- The American Conservative - http://www.theamericanconservative.com -

Government Hackers, Inc.

The Federal Bureau of Investigation (FBI) court battle with Apple over the security system in place on iPhones appears to be over. But some experts in the communications security community are expressing concern because of the Bureau’s unwillingness [1] to reveal what exactly occurred to end the standoff.

According to government sources speaking both on and off the record, the FBI succeeded in breaking through the Apple security measures with the assistance [2] of an unidentified third party. The technique used was apparently not a one-off and is transferable as the Bureau has now indicated [3] that it will be accessing data on a second phone involved in a murder investigation in Arkansas and is even considering [4] allowing local police forces to share the technology. That means that the FBI and whatever other security and police agencies both in the U.S. and abroad it provides the information to will have the same capability, potentially compromising the security of all iPhones worldwide.

The breakthrough in the case leads inevitably to questions about the identity of the company or individual that assisted the Bureau. It means that someone outside government circles would also have the ability to unlock the phones, information that could eventually wind up in the hands of criminals or those seeking to disrupt or sabotage existing telecommunications systems.

No security system is unbreakable if a sophisticated hacker is willing to put enough time, money and resources into the effort. If the hacker is a government with virtually unlimited resources the task is somewhat simpler as vast computer power will permit millions of attempts to compromise a phone’s operating system.

In this case, the problem consisted of defeating an “Erase Data” feature linked to a passcode that had been placed on the target phone by Syed Farook, one of the shooters in December’s San Bernardino terrorist attack. Apple had designed the system [5] so that 10 failures to enter the correct passcode would lock the phone and erase all the data on it. This frustrated FBI efforts to come up with the passcode by what is referred to as a “brute force” attack where every possible combination of numbers and letters is entered until the right code is revealed. Apple’s security software also was able to detect multiple attempts after entry of an incorrect passcode and slow down the process, meaning that in theory it would take five and a half years for a computer to try all possible combinations of a six-character alphanumeric passcode using numbers and lowercase letters even if it could disable the “Erase Data” feature.

Speculation [1] is that the FBI and its third party associate were able to break the security by circumventing the measure that monitors the number of unsuccessful passcode entries, possibly to include generating new copies of the phone’s NAND storage chip to negate the 10-try limit. The computer generated passcodes could then be entered again and again until the correct code was discovered. And, of course, once the method of corrupting the Erase Data security feature is determined it can be used on any iPhone by anyone with the necessary computer capability, precisely the danger that Apple had warned about when it refused to cooperate with the FBI in the first place.

Most of the U.S. mainstream media has been reluctant to speculate on who the third party that aided the FBI might be but the Israeli press has not been so reticent. They have identified [6] a company called Cellebrite, a digital forensics company located in Israel. It is reported that the company’s executive vice president for mobile forensics Leeor Ben-Peretz was recently in Washington consulting with clients. Ben-Peretz is Cellebrite’s marketing chief, fully capable of demonstrating the company’s forensics capabilities. Cellebrite reportedly has worked with the FBI before, having had a contract arrangement [7] entered into in 2013 to provide decryption services.

Cellebrite was purchased by Japanese cellular telephone giant Suncorporation in 2007 but it is still headquartered and managed from Petah Tikva, Israel with a North American office in Parsippany, New Jersey and branches in Germany, Singapore and Brazil. It works closely with the Israeli police and intelligence services and is reported to have ties to both Mossad and Shin Bet. Many of its employees are former Israeli government employees who had worked in cybersecurity and telecommunications.

If Cellebrite is indeed the “third party” responsible for the breakthrough on the Apple problem, it must lead to speculation that the key to circumventing iPhone security is already out there in the small world of top level telecommunications forensic experts. It might reasonably be assumed that the Israeli government has access to the necessary technology, as well as Cellebrite’s Japanese owners. From there, the possibilities inevitably multiply.

Most countries obtain much of their high grade intelligence from communications intercepts. Countries like Israel, China, and France conduct much of their high-tech spying through exploitation of their corporate presence in the United States. Israel, in particular, is heavily embedded in the telecommunications industry, which permits direct access to confidential exchanges of information.

Israel has in fact a somewhat shady reputation [8] in the United States when it comes to telecommunications spying. Two companies in particular—Amdocs and Comverse Infosys—have at times dominated their market niches in America. Amdocs, which has contracts [9] with many of the largest telephone companies in the U.S. that together handle 90 percent of all calls made, logs all calls that go out and come in on the system. It does not retain the conversations themselves, but the records provide patterns, referred to as “traffic analysis,” that can provide intelligence leads. In 1999, the National Security Agency warned that records of calls made in the United States were winding up in Israel.

