DOJ’s Awesome New Trick to Break into Apple Phones

/11 Comments/in /by

DOJ has apparently come up with an amazing new trick to break into Apple phones: to ask defendants in the weeks before they sentence them.

Throughout the challenge over the phone in EDNY, Apple has raised a number of other ways DOJ could get into Jun Feng’s phone. That includes some known forensic tools, but especially — given that Feng pled guilty — simply asking him for his password a second time. According to WSJ’s report on why DOJ just withdrew their request in that case, DOJ hadn’t tried the latter method, until now.

In a one-page letter filed with a Brooklyn federal court Friday night, the government said an individual had recently come forward to offer the passcode to the long-locked phone. The filing means that in both of the high-profile cases pitting the Justice Department against Apple, the government first said it couldn’t open the phone, only to suddenly announce it had found a way into the device as the case proceeded in court.

“Yesterday evening, an individual provided the passcode to the iPhone at issue in this case,’’ prosecutors said in their terse letter to the judge. “Late last night, the government used that passcode by hand and gained access to the iPhone. Accordingly, the government no longer needs Apple’s assistance to unlock the iPhone, and withdraws its application.’’

[snip]

After he was arrested, Mr. Feng told agents that he didn’t remember the phone’s passcode, leading investigators eventually to seek Apple’s help. The Wall Street Journal reported last week that Mr. Feng only recently learned his phone had become an issue in a high-stakes legal fight between prosecutors and Apple. Mr. Feng, who has pleaded guilty and is due to be sentenced in the coming weeks, is the one who provided the passcode to investigators, according to people familiar with the matter.

Geniuses! Use the sentencing process, rather than the All Writs Act, to open up a phone captured two years ago (which probably has even less usable evidence than Syed Rizwan Farook’s phone did.

These prosecutors are really using some amazing tools these days.

 

Friday Morning: This Thing Called Life

/15 Comments/in , /by

It’s Friday, when we usually cover a different jazz genre. But we’re playing these sorry cards we’ve been dealt this week and observing the passing of a great artist.

We’ll probably all be sick of seeing this same video, but it is one of the very few of Prince available for embedding with appropriate intellectual property rights preserved. It’s a result of Prince’s tenacious control over his artistic product that we won’t have ready access to his past performances, but this same tenacity taught many artists how to protect their interests.

It’s worth the hour and a quarter to watch the documentary Prince in the 1980s; the enormity of his talent can’t be understood without reactions by professionals to his abilities.

The way his voice slides easily into high registers at 05:44, his guitar playing beginning at 06:53, offer us just the smallest glimpses of his spectacular gifts.

Good night, sweet Prince, may flights of angels sing thee to thy rest.

Great Google-y moogley

  • European Community’s Antitrust Commission issued a Statement of Objections regarding perceived breaches of antitrust laws by Google’s Android operating system (European Commission press release) — The EU has a problem with Android’s ~90% market share in some member states. They may have a tough time with their case as the EU did very little to preserve the Nokia Symbian OS when Microsoft bought Nokia phone business. Their point about lack of application interoperability and portability between mobile devices is also weak as they did not make that case with Windows-based applications on personal computers. Further, Google has been aggressive to the point of annoyance in its efforts to segregate Android and Google apps — I can attest to this, having a handful of Android devices which have required irritating application upgrades to facilitate this shift over the last year and a half. This will be an interesting case to watch.
  • The second annual Android Security Report was released on Google’s blog this week (Google Blog) — Some interesting numbers in this report, including Google’s revelation that it scans 400 million devices a day. Gee, a figure intelligence agencies must envy.
  • Roughly 29% of Android devices can’t be accessed to issue monthly security patches (Naked Security) — Sophos has a bit of an attitude about the back-of-the-envelope number it scratched out, calculating a little more than 400 million Android devices may not be running modern Android versions Google can patch, or may not be accessible to scanning for patching. You’d think a cybersecurity vendor would revel in this opportunity to sell product. Or that an otherwise intelligent and successful security firm would recognize the numbers reflect Android’s continued dominance in the marketplace with more than 1.4 billion active devices. The risk is big, but how much of that risk is due to the success of the devices themselves — still highly usable if aging, with insufficient memory for upgrades? Sounds so familiar (*cough* Windows XP)…
  • Google passed a benchmark with mobile version of Chrome browser on more than 1 billion devices (Business Insider) — Here’s another opportunity to screw up interpretation of data: mobile Chrome works on BOTH Android and iOS devices. I know for a fact the latest mobile Chrome will NOT work on some older Android devices.

Under Not-Google: Opera browser now has free built-in VPN
A lesser-known browser with only 2% of current market share, Opera is a nice alternative to Chrome and Firefox. Its new built-in free VPN could help boost its market share by offering additional privacy protection. It’s not clear this new feature will protect users against censorship tools, though — and this could be extremely important since this Norwegian software company may yet be acquired by a Chinese company which placed a bid on the firm a couple of months ago.

