Senator Reveals FBI Paid $900K for Hacking Tool Used to Open San Bernardino Shooter's iPhone

[MacRumors]

A year after the public disagreement between Apple and the FBI, which centered on the passcode-locked iPhone 5c of the San Bernardino terrorist, one of the major questions remains how much the United States government and the FBI paid for the tool it used to crack open the iPhone. That question became so focused upon that a trio of news organizations filed a lawsuit to find out the exact amount that the tool cost the FBI.

Speculation in the midst of the Apple-FBI drama placed the price of the tool at upwards of $1.3 million, and then somewhere below $1 million. A recent statement by senator Dianne Feinstein appears to confirm the latter estimation, with Feinstein revealing that the U.S. government paid $900,000 to break into the locked iPhone 5c. The classified information came up during a Senate Judiciary Committee oversight hearing, where Feinstein was questioning FBI director James Comey (via The Associated Press).

Senators Charles Grassley and Dianne Feinstein​

"I was so struck when San Bernardino happened and you made overtures to allow that device to be opened, and then the FBI had to spend $900,000 to hack it open," said Feinstein, D-Calif. "And as I subsequently learned of some of the reason for it, there were good reasons to get into that device."

In the ongoing lawsuit filed by the Associated Press, Vice Media, and Gannett, the organizations cite the Freedom of Information Act: "Release of this information goes to the very heart of the Freedom of Information Act's purpose, allowing the public to assess government activity - here, the decision to pay public funds to an outside entity in possession of a tool that can compromise the digital security of millions of Americans." The FBI has repeatedly argued that the number should stay classified.

Despite the ongoing legal battles that the Apple-FBI event sparked, last year the FBI reported that it found "nothing of real significance" after it had gained access to the iPhone 5c, providing answers to some questions about the terrorist attack but generating no solid leads. In regards to the third party who was paid the $900,000 for the hacking tool, it's been widely reported that Israeli firm Cellebrite was the FBI's source, but a more informal group of professional hackers has also been suggested.

Note: Due to the political nature of the discussion regarding this topic, the discussion thread is located in our Politics, Religion, Social Issues forum. All forum members and site visitors are welcome to read and follow the thread, but posting is limited to forum members with at least 100 posts.

Article Link: Senator Reveals FBI Paid $900K for Hacking Tool Used to Open San Bernardino Shooter's iPhone

 

[dannyyankou]

It's sad that the government is rewarding hackers instead of prosecuting them.

 

[budselectjr]

Feinstein needs to retire or pass on already.

 

[NT1440]

It's sad that the government is rewarding hackers instead of prosecuting them.

What?

Cellebrite is an Israeli firm that specializes in breaking into devices for law enforcement. Now personally I don't like them because they are funded by the Israeli intelligence agency (and you can bet they get a sweet chunk of the black budget from the NSA on consulting), but they aren't "hackers" that the government would be prosecuting because they work for governments.

 

[ibookg409]

It sounds like Feinstein just leaked classified information to the public. Perhaps there should be an inquiry into this as well.

 

[dannyyankou]

What?

Cellebrite is an Israeli firm that specializes in breaking into devices for law enforcement. Now personally I don't like them because they are funded by the Israeli intelligence agency (and you can bet they get a sweet chunk of the black budget from the NSA on consulting), but they aren't "hackers" that the government would be prosecuting because they work for governments.

It was originally reported that Cellebrite helped the FBI, but then it was reported that wasn't the case. They never disclosed who helped them, I'm suspicious.

But either way, the FBI being in possession of a tool to hack into iPhones is, I think, unconstitutional. If they got a search warrant and asked the company for help to obtain information, that's one thing. But they shouldn't have the ability to hack into peoples phones

 

[djcerla]

Better than $95M for some fireworks in Syria.

 

[miknos]

What do the FBI thought it could find? Al Qaida PowerPoint spreadsheet?

Just do a clean wipe and donate the phone! Bang! Saved a million bucks!

 

[thisisnotmyname]

It was originally reported that Cellebrite helped the FBI, but then it was reported that wasn't the case. They never disclosed who helped them, I'm suspicious.

But either way, the FBI being in possession of a tool to hack into iPhones is, I think, unconstitutional. If they got a search warrant and asked the company for help to obtain information, that's one thing. But they shouldn't have the ability to hack into peoples phones

Legally you are incorrect. With a warrant the FBI can use whatever means they choose to enter the device. Whether it is an internal process or a third party that assists has no bearing.