Comverse Infosys, which dissolved [10] in 2013 after charges of conspiracy, fraud, money laundering and making false filings, provided wiretapping equipment to law enforcement throughout the United States. Because equipment used to tap phones for law enforcement is integrated into the networks that phone companies operate, it cannot be detected. Phone calls were intercepted, recorded, stored, and transmitted to investigators by Comverse, which claimed that it had to be “hands on” with its equipment to maintain the system. Many experts believe that it is relatively easy to create an internal cross switch that permits the recording to be sent to a second party, unknown to the authorized law-enforcement recipient. Comverse was also believed [11] to be involved with NSA on a program of illegal spying directed against American citizens.

Comverse equipment was never inspected by FBI or NSA experts to determine whether the information it collected could be leaked, reportedly because senior government managers blocked such inquiries. According to a Fox News investigative report [12], which was later deleted from Fox’s website under pressure from various pro-Israel groups, DEA and FBI sources said post-9/11 that even to suggest that Israel might have been spying using Comverse was “considered career suicide.”

Some might argue that collecting intelligence is a function of government and that espionage, even between friends, will always take place. When it comes to smartphones, technical advances in phone security will provide a silver bullet for a time but the hackers, and governments, will inevitably catch up. One might assume that the recent revelations about the FBI’s capabilities vis-à-vis the iPhone indicate that the horse is already out of the stable. If Israel was party to the breaking of the security and has the technology it will use it. If the FBI has it, it will share it with other government agencies and even with foreign intelligence and security services.

Absent from the discussion regarding Apple are the more than 80 percent [13] of smartphones used worldwide that employ the Google developed Android operating system that has its own distinct security features designed to block government intrusion. The FBI is clearly driven by the assumption that all smartphones should be accessible to law enforcement. The next big telecommunications security court case might well be directed against Google.

Philip Giraldi, a former CIA officer, is executive director of the Council for the National Interest.

17 Comments (Open | Close)

17 Comments To "Government Hackers, Inc."

#1 Comment By Fran Macadam On April 6, 2016 @ 1:00 am

Missing from this analysis are some missteps the FBI themselves made, which resulted in locking the employer-provided phone which likely has little of value. From what I read, it did not have maximum security features enabled as left. Another personal phone was completely destroyed by the suspects.

#2 Comment By georgina davenport On April 6, 2016 @ 8:27 am

“The FBI is clearly driven by the assumption that all smartphones should be accessible to law enforcement.”
Yes, what is wrong with that assumption? Put yourself in the place of the law enforcement, what would you think? On the other hand, why should any law abiding citizen be afraid of government getting into their phones, especially with a warrant?
If Apple had helped the FBI to get into the terrorist’s phone, they would not have looked elsewhere. This particular case was not ambiguous, that person was clearly a terrorist, using him to make a case for citizen privacy is just wrong. Or do some people, like this author, think that they are immune from the laws, so long as they can out run it?
Moreover, I am suspicious of Apple’s concerns for the people. If they really care, they would bring their factories home to give the people jobs, and tax dollars home to help rebuilt our crumbling infrastructure.

#3 Comment By One Man’s Law On April 6, 2016 @ 11:09 am

“On the other hand, why should any law abiding citizen be afraid of government getting into their phones, especially with a warrant?”

Any law-abiding citizen of China? Russia? Saudi Arabia? Israel? What does “law abiding” even mean in places like that? Seems like nearly half of primary voters right here in America aren’t too happy with government and elites either …

#4 Comment By Rostale On April 6, 2016 @ 12:07 pm

“The FBI is clearly driven by the assumption that all smartphones should be accessible to law enforcement.”

You know what else would help law enforcement? Banning civilian ownership of firearms. One of the main arguments for the 2nd amendment is act as a check on overzealous government, but shouldn’t we trust our government?

What is amazing to me is how many people who would vociferously oppose a gun ban support a government right invade people’s privacy. We, as a society, have decided that the protection of freedom that 2nd amendment provides is worth the tradeoff in increased gun violence. Terrorism, statistically speaking, is an inconsequential threat compared to risk of death from gun violence, and yet it seems we can’t hand over our liberties fast enough when the premise is to “fight terror”.

