San Bernardino: Behind the Scenes

I wasn’t initially going to dig into a number of the ugly particulars about San Bernardino, however with FBI Director Comey’s newest actions to publicly embarrass Hillary Clinton (who I don’t assist), or to presumably tip the election in direction of Donald Trump (who I additionally don’t assist), I get to study extra about James Comey and from what I’ve realized, a sample of pushing a non-public agenda appears to be rising. That is related as a result of the San Bernardino iPhone matter noticed quite a few accusations of pushing a non-public agenda by Comey as properly; that it was an influence seize for the bureau and an try to get a courtroom precedent to power personal enterprise to backdoor encryption, whereas mendacity to the general public and presumably deceptive the courts beneath the guise of terrorism.

Simply to provide you a bit of background, I began speaking to the FBI regularly round 2008, after I pushed my first suite of iPhone forensics instruments for legislation enforcement. The FBI issued what they referred to as a “major deviation” permitting their personnel to make use of my forensics instruments on proof. The instruments had been quick tracked by way of NIST/NIJ (Nationwide Institute of Justice is NIST’s legislation enforcement going through arm), and findings had been validated and published in 2010. Throughout this time, I assisted a number of the FBI’s RCFLs (regional pc forensics labs), together with the lab director for considered one of them, who had knowledgeable me my instruments had been used to get well essential information in terrorism and little one exploitation instances. I’ve since developed what I thought was a wholesome working relationship with the FBI, and have had plenty of their examiners in my coaching lessons, testified with a few of them (as an professional) on legal instances, and so forth. The rationale I’m giving this background is that one would have thought that when somebody with this relationship with the FBI referred to as up a couple of of the brokers who’ve been engaged on the San Bernardino case (as a result of they had been already in my cellphone e book), that they’d be concerned with having my assist to get into the cellphone.

False Due Diligence

Initially, they had been. I spoke to at least one particular person (whom I knew personally) and he had helped arrange a convention name with a few the brokers who had been engaged on the case. This was perhaps every week prematurely, and really early on within the case. The assembly was scheduled, and the agenda was to debate some particulars concerning the system and a pair potential strategies that I believed would possibly get them into the system. One of many strategies was the NAND Mirroring strategy, which I later demonstrated in a video and was later definitively proven as a viable methodology by one other researcher from College of Cambridge. He took form of the elegant approach of doing it, however a fast and soiled dump-and-reball would have gotten the specified outcome too. Different strategies that we had been going to debate had been doable display lock bypass bugs that existed within the system’s working system and collaborating presumably with a couple of different researchers who had submitted code execution bugs affecting that exact model of firmware. I already had a examined and validated forensic imaging course of developed, so it was only a matter of discovering one of the best ways to bolt that onto our level of entry.

The day earlier than the convention name was scheduled, it had gotten killed from powers on excessive. I used to be by no means given an in depth purpose for it, and I don’t assume my contacts knew both besides that they had been informed they weren’t allowed to speak to anybody concerning the system – apparently together with me, a forensics professional that had helped them to get into telephones earlier than. I don’t know if the decision got here down from attorneys, or if it went increased than that – it’s irrelevant, actually. It was understood that no person at FBI may speak to me concerning the case or also have a one-way dialog to provide them a mind dump. Accountability for that call in the end falls to Comey.

The rationale I deliver this up is that Comey’s public going through story was that “anyone with an idea” can come to the FBI and assist them out, and it made the FBI sound cheap to most of the people. This clearly wasn’t true, and what was happening behind the scenes was fairly the other. I’m not some loopy anon both approaching FBI with some crack pot answer; I had a working relationship with them, and had assisted them many occasions earlier than, often pro-bono (as I did with many different companies). The folks knew me and had a mutual skilled stage of belief you’ll count on in instances similar to this.

