FBI boss: We paid at least $1.2m to crack the San Bernardino iPhone

Nice work, if you can get it

Vid FBI director James Comey today suggested the Feds paid security experts over a million dollars to crack a San Bernardino killer's iPhone.

While speaking at the Aspen Security Forum in the UK, Comey was asked how much his agents paid hackers to break into Syed Farook's iPhone 5C. "More than I will make in the remainder of this job, which is seven years and four months, for sure," Comey replied.

With a salary of about $180,000 a year, that means $1.2m or more was coughed up to unlock the shooter's handset after Apple refused to help the g-men bypass the phone's security mechanisms.

"It was in my view worth it," he added. Of course, nothing useful was found on the iThing.

The FBI had tried to compel Apple through the courts to create a custom iOS to install on the iPhone so that it could be unlocked by guessing the PIN without the device wiping itself after too many wrong attempts. Eventually, the FBI gave up and used some unnamed infosec hackers instead to extract the contents of the iPhone's file system.

You can watch the whole hour-long exchange here:

Youtube Video

Comey also tried to play down fears that the FBI is spying on everyone, saying it was difficult to debate about the pros and cons of encryption on Twitter:

It is really hard for us to get permission to listen to someone's phone calls or collect their online communications. There's a devil – an angel in those details: sometimes people think, well, the FBI will just go listen to my phone. Yes, if we're able to go to a federal judge and make a showing of probable cause that you are a foreign terrorist, a spy or someone engaged in serious criminal activity and you're using that device to do that.

It's easy to paint the FBI or the FBI director as the enemy of privacy. I love privacy. I'm a huge fan of strong encryption. But we have a responsibility to keep people safe and there are really bad people in this world. To keep people safe, with appropriate oversight, we need to know what they're talking about. That's why we have to continue to talk about this [the encryption debate].

This is after the FBI's use of the NSA's PRISM database to snoop on American citizens was deemed unconstitutional by a watchdog – who was ultimately overruled by the US government's secretive Foreign Intelligence Surveillance Court. ®

PS: Comey also said bad guys on the internet are more likely to use their skills for espionage and organizing and communicating, than attacking physical systems, such as network-connected dams and pipelines. However, he said it was "inevitable" that criminals will move onto these serious targets.

Keep Reading

Tech Resources

What WAF is right for you

Applications are architected in many ways, but all need protection from threats. Learn the most important things to consider when choosing a WAF.

Three reasons you need a hybrid multicloud

Businesses need their IT teams to operate applications and data in a hybrid environment spanning on-premises private and public clouds. But this poses many challenges, such as managing complex networking, re-architecting applications for the cloud, and managing multiple infrastructure silos. There is a pressing need for a single platform that addresses these challenges - a hybrid multicloud built for the digital innovation era. Just this Regcast to find out: Why hybrid multicloud is the ideal path to accelerate cloud migration.

Top 20 Private Cloud Questions Answered

Download this asset for straight answers to your top private cloud questions.

How backup modernization changes the ransomware game

If the thrill of backing up your data and wondering if you will ever see it again has worn off, start the new year by getting rid of the lingering pain of legacy backup. Bipul Sinha, CEO of the Cloud Data Management Company, Rubrik, and Miguel Zatarain, Director of Global Infrastructure Technology at PACCAR, Fortune 500 manufacturer of trucks and Rubrik customer, are talking to the Reg’s Tim Phillips about how to eliminate the costly, slow and spotty performance of legacy backup, and how to modernize your implementation in 2021 to make your business more resilient.

Biting the hand that feeds IT © 1998–2021