#5 Comment By Franz Liebkind On April 6, 2016 @ 12:47 pm

To georgina davenport:

Such naivety. Do you really think that the FBI’s use of smartphone intrusion methods will be limited to national security cases? No, the innate careerism of law enforcement management will insist on using it for common crimes as well, from the onerous to the increasingly petty.

You might wish to take the time to research the DHS’s poorly-managed “fusion centers,” where federal security and law enforcement agencies are required to share intelligence and methods with state and local agencies–according to vague and apparently inconsistent criteria.

Imagine a state or local DA, sheriff, of judge (probably elected, and therefore subject to electoral pressures) with such technology in hand. Do you think such a politician could resist the temptation to use it for political purposes–especially if that official works outside a major media market?

Have you no idea of the awful legacy of Hoover’s FBI?

#6 Comment By indivisible On April 6, 2016 @ 2:03 pm

“On the other hand, why should any law abiding citizen be afraid of government getting into their phones, especially with a warrant?”

“Law abiding citizens” in Russia? China? Saudi Arabia? Israel? What does “law abiding citizen” even mean in such places? Is Apple supposed to cooperate with governments like that too? Even here in the US, roughly half of primary voters are registering anger, distrust, and suspicion of government and elites. It’s not an auspicious moment to make arguments founded on trust.

“Put yourself in the place of the law enforcement, what would you think? “

I’d think “Damn. Looks like I’m actually going to have to get up from my desk and do some leg work, or I’ll have to think up some clever solution, like the old school FBI guys had to do.”

“Moreover, I am suspicious of Apple’s concerns for the people. “

I assume that Apple doesn’t give a damn about “the people”. Apple is a business. But it does care about the integrity of its product, because its customers do. If I buy a phone advertised as “secure”, I expect it to be secure. Not “sort of secure, unless the FBI or some foreign government or business asks us to make it not secure anymore.”

#7 Comment By EliteCommInc. On April 6, 2016 @ 2:10 pm

Renditioning Technology.

#8 Comment By Clint On April 6, 2016 @ 7:40 pm

Israel has backdoored U.S. telecommunications for some time and our government has let these foreigners easy espionage access to American citizens.

This is a treasonous sell out by a corrupt Federal Government.

#9 Comment By Long Gone On April 6, 2016 @ 8:15 pm

“If Israel was party to the breaking of the security and has the technology it will use it. If the FBI has it, it will share it with other government agencies and even with foreign intelligence and security services. “

Already happened my friend! Cows left the barn! Guaranteed!

If the Israelis got it you can bet it’s for sale. They sell anything to anybody. They sold spare fighter parts to Iran at the same time they were begging us to bomb Teheran. Cash on the barrelhead, baby. They sold our drone tech to China and our military secrets to Russia. They used to (and maybe still do) sell on-site torture instruction to Central American dictators, no doubt based on the popular product they peddled to apartheid S. Africa, no doubt. The Boys from Tel Aviv aren’t exactly famous for being inhibited by a moral compass.

#10 Comment By Fran Macadam On April 6, 2016 @ 8:45 pm

I’m absolutely sure when the nascent technology of reading minds is perfected, the government will claim the right to know what we are thinking, as an “essential tool” in the fight against… freedom.

#11 Comment By ADL On April 7, 2016 @ 10:15 am

The current “Panama Papers” mini-scandal offers another interesting angle on this trans-national hacking intrigue.

An unknown entity just happened to pick a random law firm in Panama and hacked millions of files, yet for some reason, Western news organizations only care about the files on the world leaders Obama’s regime dislikes. What are the odds of this!

Third-party non-state entities cooperating with state agencies is one thing; “soft power” entities (like Soros funded front organizations) working for the regime’s political leaders to hack into a law firm for political considerations should take this to another level of concern for us all. (I guess former law prof Obama doesn’t think too highly of the attorney-client confidentiality rule.)

Most readers on here are familiar with the expression “never let a crisis go to waste”. Team Obama has taken this logic a little further: if a crisis doesn’t exist, create one.

A week after the emergence of these “Panama Papers” and the US gov’t already has some new shell company banking rules it wants to implement:
[14]

The regime’s enemies are embarrassed, new gov’t regulations are created in the name of “fighting tax evasion” but nobody is talking about the hackers’ identity.

