their crowd-sourced articles. I have not seen this claim reported by any legitimate sources.

    --
    12:50 - press return.
    1. Re:Forbes is a total rag these days by msmash · · Score: 5, Insightful

      I agree with your general assessment of Forbes. They do have a contributor program which many people have been abusing for years by writing misleading articles. However, this particular story is written by a full-time staff reporter there. It's his scoop, and many reputed security journalists have shared it on social media, lending it more credibility. (Also, in general, we avoid linking back to Forbes because of its annoying daily quote thingy and stand on adblockers.) Opinion on Forbes is mine and it does not reflect the views of other people on Slashdot's staff.

    2. Re:Forbes is a total rag these days by kalpol · · Score: 1

      I appreciate the reasonable response!

      --
      12:50 - press return.
    3. Re:Forbes is a total rag these days by Anonymous Coward · · Score: 2, Interesting

      Normally I'd agree with you over msmash, but not after having gone through Israeli security at one of the smaller regional airports (SDV). I've seen/had them use the tools on me. I had an Indonesian visa in my passport among others, and a very old photo with long hair. I guess I set off some red flags.

      At security they confiscated my iPhone 6, which had the boarding pass pulled up in my email app. When I got it back it was the last email I sent to my father. For whatever reason they couldn't also use the tools to get in to my iPad 2 (with the old connector, in a short amount of time), and made me unlock it as well as prove the camera and microphone both worked.

      I made the flight. Actually a much earlier flight because no one noticed or pointed out I accidentally booked for 7:30 PM instead of AM (they are on 24 hour time though). All around kind of unsettling and just another odd, one off travel story. The whole thing happened in under a half an hour and I was on my way despite panicking over missing the flight. It's anecdotal and I'm not presenting it as anything other than my personal experience, but it left quite the impression on me.

    4. Re: Forbes is a total rag these days by Brockmire · · Score: 1

      You'll get flagged if you show up way too early for a flight. 3 hours, lots of margin and reasonable. 12 hours? "Wtf is this guy doing?", scrutiny.

  5. Multi million dollar stolen phone market by burtosis · · Score: 1

    You can buy stolen iPhone phones dirt cheap (often for on a few dollars on older models), the all important stolen logic boards are damn near free. It's basically only worth stripping it down and selling the parts individually. But, If it was as simple as a 10 minute software upgrade, you could make Coke dealer money in no time selling unlocked iPhones as long as you were the only one doing it. Of course carrier lockouts are another matter but bypassing an iCloud lock would be extremely profitable.

    1. Re:Multi million dollar stolen phone market by Bill+Hayden · · Score: 2

      This company has ways to get at the data stored on the phone, not to remove the iCloud lock and reactivate. Activating an iPhone goes through Apple, so there's really no way around this.

      --
      Protect your browser with the Force Safe Search add-on
  6. They're really not that good. Private company by raymorris · · Score: 3, Interesting

    >. I'd like to think that if the intelligence agencies devoted their time and effort to helping companies identify security weaknesses and shore them up, we wouldn't be seeing massive data breaches every few months.

    That sounds nice, but it really wouldn't matter. Note "the intelligence agencies" can't hack iPhones, it's a private company that can. The people a the intelligence agencies really aren't that smart. It's nothing AT ALL like the movies. It's people who got a certificate in cyber security but couldn't get a job in the private sector, which pays better (but expects you to know wtf you're doing). You think Google wastes a lot of time talking about PC bullshit? You should see government! Government doesn't hire the best people. They hire the "disadvantaged" people.

    Many, many private companies are in the business of "helping companies identify security weaknesses and shore them up". Heck you can get services from companies like Alert Logic for tens of dollars per month; does your company have static analysis and daily scans?

    1. Re: They're really not that good. Private company by Type44Q · · Score: 1

      Note "the intelligence agencies" can't hack iPhones

      Only a fool would believe that.

    2. Re:They're really not that good. Private company by easyTree · · Score: 2

      Paradox alert!

      --
      Requiem for the American Dream
    3. Re:They're really not that good. Private company by BronsCon · · Score: 1

      And the remaining 10% of the private sector is better than the best of the public sector. It actually makes perfect sense when you consider how many more people there are in private roles.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    4. Re:They're really not that good. Private company by alvinrod · · Score: 2

      I think it really depends upon which intelligence agency we're talking about. There's probably your rank and file bottom feeders that couldn't find their ass with a map and a flashlight, but that's true of any organization and I'm pretty sure that anyone working in the private sector can point to several pristine examples of such individuals. However, there are also some government types that create things like Stuxnet and do some other nasty bits of work that the public will never hear about, so there are clearly a few competent individuals working for the government.

      I don't think government intelligence agencies would be a complete replacement for private sector companies, but there are clearly cases where the government is contracting with some private company or has legislated that citizens are required to use some service provided by a third party. The government should certainly work to ensure that those organizations don't have any glaring security holes.