Definitely Not-Google: Apple cracker cost FBI more than $1 million
Can’t swing an iPad without hitting a report on FBI director James Comey’s admission at the Aspen Security Forum this week in Londn that cracking the San Bernardino shooter’s work iPhone cost “more than I will make in the remainder of this job, which is 7 years and 4 months,” or more than $1 million dollars. Speaking of exorbitant expenses, why was Comey at this forum in London? Oh, Comey was the headliner for the event? Isn’t that interesting…wonder if that speaking gig came with speaker’s fee?

That’s it for this week’s morning roundups. Hope you have a nice weekend planned ahead of you!

Thursday Morning: Come on Now [UPDATE]

/10 Comments/in , /by

Come on now,
who do you,
who do you,
who do you,
who do you think you are,
Ha ha ha bless your soul.
You really think you’re in control.

— excerpt, Crazy by Gnarls Barkley

The kids are all #TBT on Twitter — posting throwback material from their youth, which seems like just yesterday to me. I’ve got socks older than most of the stuff they share. But I have fun with it anyhow, like this Gnarls Barkley song. Perfect to sing at the top of your lungs in the office if you can get away with it.

Speaking of crazy…

Deadline today for Volkswagen
A deadline for a “concrete proposal for getting the polluting vehicles off the road” was due last month on March 24th after U.S. District Judge Charles Breyer gave VW a 30-day period to develop this solution.

That deadline was not met; Judge Breyer offered another 30-day extension as he felt progress was made. Today’s that second deadline, and it’s not clear a technical solution fixing the vehicles will be included in the proposal.

Reports suggest a combination of vehicle buy-backs and financial incentives may be offered along with funding for remediation. But no reports indicate development of true clean diesel technology to replace the emissions control units programmed to defeat emissions testing. Note from LAT’s article:

…The agreement would give some owners the choice of having Volkswagen repair their cars or buy them back, but it does not include plans on how to repair the vehicles, according to the person, who asked not to be identified because the deal hadn’t been made public.
[…]
… But some owners of newer models who get just a software fix may receive little. About 325,000 owners of older cars that require more extensive repairs likely will get more, because the repairs could affect mileage and performance.

In other words, some of the emissions test-defeating software may be replaced with software that actually meets emissions tests, but it may make the vehicles much less fuel efficient.

This is the crazy, right here: Barring a surprise announcement today, there is no commercially-viable clean passenger diesel technology. There never was — not even years after the first so-called clean passenger diesel was sold. That’s the fraud at the heart of Dieselgate.

UPDATE — 4:00 P.M. EDT —
At a hearing this morning in San Francisco, VW agreed on a deal to buy back or repair about 480,000 passenger diesel cars. Details have not yet been released and may not be until June 21st when VW is expected to have finished dotting all I’s and crossing all T’s.

The deal appears to cover 2.0L vehicles, but 85,000 VW-, Audi- and Porsche-brand vehicles with 3.0L engines are still up in the air. This may suggest performance and fuel efficiency are still problems with any emission control unit repairs.

The deal will also include some funds for pollution remediation, but details about remediation efforts are also unavailable.

Here’s Bloomberg’s report on VW, and here’s Reuters.

Guess we’ll save the Google-y bits for tomorrow, leave today for Volkswagen.

SS7 and NSA’s Redundant Spying

/9 Comments/in , , /by

SS7 countermeasuresOn Sunday, 60 Minutes brought attention to an issue first exposed by researchers some years back: the ease with which people can use the SS7 system that facilitates global mobile phone interoperability to spy on you.

Sharyn Alfonsi: If you just have somebody’s phone number, what could you do?

Karsten Nohl: Track their whereabouts, know where they go for work, which other people they meet when– You can spy on whom they call and what they say over the phone. And you can read their texts.

60 Minutes was smart in that they got Congressman Ted Lieu to agree to be targeted.

Congressman Lieu didn’t have to do anything to get attacked.

All Karsten Nohl’s team in Berlin needed to get into the congressman’s phone was the number. Remember SS7 –that little-known global phone network we told you about earlier?

Karsten Nohl: I’ve been tracking the congressman.

[snip]Sharyn Alfonsi: Are you able to track his movements even if he moves the location services and turns that off?

Karsten Nohl: Yes. The mobile network independent from the little GPS chip in your phone, knows where you are. So any choices that a congressman could’ve made, choosing a phone, choosing a pin number, installing or not installing certain apps, have no influence over what we are showing because this is targeting the mobile network. That of course, is not controlled by any one customer.

[snip]

Sharyn Alfonsi: What is your reaction to knowing that they were listening to all of your calls?

