FBI boss: We paid at least $1.2m to crack the San Bernardino iPhone

Nice work, if you can get it

Vid FBI director James Comey today suggested the Feds paid security experts over a million dollars to crack a San Bernardino killer's iPhone.

While speaking at the Aspen Security Forum in the UK, Comey was asked how much his agents paid hackers to break into Syed Farook's iPhone 5C. "More than I will make in the remainder of this job, which is seven years and four months, for sure," Comey replied.

With a salary of about $180,000 a year, that means $1.2m or more was coughed up to unlock the shooter's handset after Apple refused to help the g-men bypass the phone's security mechanisms.

"It was in my view worth it," he added. Of course, nothing useful was found on the iThing.

The FBI had tried to compel Apple through the courts to create a custom iOS to install on the iPhone so that it could be unlocked by guessing the PIN without the device wiping itself after too many wrong attempts. Eventually, the FBI gave up and used some unnamed infosec hackers instead to extract the contents of the iPhone's file system.

You can watch the whole hour-long exchange here:

Youtube Video

Comey also tried to play down fears that the FBI is spying on everyone, saying it was difficult to debate about the pros and cons of encryption on Twitter:

It is really hard for us to get permission to listen to someone's phone calls or collect their online communications. There's a devil – an angel in those details: sometimes people think, well, the FBI will just go listen to my phone. Yes, if we're able to go to a federal judge and make a showing of probable cause that you are a foreign terrorist, a spy or someone engaged in serious criminal activity and you're using that device to do that.

It's easy to paint the FBI or the FBI director as the enemy of privacy. I love privacy. I'm a huge fan of strong encryption. But we have a responsibility to keep people safe and there are really bad people in this world. To keep people safe, with appropriate oversight, we need to know what they're talking about. That's why we have to continue to talk about this [the encryption debate].

This is after the FBI's use of the NSA's PRISM database to snoop on American citizens was deemed unconstitutional by a watchdog – who was ultimately overruled by the US government's secretive Foreign Intelligence Surveillance Court. ®

PS: Comey also said bad guys on the internet are more likely to use their skills for espionage and organizing and communicating, than attacking physical systems, such as network-connected dams and pipelines. However, he said it was "inevitable" that criminals will move onto these serious targets.

Similar topics

Other stories you might like

  • Apple may have to cough up $1bn to Brits in latest iPhone Batterygate claim
    Lawsuit took its time, just like your older iOS handset

    Another day, another legal claim against Apple for deliberately throttling the performance of its iPhones to save battery power.

    This latest case was brought by Justin Gutmann, who has asked the UK's Competition Appeal Tribunal (CAT) to approve a collective action that could allow as many as 25 million Brits to claim compensation from the American technology giant. He claims the iGiant secretly degraded their smartphones' performance to make the battery power last longer.

    Apple may therefore have to cough up an eye-popping £768 million ($927 million), Gutmann's lawyers estimated, Bloomberg first reported this week.

    Continue reading
  • Man gets two years in prison for selling 200,000 DDoS hits
    Over 2,000 customers with malice on their minds

    A 33-year-old Illinois man has been sentenced to two years in prison for running websites that paying customers used to launch more than 200,000 distributed denial-of-services (DDoS) attacks.

    A US California Central District jury found the Prairie State's Matthew Gatrel guilty of one count each of conspiracy to commit wire fraud, unauthorized impairment of a protected computer and conspiracy to commit unauthorized impairment of a protected computer. He was initially charged in 2018 after the Feds shut down 15 websites offering DDoS for hire.

    Gatrel, was convicted of owning and operating two websites – DownThem.org and AmpNode.com – that sold DDoS attacks. The FBI said that DownThem sold subscriptions that allowed the more than 2,000 customers to run the attacks while AmpNode provided customers with the server hosting. AmpNode spoofed servers that could be pre-configured with DDoS attack scripts and attack amplifiers to launch simultaneous attacks on victims.

    Continue reading
  • Former chip research professor jailed for not disclosing Chinese patents
    This is how Beijing illegally accesses US tech, say Feds

    The former director of the University of Arkansas’ High Density Electronics Center, a research facility that specialises in electronic packaging and multichip technology, has been jailed for a year for failing to disclose Chinese patents for his inventions.

    Professor Simon Saw-Teong Ang was in 2020 indicted for wire fraud and passport fraud, with the charges arising from what the US Department of Justice described as a failure to disclose “ties to companies and institutions in China” to the University of Arkansas or to the US government agencies for which the High Density Electronics Center conducted research under contract.

    At the time of the indictment, then assistant attorney general for national security John C. Demers described Ang’s actions as “a hallmark of the China’s targeting of research and academic collaborations within the United States in order to obtain U.S. technology illegally.” The DoJ statement about the indictment said Ang’s actions had negatively impacted NASA and the US Air Force.

    Continue reading

Biting the hand that feeds IT © 1998–2022