Cell Phone Hacking Company Hacked; 900 GB Of Logins, Log Files, And Forensic Evidence Taken

from the let-he-who-is-without-security-breaches-throw-the-first-All-Writs-Order dept

Everything is compromised. In the latest case of a hacking company being hacked, Israel’s Cellebrite is the latest to have its internal data hauled off by hackers. Joseph Cox of Motherboard was given inside details by the crew that claims to have spirited away login info and other data from the cell phone-cracking company.

Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite’s products.

Included in the data haul are some other nifty surprises: evidence files from forensic searches of cell phones and logs from Cellebrite devices.

Cellebrite is a major supplier to US law enforcement, as well as to government agencies in countries with sketchier human rights records like Turkey, Russia, and the United Arab Emirates. In many ways, the company is similar to Italy’s Hacking Team, which found itself hacked and its emailed dirty laundry aired by enterprising hackers unimpressed by the company’s malleable morality.

What’s truly interesting about this hack (and those similar to it) is that they go right to the heart of what’s wrong with the DOJ’s insistence that any “one-time” phone crack — like the one they pursued in the San Bernardino mass shooting case — would be safe as houses in the government’s hands.

Riana Pfefferkorn — who helped write an amicus brief on Apple’s behalf (along with several other security researchers and professors) — pointed out on Twitter that Cellebrite’s hacking is exactly the sort of risk the government refused to seriously contemplate during its pursuit of an All Writs Order forcing Apple to open up the phone for the FBI.

If such a hack were created by Apple in response to a court order, there’s no way for the FBI, Apple, or anyone else to plausibly claim it would be kept out of the hands of malicious actors. Companies in the business of breaking into devices aren’t impervious to outside attacks. Neither is the US government, which has proven consistently weak when it comes to securing the massive amount of personally-identifiable information it collects from US citizens.

So far, the collected files haven’t been shown to anyone but a few journalists, but Cox points out unauthorized access to Cellebrite isn’t exactly a new thing.

Access to Cellebrite’s systems has been traded among a select few in IRC chat rooms, according to the hacker.

“To be honest, had it not been for the recent stance taken by Western governments no one would have known but us,” the hacker told Motherboard. The hacker expressed disdain for recent changes in surveillance legislation.

Cellebrite’s response to the hack is to claim that the only thing affected was a legacy server for end user licenses. Customers are being encouraged to change their passwords, but that comes a little too late to do much good. That license server may be the only thing breached through unauthorized means, but the log files and obtained evidence the hackers appear to have could easily have been taken out of the front end with compromised credentials.

The underlying fact is this: breaking protections like encryption or purchasing exploits to defeat it is something the FBI and other law enforcement entities will continue to advocate for, even while aware that it’s impossible to claim definitively that the tools used won’t be hijacked by someone else with more malicious motives. The Shadow Brokers’ heist of NSA exploits shows that even if the government takes steps to protect what it has stored on its own servers, it can’t prevent a disgruntled analyst from leaving a blackhat toolbag behind for others to find once a surveillance job is finished.

Filed Under: , , ,
Companies: cellebrite

Rate this comment as insightful
Rate this comment as funny
You have rated this comment as insightful
You have rated this comment as funny
Flag this comment as abusive/trolling/spam
You have flagged this comment
The first word has already been claimed
The last word has already been claimed
Insightful Lightbulb icon Funny Laughing icon Abusive/trolling/spam Flag icon Insightful badge Lightbulb icon Funny badge Laughing icon Comments icon

Comments on “Cell Phone Hacking Company Hacked; 900 GB Of Logins, Log Files, And Forensic Evidence Taken”

Subscribe: RSS Leave a comment
Ninja (profile) says:

Some of us will remember old ‘out of the blue’ troll that kept whining how copyright being used as censorship were all anomalies. Well, he could as well as be a Govt employee because that’s how the Govt handles most things like this:

Govt – It won’t happen, trust us!
Sane person – It has already happened before [pointing at factual events].
Govt – No worries dear citizen, it was an anomnaly and won’t happen again!
Sane person – That’s what you said last time.
Govt – But this time we are absolutely positively sure it won’t happen!
Sane person – Erm.. It seems it already happened [points at leaks].