Rep. Ted Lieu: I have two. First, it’s really creepy. And second, it makes me angry.

Sharyn Alfonsi: Makes you angry, why?

Rep. Ted Lieu: They could hear any call of pretty much anyone who has a smartphone. It could be stock trades you want someone to execute. It could be calls with a bank.

Karsten Nohl’s team automatically logged the number of every phone that called Congressman Lieu — which means there’s a lot more damage that could be done than just intercepting that one phone call.

So now Lieu is furious — and pushing House Oversight Committee to conduct an investigation into SS7’s vulnerabilities.

Of course, it’s probably best to think of SS7’s vulnerabilities not as a “flaw,” as 60 Minutes describes it, but a feature. The countries that collectively aren’t demanding change are also using this vulnerability to spy on their subjects and adversaries.

But the fact that Lieu — who really is one of the smartest Members of Congress on surveillance issues — is only now copping onto the vulnerabilities with SS7 suggests how stunted our debate over dragnet surveillance was and is. For two years, we debated how to shut down the Section 215 dragnet, which collected a set of phone records that was significantly redundant with what we collected “overseas” — though in fact the telecoms’ production of such records was mixed together until 2009, suggesting for years Section 215 probably served primarily as legal cover, not the actual authorization for the collection method used. We had very credulous journalists talking about what a big gap in cell phone records NSA faced, in part because FISC frowned on letting NSA collect location data domestically. Yet all the while (as some smarter commenters here have said), NSA was surely exploiting SS7 to collect all the cell phone records it needed, including the location data. Members of Congress like Lieu — on neither the House Intelligence (which presumably has been briefed) or the House Judiciary Committees — would probably not get briefed on the degree to which our intelligence community thrives on using SS7’s vulnerabilities.

What I find perhaps most interesting about this new flurry of attention on SS7 is that the researchers behind it were hired by some “international telecoms” to find ways to improve security sometime in advance of December 2014 (when they first presented their work). The original CCC presentation on this vulnerability (see after 40:00) included a general discussion of what cell phone providers could do to increase the security of their users (see above). 60 Minutes noted that some US providers were doing more than others.

The NSA presumably could and did use entirely SS7 collection for cell phones — especially US based ones — until such time as domestic providers started making them less accessible (and once they were unaccessible overseas, then subject to legal process, though even some of the countermeasures would still leave a US user exposed to other US providers). That needs to be understood (should have been, before the passage of USA Freedom) to really understand the degree to which Congress has any influence over the NSA.

Wednesday Morning: Water, Water, Everywhere [UPDATE]

/24 Comments/in , , /by

Day after day, day after day,
We stuck, nor breath nor motion;
As idle as a painted ship
Upon a painted ocean.

Water, water, every where,
And all the boards did shrink;
Water, water, every where,
Nor any drop to drink.

— excerpt, The Rime of the Ancient Mariner by Samuel Taylor Coleridge

Felony and misdemeanor charges are expected today in the Flint water crisis. State Attorney General Bill Schuette will put on a media dog-and-pony show, when it is expected that three persons — two engineers with the Michigan Department of Environmental quality and a Flint water department employee — will be charged for Flint’s lead water levels after the cut-over to Flint River water.

Mind you, the descriptions of these persons do not match that of higher level persons who were responsible for

1) making the final decision to cut Flint off from Detroit’s water system and switching to the Flint river;
2) evaluating work performed by consulting firms about the viability of Flint River as a water source, or about reporting on lead levels after the cut-over;
3) ensuring the public knew on a timely basis the water was contaminated once it was already known to government officials;
4) lack of urgency in responding to a dramatic uptick in Legionnaire’s disease, or the blood lead levels in children.

Just for starters. Reading the Flint water crisis timeline (and yes, it needs updating), it’s obvious negligence goes all the way to the top of state government, and into the halls of Congress.

Michigan’s Governor Snyder has elected to perform some weird self-flagellating mea culpa or performance art, by insisting he and his wife will drink filtered Flint city water for a month. It’s a pointless gesture since the toxic lead levels, experienced during the two years immediately after the city’s cut-over to the Flint River, have already fallen after doing permanent damage to roughly eight thousand children in and around Flint.

Flint’s Mayor Karen Weaver said about the governor’s stunt, “[H]e needs to come and stay here for 30 days and live with us and see what it’s like to use bottled or filtered water when you want to cook and when you want to brush your teeth.”

Or get a new mortgage, I would add. The gesture also does nothing for Flint’s property values. Imagine living in Flint, trying to refinance your home to a lower interest rate, telling the bank, “Oh, but the water’s safe enough for the governor!” and the bank telling you, “Nah. Too risky.”