    5. Re:They're really not that good. Private company by organgtool · · Score: 1

      That's a nice anti-government rant you have there but unfortunately it has little basis in reality. All of the biggest hacks have been perpetrated by nation-states: Stuxnet and the Kaspersky infections come to mind. Regardless of that, given that many of the government programs that generate hacking tools are classified, how can you claim that you could even begin to know how competently they operate? Before you cite the Snowden leaks, keep in mind that they are almost five year old now and I'm sure the government has developed much more sophisticated tools since then.

    6. Re:They're really not that good. Private company by pak9rabid · · Score: 1

      They hire the "disadvantaged" people.

      Having worked with some of the governments "security experts", I can confidently confirm this.

    7. Re:They're really not that good. Private company by i286NiNJA · · Score: 1

      Riiiight.
      Because good computer people wanna make a fraction of the pay, take drug tests and answer quizzes about their finances, drug history, and sex life.

    8. Re:They're really not that good. Private company by i286NiNJA · · Score: 1

      It stops making sense when you realize that you need a 40k security clearance for a good chunk of the entry level IT jobs.
      Where do you find an entry level worker with a 40k clearance? Fresh out of the military.

      Now you're talking bout a guy who got A+/Net+ certified 3 years ago and was lucky if he was making even the most petty of decisions on his own the last year before he got out.

      The only military IT people who impress me are comms guys.

    9. Re:They're really not that good. Private company by BronsCon · · Score: 1

      You might want to re-read my comment, I'm pretty sure we both said basically the same thing.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    10. Re:They're really not that good. Private company by HiThere · · Score: 1

      Well, this wasn't a federal job, but I took a government job right out of college (state civil service) because I plain *HATE* the idea of job hopping. Now this *was* a few decades ago, and the group I used to work for is not a place that I wouldn't have wanted to work, but I was rather happy with my job, and they let me refuse to go into management. (I think I was an excellent programmer, but I would have been really incompetent as a manager. They did keep pushing me towards management, but they also continued to allow me to decline.)

      So sometimes it's personal characteristics rather than skill level.

      OTOH, I always consider that my job was "right livelihood". To me that's important. I wouldn't say the same about those who work to ensure that people's computers can be broken into.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    11. Re:They're really not that good. Private company by i286NiNJA · · Score: 1

      Nah I totally feel that. There are some great career positions in the govt if you can find them. Come in, say hi, do your job, go home, and eventually retire.
      For some reason IT hiring seems to be a challenge for most companies but the government in particular struggles with it and presents a face that turns off the exact sort of applicants they should be trying to get in the case of infosec.

      When it comes to getting "the best of the best of the best!!!" our federal government starts by filtering out all the weird aspies, druggies, and neer-do-wells when, in this case, that's where the kind of talent they need lives and they should be working hard to hand select the most functional and competent members of these groups. They also have a hard time accepting that people just don't want to work for them anymore so they need to drop their superior attitude... the dude they're interviewing is takes his dog to work, works from home on wednesdays but always makes it in for beer and pajamas fridays where he works now so it won't take a lot of bureaucratic shit or down-talking to make him nope right the fuck out the front door.

    12. Re:They're really not that good. Private company by i286NiNJA · · Score: 1

      I didn't work IT in the military but I watched those who did struggle with some rather laughable textbook-question problems and come up with even sillier solutions. I won't be specific because it could reveal a lot about my identity but these are interview-starter question level problems that any given candidate should be able to answer 3/4ths of... and it wasn't like we had just one guy running IT so between the lot of them they were um less than one good IT generalist if you added them all up.

      This was ages ago so maybe things have changed.

    13. Re:They're really not that good. Private company by BronsCon · · Score: 1

      I doubt they have. The US military hasn't been good at anything but killing since... well, I'm pretty sure forever.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    14. Re:They're really not that good. Private company by HiThere · · Score: 1

      Well I was never "the best of the best", and I certainly wasn't into infosec. But I think I was pretty good, and at least a couple of times I did things that people had thought were impossible. And I kept at least one public facing system from using social security numbers as a unique identifier.

      --

      I think we've pushed this "anyone can grow up to be president" thing too far.
    15. Re:They're really not that good. Private company by david_thornley · · Score: 1

      It's good at organizing massive rescue efforts. Since the US Armed Forces are expected to go anywhere and kill people, there's a large logistical tail that can go anywhere, and that can be used for other purposes.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  7. Does Anyone Else by Anonymous Coward · · Score: 1

    Find it weird that we have seemingly outsourced civil rights and due process to a private company? And more weird that, as a profit-oriented organization, there is some actual protection there?

    Since when did our governments decide their populations were "risk factors" and citizens desire for privacy were "non-actionable concerns"?

    Yeah, I know the story. Just commenting on what a crappy place we are in.

    1. Re:Does Anyone Else by easyTree · · Score: 1

      Since when did our governments decide their populations were "risk factors" and citizens desire for privacy were "non-actionable concerns"?

      Since,... THE BEGINNING. The idea is that THEY control US. If we know what's going on we have the potential to affect outcomes and seize control. This changes the THEM/US dynamic. Bad.