 

[ibookg409]

What do the FBI thought it could find? Al Qaida PowerPoint spreadsheet?

Just do a clean wipe and donate the phone! Bang! Saved a million bucks!

The owners of the phone in questions were muslim terrorists. Don't you think it was worth getting into the phone to see if there was evidence of other impending attacks? The hack democrat senator even said it was worth the cost of getting into the phone:

"And as I subsequently learned of some of the reason for it, there were good reasons to get into that device."​

 

[Kabeyun]

Feinstein needs to retire or pass on already.

I cringe to ask, but what in this article makes you say that? And if you're just a political true believer who happens not to be aligned with her, and who'd make that comment even if she said something cute about puppies, never mind.

 

[Nunyabinez]

It was originally reported that Cellebrite helped the FBI, but then it was reported that wasn't the case. They never disclosed who helped them, I'm suspicious.

But either way, the FBI being in possession of a tool to hack into iPhones is, I think, unconstitutional. If they got a search warrant and asked the company for help to obtain information, that's one thing. But they shouldn't have the ability to hack into peoples phones

Two, things. First, "hackers" does not imply breaking the law. It implies someone who is skilled at accessing data that is allegedly secure.

A locksmith by definition is hacking a lock when they come to your house and let you in after you lock yourself out. There are plenty of "data locksmiths" out there that perform very legitimate services.

That's why we have terms like white hat and black hat to differentiate between the legitimate hackers and the criminals.

Second, being in possession of a tool to access data could not possibly be unconstitutional. There are clearly limits on how tools can be used, but If a judge issues a subpoena for information on your phone, the police have the right to use virtually any tool to extract it.

The only limit that is constitutional, is the 5th amendment which prevents the police from compelling you to incriminate yourself, which is this case would be forcing you to provide your pin. But even that is a very slim protection as they could compel you to put your finger on the touch ID assuming that it was still active.

However, I agree that companies like Apple should be able to provide security that is unbreakable by the government.

That is the only real question: Can the government compel Apple to include a back door. And that's what Feinstein really is complaining about, she was pissed that Apple made it so that she had to blow close to a million to get into a phone. She wants it for free.

 

[NT1440]

The owners of the phone in questions were muslim terrorists. Don't you think it was worth getting into the phone to see if there was evidence of other impending attacks? The hack democrat senator even said it was worth the cost of getting into the phone:

"And as I subsequently learned of some of the reason for it, there were good reasons to get into that device."​

The shooter had 2 other cell phones that he went out of his way to destroy...so common sense would dictate maybe those were the ones that might have had info on them?

The FBI ******** was, and still is, a kludge that our politicians are trying to use to mandate broken security on cell phones in the country. The UK released their white paper calling for the same thing this week.

 

[Nunyabinez]

I cringe to ask, but what in this article makes you say that? And if you're just a political true believer who happens not to be aligned with her, never mind.

She was complaining to Comey about Apple refusing to open the phone and having to spend $900k on it. She, along with a number of others want to force Apple to put a government only back door into their OS. And only the government will be able to use it of course.

 

[Kaibelf]

It sounds like Feinstein just leaked classified information to the public. Perhaps there should be an inquiry into this as well.

Perhaps something like how much money the government is wasting on wild goose chases shouldn't be classified at all considering we are running a deficit.

 

[Steve.P.JobsFan]

First, she completely ignores her constituents and uses right-wing talking points to deny single-payer healthcare.

Now, (what a surprise) she's the one who let classified information slip (oops!) and reveal the idiots at Quantico spent $900,000 to hack an iPhone.

She just can't get out of her own damn way, can she?

Lady, you're way past time to get out of politics.

 

[miknos]

The owners of the phone in questions were muslim terrorists. Don't you think it was worth getting into the phone to see if there was evidence of other impending attacks? The hack democrat senator even said it was worth the cost of getting into the phone:

"And as I subsequently learned of some of the reason for it, there were good reasons to get into that device."​

Of course there was good reasons. Asking Apple to break its encryption wasn't.

If the senator had to spend $10 of his own money, doubt he'll do it. Always easy to spend someone else's money.

If I had $900k, there will be no young and beautiful girl in need in my neighborhood.

 

[ibookg409]

Perhaps something like how much money the government is wasting on wild goose chases shouldn't be classified at all considering we are running a deficit.