UPDATE — 10:45 AM EDT —
Charges have been filed against City of Flint’s Laboratory & Water Quality Supervisor Mike Glasgow and Michigan Department of Environmental Quality Office of Drinking Water and Management Assistance district director Steven Busch and MI-ODWMA District Engineer Michael Prysby. Mlive.com-Flint reports,

Glasgow is accused of tampering with evidence when he allegedly changed testing results to show there was less lead in city water than there actually was. He is also charged with willful neglect of office.

Prysby and Busch are charged with misconduct in office, conspiracy to tamper with evidence, tampering with evidence, a treatment violation of the Michigan Safe Drinking Water Act and a monitoring violation of the Safe Drinking Water.

None of the individuals charged in the case have been arraigned.

Sure would like to see the evidence on Glasgow, given the email he wrote 14-APR-2014 (see the timeline).

House hearing on encryption yesterday

  • Worth the time if you have it to listen to the House Energy and Commerce Oversight and Investigations Subcommittee’s hearing, ‘Deciphering the Debate Over Encryption: Industry and Law Enforcement Perspectives‘ to catch Apple’s general counsel Bruce Sewell and UPenn’s CIS asst. prof. Matt Blaze. Not so much for Indiana State Police Captain Charles Cohen, who was caught up in misinfo/disinfo about Apple’s alleged non-cooperation with the U.S. government. Wish there was a transcript, especially for the part where Sewell was quizzed as to whether Apple would encrypt their cloud.
  • Speaking of Cohen and misinfo/disinfo, Apple said it hasn’t released source code to Chinese (Reuters) — This is the spin IN’s Cohen got caught up in. Nope.

Another Congressional hearing of interest: Fed Cybersecurity
In case you missed it, catch the video of today’s House Oversight Subcommittee on Information Technology hearing on Federal Cybersecurity Detecion, Response, and Mitigation. You may have seen Marcy’s tweets on this hearing, at which Juniper Networks was a no-show, and Rep. Ted Lieu (D-CA) was kind of pissed off. Catch Bruce Schneier’s post about Juniper’s vulnerability.

Volkswagen has company: Mitsubishi’s mileage data tweaked to cheat
The Japanese automaker may have to pay back tax rebates offered on vehicles meeting certain fuel efficiency standards. Data from mileage tests on hundreds of thousands of cars was fudged to make the cars look 5-10 percent more efficient.

Speaking of cheating: Volkswagen’s use of code words masked references to emissions controls cheats
The amount of data under review along with the use of code words and phrases like “acoustic software” may delay the completion of the probe’s report. Don’t forget: tomorrow is the second 30-day deadline set for VW to provide a technical solution for owners of its passenger diesel vehicles.

That’s enough. Michigan state AG newser underway now as I update this again at 1:15 p.m. EDT; I may not update here since I addressed known charges above. Catch you on the other side of the hump.

Tuesday Morning: Trash Day

/7 Comments/in , , /by

It’s trash day in my neighborhood. Time to take the garbage to the curb. I aim for as little trash as possible, which means buying and consuming less processed/more fresh foods. I use paper/glass/ceramic/stainless steel for storage, avoiding plastics as much as possible. Every lick of plastic means oil — either the plastic has been created wholly from oil, or fossil fuels have been used in its manufacture. Can say the same about the manufacturing of paper/glass/ceramic/stainless steel, but paper can be composted/recycled/renewed, and the rest can be used for lifetimes if cared for. I use ceramic bowls that belonged to my great-grandmother, and stainless pots and bowls once belonging to my mother, and I expect to hand them down some day.

Which makes me all judgy when I’m walking through the neighborhood, side-eyeing the garbage cans at the curb. Can’t believe how much waste is created every week, and how willing we are to pay tax dollars to stick it in the ground as landfill. How can Family X not bother to recycle at all? How can Family Y live on so much processed, chemical-laden garbage? It’s all right there at the end of their driveway, their addiction to fossil fuel consumption spelled out in trash.

What small change can you make in your lifestyle so Judgy McJudgyPants here doesn’t side-eye your trash cans?

Speaking of trash…

Piling on the wonks, Part 3: United Healthcare exiting Obamacare in Michigan
Disclosure: UHC is my health insurer, which I am fortunate enough to afford. But I couldn’t stay with them if I had to go on Obamacare. UHC says it’s losing too much money in Michigan to remain in the program — not certain how given the double-digit underwriting increase it posted for this past year. UHC will leave other states which may not fare as well as Michigan, and even Michigan will suffer from decreasing competition. Do tell us, though, wonks, how great Obamacare is. I’m sure I will feel better should I ever have to shop Obamacare plans for pricey coverage with a dwindling number of providers. And if you missed the previous discussions on inept Obamacare wonkery, see Part 1 by Marcy and Part 2 by Ed Walker.

