Government Hackers, Inc.
The Federal Bureau of Investigation (FBI) court battle with Apple over the security system in place on iPhones appears to be over. But some experts in the communications security community are expressing concern because of the Bureau’s unwillingness to reveal what exactly occurred to end the standoff.
According to government sources speaking both on and off the record, the FBI succeeded in breaking through the Apple security measures with the assistance of an unidentified third party. The technique used was apparently not a one-off and is transferable as the Bureau has now indicated that it will be accessing data on a second phone involved in a murder investigation in Arkansas and is even considering allowing local police forces to share the technology. That means that the FBI and whatever other security and police agencies both in the U.S. and abroad it provides the information to will have the same capability, potentially compromising the security of all iPhones worldwide.
The breakthrough in the case leads inevitably to questions about the identity of the company or individual that assisted the Bureau. It means that someone outside government circles would also have the ability to unlock the phones, information that could eventually wind up in the hands of criminals or those seeking to disrupt or sabotage existing telecommunications systems.
No security system is unbreakable if a sophisticated hacker is willing to put enough time, money and resources into the effort. If the hacker is a government with virtually unlimited resources the task is somewhat simpler as vast computer power will permit millions of attempts to compromise a phone’s operating system.
In this case, the problem consisted of defeating an “Erase Data” feature linked to a passcode that had been placed on the target phone by Syed Farook, one of the shooters in December’s San Bernardino terrorist attack. Apple had designed the system so that 10 failures to enter the correct passcode would lock the phone and erase all the data on it. This frustrated FBI efforts to come up with the passcode by what is referred to as a “brute force” attack where every possible combination of numbers and letters is entered until the right code is revealed. Apple’s security software also was able to detect multiple attempts after entry of an incorrect passcode and slow down the process, meaning that in theory it would take five and a half years for a computer to try all possible combinations of a six-character alphanumeric passcode using numbers and lowercase letters even if it could disable the “Erase Data” feature.
Speculation is that the FBI and its third party associate were able to break the security by circumventing the measure that monitors the number of unsuccessful passcode entries, possibly to include generating new copies of the phone’s NAND storage chip to negate the 10-try limit. The computer generated passcodes could then be entered again and again until the correct code was discovered. And, of course, once the method of corrupting the Erase Data security feature is determined it can be used on any iPhone by anyone with the necessary computer capability, precisely the danger that Apple had warned about when it refused to cooperate with the FBI in the first place.
Most of the U.S. mainstream media has been reluctant to speculate on who the third party that aided the FBI might be but the Israeli press has not been so reticent. They have identified a company called Cellebrite, a digital forensics company located in Israel. It is reported that the company’s executive vice president for mobile forensics Leeor Ben-Peretz was recently in Washington consulting with clients. Ben-Peretz is Cellebrite’s marketing chief, fully capable of demonstrating the company’s forensics capabilities. Cellebrite reportedly has worked with the FBI before, having had a contract arrangement entered into in 2013 to provide decryption services.
Cellebrite was purchased by Japanese cellular telephone giant Suncorporation in 2007 but it is still headquartered and managed from Petah Tikva, Israel with a North American office in Parsippany, New Jersey and branches in Germany, Singapore and Brazil. It works closely with the Israeli police and intelligence services and is reported to have ties to both Mossad and Shin Bet. Many of its employees are former Israeli government employees who had worked in cybersecurity and telecommunications.
If Cellebrite is indeed the “third party” responsible for the breakthrough on the Apple problem, it must lead to speculation that the key to circumventing iPhone security is already out there in the small world of top level telecommunications forensic experts. It might reasonably be assumed that the Israeli government has access to the necessary technology, as well as Cellebrite’s Japanese owners. From there, the possibilities inevitably multiply.
Most countries obtain much of their high grade intelligence from communications intercepts. Countries like Israel, China, and France conduct much of their high-tech spying through exploitation of their corporate presence in the United States. Israel, in particular, is heavily embedded in the telecommunications industry, which permits direct access to confidential exchanges of information.
Israel has in fact a somewhat shady reputation in the United States when it comes to telecommunications spying. Two companies in particular—Amdocs and Comverse Infosys—have at times dominated their market niches in America. Amdocs, which has contracts with many of the largest telephone companies in the U.S. that together handle 90 percent of all calls made, logs all calls that go out and come in on the system. It does not retain the conversations themselves, but the records provide patterns, referred to as “traffic analysis,” that can provide intelligence leads. In 1999, the National Security Agency warned that records of calls made in the United States were winding up in Israel.
Comverse Infosys, which dissolved in 2013 after charges of conspiracy, fraud, money laundering and making false filings, provided wiretapping equipment to law enforcement throughout the United States. Because equipment used to tap phones for law enforcement is integrated into the networks that phone companies operate, it cannot be detected. Phone calls were intercepted, recorded, stored, and transmitted to investigators by Comverse, which claimed that it had to be “hands on” with its equipment to maintain the system. Many experts believe that it is relatively easy to create an internal cross switch that permits the recording to be sent to a second party, unknown to the authorized law-enforcement recipient. Comverse was also believed to be involved with NSA on a program of illegal spying directed against American citizens.
Comverse equipment was never inspected by FBI or NSA experts to determine whether the information it collected could be leaked, reportedly because senior government managers blocked such inquiries. According to a Fox News investigative report, which was later deleted from Fox’s website under pressure from various pro-Israel groups, DEA and FBI sources said post-9/11 that even to suggest that Israel might have been spying using Comverse was “considered career suicide.”
Some might argue that collecting intelligence is a function of government and that espionage, even between friends, will always take place. When it comes to smartphones, technical advances in phone security will provide a silver bullet for a time but the hackers, and governments, will inevitably catch up. One might assume that the recent revelations about the FBI’s capabilities vis-à-vis the iPhone indicate that the horse is already out of the stable. If Israel was party to the breaking of the security and has the technology it will use it. If the FBI has it, it will share it with other government agencies and even with foreign intelligence and security services.
Absent from the discussion regarding Apple are the more than 80 percent of smartphones used worldwide that employ the Google developed Android operating system that has its own distinct security features designed to block government intrusion. The FBI is clearly driven by the assumption that all smartphones should be accessible to law enforcement. The next big telecommunications security court case might well be directed against Google.
Philip Giraldi, a former CIA officer, is executive director of the Council for the National Interest.