Law enforcement agencies at least have to pretend to care about constitutional technicalities, but politicians indulging their penchant for machinations don’t. Nixon was impeached for supposedly sending people to break into Watergate and a new generation of investigative journalists emerged in its aftermath (complete with hero movie stars). Team Obama sent people to hack into a law firm and the Great American Independent Press couldn’t care less about it.

#12 Comment By EliteCommInc. On April 7, 2016 @ 2:06 pm

“I’m absolutely sure when the nascent technology of reading minds is perfected . . .”

I am keeping my tin foil on for the seeable future.
_______________
“Nixon was impeached for supposedly sending people to break into Watergate and a new generation of investigative journalists emerged in its aftermath (complete with hero movie stars).”

Uhhh,

No. Pres. Nxon did send anyone anywhere. He did not know what they don until after the fact. Given the hits his tenure was taking over Vietnam, he moved to hinder the matter by keeping it quiet. Admittedly a bad choice. But given what has been going on since 9/11 the “Watergate Crisis” is not even a tempest in a tea cup.

What is ironic about your observation is that Sec. Clinton made her political bones on Watergate and yet, there sits the entire Libyan cabal on her doorstep.

#13 Comment By ADL On April 7, 2016 @ 3:46 pm

EliteCommInc. says:

Uhhh,

No. Pres. Nxon did send anyone anywhere. He did not know what they don until after the fact…

To my knowledge, the Articles of Impeachment didn’t specifically accuse Nixon of ordering or knowing about the break-in. As for whether or not he did, let’s just say that plenty of self-serving memoirs have been written pointing in every direction…so we’ll never know.

However, “plausible deniability” means that the pez can say whatever and leave it up to his minions to interpret whatever. An exasperated Henry II blurted out, Will no one rid me of this troublesome priest– and so long Father Becket.

#14 Comment By EliteCommInc. On April 7, 2016 @ 5:42 pm

“However, “plausible deniability” means that the pez can say whatever and leave it up to his minions to interpret whatever.”

Of course, I have to agree that many cause is hidden behind “plausible deniability.” But in the case of Watergate, it is unlikely that there are anymore serets to be undone. Based on the official record, Pres. Nixon’s issues are born out protecting his legacy.

Even John Dean did not walk down that path. And he would know, in my view.

[15]

I am not defending his actions to protect his office from scandal. The simplest thing to was let’em hang. But while I not above Pres. Nixon in any case. What is important is that a Sec. of State had a front row seat, who had o ade through the very excruciating mess with her husbandand attempting to cover-up issues have learned no lessons, beyond shredding documents. Who had not learned the simple lesson of “My mistake, heres how and it won’t happen again.” Could have been so caught up in the politics of face saving that she allowed the security of the embassy to be unaddressed, despite repeated calls, instead asking them how to make the violence in Libya look nice even as they were emailing dire conditions at their front door. She then engages in telling not only us, but the families of her immediate staff, it was because of a video.

I am supposd to trust an executive that says articles such as this are the whines of the “free speech crowd”. She has indicated a kind of callousness for her fellows that is deeply troubling.

Painful. With Prs. nixon there are if and maybes — in the Secretary’s case — it’s clear she would call Israel to tap your phone or mine to suit her objectives despite the Constitution, and it seems despite risk to life and limb of the innocent target an would do so, even if working on her behalf.

That should be chilling for any citizen.

#15 Comment By kalendjay On April 7, 2016 @ 8:13 pm

Get with it,people.

Apple’s first obligation is not to protect its subscribers not from government, but from each other.

How often has your PC crashed because of cookies, or been effectively destroyed by internet viruses, at least until you were prompted to call up a “Certified Microsoft Engineer” in some undisclosed hovel in India, to unlock your server address, for a nice casual credit card fee? Yes, this happened to me, and I simply refused to pay after the repair was done, but not after I left a curt email saying the matter will be referred to the FBI).

I am so sick of what we have to put up with in the name of glorious information technology that I am ready to finance some overseas assassinations of these tech leaches myself.

Don’t you think Israel is onto two fundamental truths that Phillip Giraldi is not?

1. No software is unhackable, and
2. When it is hacked, retaliate.

#16 Comment By EliteCommInc. On April 7, 2016 @ 10:42 pm

” . . . and so long Father Becket.”

You do realize that Becket gets the last word and the ultimate victory over his freind.

#17 Comment By Johnny F. Ive On April 8, 2016 @ 1:22 pm

Did you know that the linux kernel (security-enhanced linux) used by Google for its android devices was developed by the NSA?