Tech Tiews

  • Don’t let anybody say Apple isn’t cooperating with law enforcement (Phys.org) — Apple has, to the tune of 30,000 times from Jul-Dec 2015 alone, according to a report released late Monday.
  • BlackBerry CEO says telecom companies should ‘comply with reasonable lawful access requests‘ to assist law enforcement (Reuters) — Nice bit of footwork from a company which passed their encryption key to Canadian law enforcement as far back as 2010.
  • If you missed the 60 Minutes segment about the security threat posted by Signalling System Number 7 protocol (SS7), you should read up. (The Guardian) — Also wouldn’t hurt to look into end-to-end encryption for your communications. Wonder what role SS7 played in NSA’s and GHCQ’s ‘treasure mapping’ Germany’s Telekom and other global networks, and if this explains why SS7 is still not secure?
  • [Presence of drugs in car] plus [pics of cash on phone] = suspicious (Ars Technica) — Wait, isn’t the presence of illegal drugs in one’s car enough to make one a suspect?
  • New technology for chip-embedded smart cards will speed checkout times, says VISA (Phys.org) — What the hell are we being forced to switch to so-called smart cards for if they don’t actually improve checkout process already? We’ll piss away any savings from increased security standing in line waiting.

Time to fetch the emptied trash can. See you tomorrow!

Monday Morning: Calm, You Need It

/5 Comments/in , /by

Another manic Monday? Then you need some of Morcheeba’s Big Calm combining Skye Edward’s mellow voice with the Godfrey brothers’ mellifluous artistry.

Apple’s Friday-filed response to USDOJ: Nah, son
You can read here Apple’s response to the government’s brief filed after Judge James Orenstein’s order regarding drug dealer Jun Feng’s iPhone. In a nutshell, Apple tells the government they failed to exhaust all their available resources, good luck, have a nice life. A particularly choice excerpt from the preliminary statement:

As a preliminary matter, the government has utterly failed to satisfy its burden to demonstrate that Apple’s assistance in this case is necessary—a prerequisite to compelling third party assistance under the All Writs Act. See United States v. N.Y. Tel. Co. (“New York Telephone”), 434 U.S. 159, 175 (1977). The government has made no showing that it has exhausted alternative means for extracting data from the iPhone at issue here, either by making a serious attempt to obtain the passcode from the individual defendant who set it in the first place—nor to obtain passcode hints or other helpful information from the defendant—or by consulting other government agencies and third parties known to the government. Indeed, the government has gone so far as to claim that it has no obligation to do so, see DE 21 at 8, notwithstanding media reports that suggest that companies already offer commercial solutions capable of accessing data from phones running iOS 7, which is nearly three years old. See Ex. B [Kim Zetter, How the Feds Could Get into iPhones Without Apple’s Help, Wired (Mar. 2, 2016) (discussing technology that might be used to break into phones running iOS 7)]. Further undermining the government’s argument that Apple’s assistance is necessary in these proceedings is the fact that only two and a half weeks ago, in a case in which the government first insisted that it needed Apple to write new software to enable the government to bypass security features on an iPhone running iOS 9, the government ultimately abandoned its request after claiming that a third party could bypass those features without Apple’s assistance. See Ex. C [In the Matter of the Search of an Apple iPhone Seized During the Execution of a Search Warrant on a Black Lexus IS300, Cal. License Plate #5KGD203 (“In the Matter of the Search of an Apple iPhone” or the “San Bernardino Matter”), No. 16-cm-10, DE 209 (C.D. Cal. Mar. 28, 2016)]. In response to those developments, the government filed a perfunctory letter in this case stating only that it would not modify its application. DE 39. The letter does not state that the government attempted the method that worked on the iPhone running iOS 9, consulted the third party that assisted with that phone, or consulted other third parties before baldly asserting that Apple’s assistance remains necessary in these proceedings. See id. The government’s failure to substantiate the need for Apple’s assistance, alone, provides more than sufficient grounds to deny the government’s application.

Mm-hmm. That.

Dieselgate: Volkswagen racing toward deadline

  • Thursday, April 21 is the extended deadline for VW to propose a technical solution for ~500,000 passenger diesel cars in the U.S. (Intl Business Times) — The initial deadline was 24-MAR, establishing a 30-day window of opportunity for VW to create a skunkworks team to develop a fix. But if a team couldn’t this inside 5-7 years since the cars were first sold in the U.S., another 30 days wouldn’t be enough. Will 60 days prove the magical number? Let’s see.
  • VW may have used copyrighted hybrid technology without paying licensing (Detroit News) — What the heck was going on in VW’s culture that this suit might be legitimate?
  • After last month’s drop-off in sales, VW steps up discounting (Reuters) — Trust in VW is blamed for lackluster sales; discounts aren’t likely to fix that.