      --
      Requiem for the American Dream
    2. Re:Does Anyone Else by david_thornley · · Score: 1

      We haven't outsourced civil rights. LEOs would have to send the phones to the company, and that's going to be pretty obvious if done without a warrant.

      --
      "When you have eliminated the unacceptable, whatever is left, however improbable, must be the truthiness" - Holmes
  8. Re: So they have an inside man at Apple by Type44Q · · Score: 1, Troll

    Shame on you; that was low-hanging fruit.

  9. Re:BDS by PopeRatzo · · Score: 2

    There is a reason they have been expelled over three hundred times.

    Don't confuse the Jewish people with the corrupt government and intelligence apparatus of Israel. There is a reason Netanyahu has been referred for criminal prosecution.

    --
    You are welcome on my lawn.
  10. Those little sneakers by theendlessnow · · Score: 1

    Cos tells Marty, "We can change the world!"

    1. Re: Those little sneakers by Colourspace · · Score: 1

      It's about who controls the information.

  11. You've extrapolated 2 steps too far by raymorris · · Score: 1

    Kaspersky suggested that NSA may have, at one time, used code which was also used by authors of Stuxnet. We also know they purchased much of the code they used. That's quite far from "the authors of Sticker were NSA employees". There is no evidence that the developers were NSA employees. Indeed the fact that similar code is also found in incidents for which NSA has no motive strongly suggests that NSA is but one of the clients/friends of the authors.

    > how can you claim that you could even begin to know how competently they operate?

    I know them, I work with them. I'm not tremendously impressed by them. Federal hiring regulations and processes, and salaries explain *why* this is so. The *director* of the NSA makes $180K. That's only slightly higher than the *average* private-sector exploit specialist. That's the director of the agency. My boss makes more than that, and he can barely use exploitdb.

    1. Re:You've extrapolated 2 steps too far by i286NiNJA · · Score: 1

      Fun fact:
      The government won't pay more because it's unfathomable that low level engineers should make more than the director of national intelligence.

      The top people in our government can't grok why a low level employee with rare skills might make more than a guy who takes a job that has a pipeline of 100s of potential applicants all gunning for a seat. We have the best and brightest at the helm!

  12. Re:MH370 by bioteq · · Score: 1

    The snopes article saying that the plane being brought down for the PURPOSE of one person taking over a patent it false, not the patent and idea itself, which Nicknameunavailable is talking about.

    Also, Snopes isn't exactly a...trusted....source site. Let alone one I would trust when it comes to thoughts / ideas that span beyond the 'box' of thinking.

  13. Re:MH370 by NicknameUnavailable · · Score: 1

    Pro tip: If you ever cite politifact, snopes, correct the record, or related sites it means you are wrong.

  14. AC pretends not to understand. by i286NiNJA · · Score: 1

    Why would you pretend like you don't know what he's talking about?
    Completely different sort of LEO and it's no like there aren't a bunch of town cops who have set up little fiefdoms with a few of the other local power players. Maybe not your friend but there is zero chance that your understanding is actually this bad.

  15. You got one part right by raymorris · · Score: 1

    You got this part right:

    > the budget for a datacenter with bazillaflops of GPUs, a petabyte of database dumps

    > Typical blackhats have to work with their own deficiencies or form teams. They don't have a ton of say about the kinds of skills that they acquire for their teams. They don't have a lot of ability to do QA on each other's work

    Red Dawn was a movie. When Albert Gonzalez (one of the Shadow Crew members) was arrested, the FBI seized $1.6 million in cash he had laying around at that particular house at the moment. You think Shadow Crew couldn't manage to use Git? To contract people with whatever skill they want?

    Hamza Bendelladj used SpyEye (a trojan horse) to steal $400 million. That'll hire an expert dev with any skill you need, thousands of times over.

    All those Nigerian Prince emails and all that - those aren't done a million times a day because nobody is making any money from them. One organization running email scams may employ a hundred people. "Telling anyone their shit's not up to snuff might mean they walk off and take as many assets as they can and leadership of the group can change in a weekend"? Not any more than at any other business.

    This is an industry, not a movie.

  16. Re: So they have an inside man at Apple by Anonymous Coward · · Score: 1

    Telling them how the backdoor works.

    Yes, Apple has a backdoor. They all do.

    This is modded Flamebate?

    Wow, Mossad has backdoors in Slashdot as well.

    Good to know.

  17. Re:MH370 by bioteq · · Score: 1

    Definitely.

    I laughed pretty hard when I saw the 'debunk' link pointing to snopes. I even clicked it to see what they had to say. Unfortunately, he linked to an article that had nothing to even do with what you mentioned. But then again, that's how snopes operates -- They take something then 'debunk' something completely unrelated to the original intent and call the entire thing 'false' because they sprinkled a very small part of the original intent in to the fake intent.

    Millions of people fall for this. Wish I could get away with banging porn stars, doing drugs and making tons of money by lying like they do!

  18. Re: Surveillance by AutodidactLabrat · · Score: 1

    Then Mossad should be backdoored by everyone.