(This last part is fictitious and was added as an artistic touch pretending the Govt employee in the conversation is our beloved and absent troll)

DannyB (profile) says:

Re: Re: Re:2 Re:

I will build a casino wing onto the capital building once I move in.
Hey, I’ve seen a lot of casinos.
This is the best, classiest casino you’re ever going to see.
Everyone who’s ever come near one of my Trump casinos has said that they loved it.
This casino will restore dignity and respect to the political process.
Trust me, I know my casinos.
And if some people don’t want the casino, then we’ll make it even bigger.
And we’ll make them pay for it.
Trust me, I know what I’m talking about. Classy beautiful stuff.
And I’ll build a clown circus wing on to the white house.
I can use it to give speeches from the center ring. People will just love it.
It will be a historical addition unlike anything the founders could have imagined.
Trust me.

Capt ICE Enforcer says:

Modified veraion

I know this is silly. But shouldn’t we start clumping the United States into the category of nations with sketchier human right violations. After all, we have torture with the CIA, hidden interrogation cells with the Chicago PD, and a government that spies on all citizens real time. And let’s not forget, invades / liberates other nations at whim.

Anonymous Coward says:

Re: Modified veraion

Start? Why do you think we should have ever stopped?

The founding fathers were clear. Every nation is naturally turn to tyranny, it is the citizens job to stop it. Not that the “hey, its not out fault” visitors to TD would ever agree.

They like most other people prefer (as the Declaration of Independence states)…

“Prudence, indeed, will dictate that Governments long established should not be changed for light and transient causes; and accordingly all experience hath shewn, that mankind are more disposed to suffer, while evils are sufferable, than to right themselves by abolishing the forms to which they are accustomed.”

Every time something happens, some fool clamors to the Government “why didnt you protect us?” and the government puts in a new law to remove liberty while still failing to protect, repeat ad nausea.

The same as all of the “we need regulation” idiots that abound in this place. Constantly blaming a free market, that does not exist, for problems caused by typical human greed and corruption.

Every Nation gets the government it deserves!
A simple truth that pisses off those in denial to no end.

Anonymous Coward says:

Re: Re: Modified veraion

Every Nation gets the government it deserves!
A simple truth that pisses off those in denial to no end.

I see. So, let’s take one of many, many examples from history: Poland. When the Nazis invaded Poland and took over the government it was because the Poles deserved it. They had it coming to them. Yeah, I see how that works. I wonder why they leave that part out of the history books. But wait, I bet it’s in your own personal history book. Am I right?

Wendy Cockcroft (user link) says:

Re: Re: Re: Modified veraion

Be fair, AC: he means we’re not doing enough to push back or to hold our representatives to account, which is true. Many of us may be making the effort, to be fair, but not enough of us are doing so to make a difference and that’s mostly down to partisan pattycake.

That old divide ‘n’ conquer strategy has proved very effective and it’s costing us dearly. We need to be more willing to take the time to educate our friends and neighbours on the issues whether we agree with their general stances or not. We might not get them on side all of the time on everything but we might be able to get them onside on enough of the issues some of the time to make a real difference.

Add Your Comment

Your email address will not be published. Required fields are marked *

Have a Techdirt Account? Sign in now. Want one? Register here

Comment Options:

Make this the or (get credits or sign in to see balance) what's this?

What's this?

Techdirt community members with Techdirt Credits can spotlight a comment as either the "First Word" or "Last Word" on a particular comment thread. Credits can be purchased at the Techdirt Insider Shop »

Follow Techdirt

Techdirt Daily Newsletter

Techdirt Deals
Techdirt Insider Discord
The latest chatter on the Techdirt Insider Discord channel...