Once around the kitchen

  • California’s winter rains not enough to offset long-term continued drought (Los Angeles Times) — Op-ed by Jay Famiglietti, senior water scientist at the NASA Jet Propulsion Laboratory–Pasadena and UC-Irvine’s professor of Earth system science. Famiglietti also wrote last year’s gangbuster warning about California’s drought and incompatible water usage.
  • Western scientists meet with North Korean scientists on joint study of Korean-Chinese volcano (Christian Science Monitor) — This seems quite odd, that NK would work in any way with the west on science. But there you have it, they are meeting over a once-dormant nearly-supervolcano at the Korea-china border.
  • BTW: Deadline today for bids on Yahoo.

There you are, your week off to a solid start. Catch you tomorrow morning!

The FBI’s Asinine Attempt to Retroactively Justify Cracking Farook’s Phone

/7 Comments/in , /by

“Hold on honey,” said Syed Rizwan Farook, who had just murdered 14 of his co-workers, “let me go get my work phone in case they call me during our getaway”

That’s the logic the FBI is now peddling to reporters who are copping onto what was clear from the start: that there was never going to be anything of interest on Farook’s phone. After all, they’re suggesting geolocation data on the phone (some of which would be available from Verizon) might explain the 18 minutes of the day of the attack the FBI has yet to piece together.

For instance, geolocation data found on the phone might yet yield clues into the movements of the shooters in the days and weeks before the attack, officials said. The bureau is also trying to figure out what the shooters did in an 18-minute period following the shooting.

Farook drove a SUV to the attack and was killed in the same SUV. To suggest his work phone, which was found in a Lexus at his house, might have useful geolocation data about the day of the attack would suggest he made a special trip to the car to leave his phone in it and turned it off afterwards (if we really believe it was off and not just drained when the FBI found it the day after the attack).

Hold on honey, let me go place my work phone in the Lexus.

Similarly, it is nonsensical to suggest the phone would yield evidence of ties with foreign terrorists.

The FBI has found no links to foreign terrorists on the iPhone of a San Bernardino, Calif., terrorist but is still hoping that an ongoing analysis could advance its investigation into the mass shooting in December, U.S. law enforcement officials said.

They’ve had the metadata from the phone since December 6, at the latest. That’s what would show ties with foreign terrorists, if Farook had been so stupid as to plot a terrorist attack against his colleagues on his work phone, to which his employer had significant access.

Finally, reporters should stop repeating the FBI’s claim that Farook turned off his backups.

In particular, the bureau wanted to know if there was data on the phone that was not backed up in Apple’s servers. Farook had stopped backing up the phone to those servers in October, six weeks before the attack.

The government has actually never said that in sworn declarations. Rather, their forensics guy, Christopher Pluhar, asserted only that Farook may have turned them off.

Importantly, the most recent backup is dated October 19, 2015, which indicates to me that Farook may have disabled the automatic iCloud backup feature associated with the SUBJECT DEVICE. I believe this because I have been told by SBCDPH that it was turned on when it was given to him, and the backups prior to October 19, 2015 were with almost weekly regularity. [my emphasis]

But if he did, he was a damned incompetent terrorist, because — as Jonathan Zdziarski, who is quoted in this article, pointed out — at the same screen he would have used to turn off the iCloud backup, he could have also deleted all his prior backups, which we know he didn’t do.

  • Find my iPhone is still active on the phone (search by serial number), so why would a terrorist use a phone he knew was tracking him? Obviously he wouldn’t. The Find-my-iPhone feature is on the same settings screen as the iCloud backup feature, so if he had disabled backups, he would have definitely known the phone was being tracked. But the argument that Farook intentionally disabled iCloud backup does not hold water, since he would have turned off Find-my-iPhone as well.
  • In addition to leaving Find-my-iPhone on, the option to delete all prior backups (which include iMessage history and other content) is also on the same settings screen as the option to disable iCloud backups. If Farook was trying to cover up evidence of leads, he would have also deleted the existing backups that were there. By leaving the iCloud backup data, we know that Farook likely did not use the device to talk to any leads prior to October 19.

We also know from a supplemental Pluhar declaration that Farook had not activated the remote-wipe function, which he also would have done if he were a smart terrorist trying to cover his tracks.

Finally, Apple’s Privacy Manager, as Erik Neuwenschander demonstrated, Pluhar didn’t know what the fuck he was talking about with regards to backups.

Agent Pluhar also makes incorrect claims in paragraph 10(b). Agent Pluhar claims that exemplar iPhones that were used as restore targets for the iCloud backups on the subject device “showed that … iCloud back-ups for ‘Mail,’ ‘Photos,’ and ‘Notes’ were all turned off on the subject device.” This is false because it is not possible. Agent Pluhar was likely looking at the wrong screen on the device. Specifically, he was not looking at the settings that govern the iCloud backups. It is the iCloud backup screen that governs what is backed up to iCloud. That screen has no “on” and “off” options for “Mail,” “Photos,” or “Notes.