Sure, but it is irrelevant. If information is classified it can not be leaked just because you don't think it is important or should be classified.

 

[Kabeyun]

The only limit that is constitutional, is the 5th amendment which prevents the police from compelling you to incriminate yourself, which is this case would be forcing you to provide your pin.

The 5th amendment, which covers self-incrimination is relevant to PINs and biometric-based access, but it's definitely not the only relevant constitutional issue. The 4th amendment, which covers illegal search and seizure, is front and center here.

 

[Nunyabinez]

The 5th amendment, which covers self-incrimination is relevant to PINs and biometric-based access, but it's definitely not the only relevant constitutional issue. The 4th amendment, which covers illegal search and seizure, is front and center here.

Yes but your statement was about it being unconstitutional to posses a tool to do a search. The 4th amendment is about unreasonable search and seizure. And I maintain the the relevant issue here is that the search is authorized by subpoena. If it is, the method is irrelevant.

With a warrant the police can smash my door, cut open seat cushions, destroy my property, etc. Certainly with a warrant they can hack my phone. If they can.

 

[MrX8503]

What a waste of money. Let's not forget he had another phone that he destroyed

 

[citizenzen]

If it was the military, it would be a $90,000,000 tool.

 

[gnasher729]

The owners of the phone in questions were muslim terrorists. Don't you think it was worth getting into the phone to see if there was evidence of other impending attacks? The hack democrat senator even said it was worth the cost of getting into the phone:

"And as I subsequently learned of some of the reason for it, there were good reasons to get into that device."​

The answer to your question is NO.

It was well known that the dead owner of the phone had a laptop and two personal phones, in addition to this phone, which was his works iPhone. (Yes, he didn't live in a tent in Syria, he lived in the USA and had a regular office job). The hard drive of the laptop disappeared and has never been found. His two personal phones have both been smashed up in a way that made it impossible to recover any information. His works iPhone, however, was in no way protected beyond what his employer demanded.

If that was my iPhone, and there was anything on it that could help the police, it would have been smashed up like the other two phones, and it wouldn't have had a four digit passcode, but at least eight digits. The police got most information from his iTunes account (with the help of Apple), and there was nothing incriminating there. My phone wouldn't have been backed up to my iTunes account if there was anything incriminating.

And then it was his works phone. Storing anything on his works phone wouldn't have been save. Any day his employer could have said "sorry, but Joe urgently needs a works phone, could you give him yours?" and that would have been a huge problem for him. If you were a terrorist, would you spread information over all your phones, especially your works phone? You'd have to be a total idiot to do that.

So it was beyond any reasonable doubt that nothing of any value would be found on his works phone.

But either way, the FBI being in possession of a tool to hack into iPhones is, I think, unconstitutional. If they got a search warrant and asked the company for help to obtain information, that's one thing. But they shouldn't have the ability to hack into peoples phones

Read what I wrote, and you should know what to do if you don't want your information to be read. But note that I'm not complaining about what the FBI did, I'm complaining that they spent $900,000 with no chance of finding anything useful, and not only that, but they told the world what they can do, so future terrorists will be more careful. They should have spent that money to have the ability for a situation when it makes a difference, without telling anyone.

 

[tgara]

The owners of the phone in questions were muslim terrorists. Don't you think it was worth getting into the phone to see if there was evidence of other impending attacks? The hack democrat senator even said it was worth the cost of getting into the phone:

"And as I subsequently learned of some of the reason for it, there were good reasons to get into that device."​

Just as a point of information, the owner of the phone in the San Bernardino shooting incident was actually the shooter's employer, who subsequently granted permission for the government to gain access to the phone after the shooting. However, the government could not access the phone without the PIN code (which the employer did not have), so they asked Apple for help. It was Apple, not the phone's owner or user, that did not want to provide access to the phone, even after a lawful court order instructed them to do so.

 

[drewsof07]

The owners of the phone in questions were muslim terrorists. Don't you think it was worth getting into the phone to see if there was evidence of other impending attacks? The hack democrat senator even said it was worth the cost of getting into the phone:

"And as I subsequently learned of some of the reason for it, there were good reasons to get into that device."​

I don't see them gleaning any information from the phone itself that had not already been retrieved from NSA/CIA/FBI counterterrorism surveillance databases. Comey himself admitted that ALL domestic communication is collected and tagged. Accessing the database requires a FISA order, but it's all collected.