Zdziarski offers another possible explanation for the lack of backups on Farook’s phone, so there are other possible explanations.

iCloud backups could have ceased for a number of reasons, including a software update that was released on October 21, just two days after the last backup, or due to iCloud storage filling up.

The point is, we don’t know, and it’s not even clear Pluhar would know how to check. So given all that other evidence suggesting Farook may not have turned off his backups, journalists probably should not claim, as fact, he did.

Of course, that claim is really just a subset of the larger set of the bullshit FBI has fed us about the phone. It’d really be nice if people stopped taking their bullshit claims seriously, as so few of the past ones have held up.

Friday Morning: Dark Water Jazz

/5 Comments/in , , /by

It’s Friday and that means jazz here at emptywheel. But no genre exploration today, just this lovely, evocative downtempo jazz/trip hop fusion work.

It’s dark water jazz indeed this week…

Congress oublies the Flint water crisis
I can’t find anything in C-SPAN about the House Energy and Commerce Committee hearing which was to address the crisis. Convenient for Republicans running for office right now to keep themselves at arm’s length from a Republican scandal. We’re lucky the hearing was captured at all; it can be found at the committee’s website. (Video 3:44:08)

It must be difficult to kowtow to traditional GOP underwriters while trying to appear like you’re doing a credible job of representing Americans most in need. But it’s a lot easier to bury and forget the inconvenient.

The latest scuttlebutt is that the bipartisan Energy Policy Modernization Act of 2015 (S.2012) will proceed without additional funding to remedy Flint’s damaged water system, still replete with lead piping. Senate Republicans led by Senator Mike Lee of Utah protested the inclusion of funding for Flint in this bill, threatening to reject it altogether.

Wait — you know who’s up for reelection this season? Senator Mike Lee! Amazing coincidence! Or not. You know, Senator Lee, when your fellow senators leak about your obstruction, you should catch a clue. Sometimes actually helping Americans is more important than sucking up to your anti-tax overlords.

You know who else is up for reelection this season? Senator Lisa Murkowski, the chair of the counterpart Senate Energy Committee and the sponsor of S.2012. You’d think she’d want to look effective as a leader and at governance.

Roughly 8,000 children will continue to live as if they are in a third world country, with a patchwork of assistance for their health and education, but no relief from the lead pipes which continue to run from the water department to their homes. Imagine them drinking water out bottles for the rest of their childhoods, their families having to take additional time and effort to lug bottles upon bottles for their daily essential needs.

Don’t even suggest these families leave. They are stuck, STUCK in Flint, because their property values have been gutted by the failure of a GOP-led state administration, and the continued avoidance by a GOP-led Congress. Who wants to buy a home with lead pipes in Flint now? Which banks want to finance new mortgages to those homes? Which insurers want to write coverage on them?

Some government aid has been offered to Flint — which the ever-ineffectual Rep. Fred Upton recited like a litany during the hearing (see 0:13:30 in the video) — but none of it addresses the lead piping.

Donald Trump won the Republican primary in Flint’s home county of Genessee, by the way. Can’t understand why…

Cleaning off the desk
Stuff worth perusing, but I’m not going to elaborate on before I chuck it in the bin for the week.

  • Microsoft suing U.S. government for gagging the software company about government requests for users’ information. (Microsoft) — MSFT president Brad Smith wrote in a blog post about the suit; note the complaint here (pdf) in which MSFT shared these details:

    Between September 2014 and March 2016, Microsoft received 5,624 federal demands for customer information or data. Of those, nearly half—2,576—were accompanied by secrecy orders, forbidding Microsoft from telling the affected customers that the government was looking at their information. The vast majority of these secrecy orders related to consumer accounts and prevent Microsoft from telling affected individuals about the government’s intrusion into their personal affairs; others prevent Microsoft from telling business customers that the government has searched and seized the emails of individual employees of the customer. Further, 1,752 of these secrecy orders contained no time limit, meaning that Microsoft could forever be barred from telling the affected customer about the government’s intrusion. The government has used this tactic in this District. Since September 2014, Microsoft received 25 secrecy orders issued in this District, none of which contained any time limit. These secrecy orders prohibit Microsoft from speaking about the government’s specific demands to anyone and forbid Microsoft from ever telling its customers whose documents and communications the government has obtained. The secrecy orders thus prevent Microsoft’s customers and the public at large from ever learning the full extent of government access to private, online information

    Emphasis Microsoft’s. Therein the one way to release a limited amount of information: file suit against the government.

  • Claims after March attack that Brussels airport security was lax impels Belgium’s transport minister to quit (euronews) — Bombs were detonated before security clearance area; not certain how minister could have prevented bombing except to move clearance all the way to the edge of the airport’s perimeter instead of after check-in.
  • UC-Davis sanitized the internet to prop its image (SacBee) — School paid $175K to excise references to a 2011 attack on student protesters by police using teargas. Should keep in mind UC-Davis is part of the University of California, of which former Homeland Secretary Janet Napolitano is president, who authorized spying-by-malware on UC-Berkeley.
  • Hey, did you know there’s a tiny sovereign country inside U.S. borders? (Atlas Obscura) — Welcome to Molossia, have a nice day! Surprised no uber-wealthy hit on this as a potential money-laundering. tax-avoidance strategy: make your own country inside the U.S.

And with that we’re off, headed for a nice spring weekend ahead. Have a good one!

FBI Has Been Not Counting Encryption’s Impact on Investigations for Over a Decade

/4 Comments/in /by

During the first of a series of hearings in the last year in which Jim Comey (at this particular hearing, backed by Deputy Attorney General Sally Yates) pushed for back doors, they were forced to admit they didn’t actually have numbers proving encryption was a big problem for their investigations because they simply weren’t tracking that number.

On the issue on which Comey — and his co-witness at the SJC hearing, Deputy Attorney General Sally Yates — should have been experts, they were not. Over an hour and a quarter into the SJC hearing, Al Franken asked for actual data demonstrating how big of a problem encryption really is. Yates replied that the government doesn’t track this data because once an agency discovers they’re targeting a device with unbreakable encryption, they use other means of targeting. (Which seems to suggest the agencies have other means to pursue the targets, but Yates didn’t acknowledge that.) So the agencies simply don’t count how many times they run into encryption problems. “I don’t have good enough numbers yet,” Comey admitted when asked again at the later hearing about why FBI can’t demonstrate this need with real data.

In point of fact, a recent wiretap report shows that in the criminal context, at least, federal agencies do count such incidences, sometimes. But they don’t report the numbers in a timely fashion (5 of the 8 encrypted federal wiretaps reported in 2014 were from earlier years that were only then being reported), and agencies were eventually able to break most of the encrypted lines (also 5 of 8). Moreover, those 8 encrypted lines represented only 0.6 percent of all their wiretaps (8 of 1279). Reporting for encrypted state wiretaps were similarly tiny. Those numbers don’t reflect FISA wiretaps. But there, FBI often partners with NSA, which has even greater ability to crack encryption.

In any case, rather than documenting the instances where encryption thwarted the FBI, Comey instead asks us to just trust him.

Which is important background to an ancillary detail in this NYT story on how FBI tried a work-around for PGP in 2003 — its first attempt to do so — to go after some animal rights activists (AKA “eco-terrorists).

In early 2003, F.B.I. agents hit a roadblock in a secret investigation, called Operation Trail Mix. For months, agents had been intercepting phone calls and emails belonging to members of an animal welfare group that was believed to be sabotaging operations of a company that was using animals to test drugs. But encryption software had made the emails unreadable.

So investigators tried something new. They persuaded a judge to let them remotely, and secretly, install software on the group’s computers to help get around the encryption.

[snip]

“This was the first time that the Department of Justice had ever approved such an intercept of this type,” an F.B.I. agent wrote in a 2005 document summing up the case.

DOJ didn’t include this encounter with encryption in the wiretap reports that mandate such reporting.

It is also unclear why the Justice Department, which is required to report every time it comes across encryption in a criminal wiretap case, did not do so in 2002 or 2003. The Justice Department and F.B.I. did not comment Wednesday.

It didn’t count that encounter with crypto even though FBI was discussing — as Bob Litt would 13 years later — exploiting fears of “terrorism” to get Congress to pass a law requiring back doors.

“The current terrorism prevention context may present the best opportunity to bring up the encryption issue,” an F.B.I. official said in a December 2002 email. A month later, a draft bill, called Patriot Act 2, revealed that the Justice Department was considering outlawing the use of encryption to conceal criminal activity. The bill did not pass.

Now, it may be that, as remained the case until last year, FBI simply doesn’t record that they encountered encryption and instead tries to get the information some other way. But by all appearances, encryption was tied to that wiretap.

Which suggests another option: that FBI isn’t tracking how often it encounters encryption because it doesn’t want to disclose that it is actually finding a way around it.

That’d be consistent with what they’ve permitted providers to report in their transparency reports. Right now, providers are not permitted to report on new collection (say, collection reflecting the compromise of Skype) for two years after it starts. The logic is that the government is effectively giving itself a two year window of exclusive exploitation before it will permit reporting that might lead people to figure out something new has been subjected to PRISM or other collection.

Why would we expect FBI to treat its own transparency any differently?

Update: This post has been updated to include more of the NYT article and a discussion of how encryption transparency may match provider transparency.

image_print