Comey’s public story about exhausting all due diligence with the SB iPhone was solely false, and when he informed each the courts and Congress this, he made a false assertion. The FBI pushed laborious over the subsequent month for a courtroom precedent, despite turning away assist. When it grew to become evident that the FBI wasn’t going to win this case in courtroom, out of the blue an answer from out of nowhere manifested. We paid 1,000,000 of our tax cash for an unlock that FBI may have executed for about $100 with the correct tools.

There have been, on the time, plenty of different questionable statements made by Director Comey which have led me to imagine he wasn’t utterly forthcoming in his testimony earlier than Congress.

Recklessness, or Abuse of AWA?

In a letter emailed from FBI Press Relations within the Los Angeles Subject Workplace, the FBI admitted to performing a reckless and forensically unsound password change that they acknowledge interfered with Apple’s makes an attempt to re-connect Farook’s iCloud backup service. The next assertion was made with a purpose to downplay the lack of potential forensic information:

“Through previous testing, we know that direct data extraction from an iOS device often provides more data than an iCloud backup contains. Even if the password had not been changed and Apple could have turned on the auto-backup and loaded it to the cloud, there might be information on the phone that would not be accessible without Apple’s assistance as required by the All Writs Act Order, since the iCloud backup does not contain everything on an iPhone.”

This assertion implied solely considered one of two doable outcomes:

1. Both they had been flawed about that, and had been reckless…

It’s true that an iCloud backup doesn’t comprise all the pieces on an iPhone. There’s a stateful cache containing third social gathering software information that’s not ever supposed to come back off of the cellphone. That is the place most personal content material similar to Wickr, Telegram, and Sign databases would dwell. Nevertheless, this data additionally doesn’t come off the cellphone in a direct backup both. All business forensics instruments use the identical backup facility as iTunes for iOS 9, which means none of them can get the stateful cache both.

The backup conduit supplies nearly the identical information as an iCloud backup. In truth, an iCloud backup arguably supplies extra information than a direct logical extraction as a result of they’re incremental, and comprise older backups. Desktop backups can typically even comprise much less content material, as they exclude pictures which have already been synced to iCloud. There are a couple of small exceptions to this, similar to keychain information, which is able to solely come off the cellphone in a direct backup if backup encryption is turned on. Mockingly, if Farook’s cellphone has backup encryption turned on (which is probably going), the FBI wouldn’t have the ability to get something in any respect from a direct copy, as a result of the contents can be encrypted. Even when they discovered the system to have backup encryption off (and turned it on), they’re nonetheless not going to get the information they really want off of the system (e.g. the cached third social gathering software information); getting passwords doesn’t imply a lot when you’ll be able to simply subpoena each content material supplier for the information anyway.

2. …or the federal government wished to compel extra help, and mislead the courts about it.

As I mentioned, there’s in truth extra information out there on the system than comes off in any backup. The one strategy to get to this information, nevertheless, can be for Apple to digitally decrypt and extract the contents of the file system, and supply them with a uncooked disk picture. That is much like what Apple had executed up to now, besides they might now even have to put in writing a brand new decryption and extraction instrument particularly for the brand new encryption scheme that was launched in iOS eight, and carried into 9.

This second risk is worse than merely being flawed concerning the high quality of iCloud information. If the federal government truly did intend to come up with this “extra” information that solely Apple can present, then meaning they might be following their authentic AWA order with a second AWA order, requiring Apple to construct a instrument to decrypt and extract this content material from the system. Their authentic order required Apple to construct a backdoor brute power instrument. It didn’t require Apple to carry out any type of extraction of the uncooked disk for them. If a second order was within the works, this is able to have meant two vital issues:

  1. The attorneys for the FBI supplied an incomplete, and deceptive rationalization of help to the courts, which deliberately hid the additional help that Apple would later be required to supply with a purpose to end this activity – help which, when mixed with the unique listing of labor, might have been thought of unreasonable by the courtroom.
  2. Requiring Apple to interrupt into and picture the cellphone would utterly out of date the need of designing a backdoor instrument from the primary order, however would have gotten them their encryption precedent for future use.

The motives, then, for forcing the creation of this backdoor instrument, would after all have been to create a instrument that they’ll compel to be used sooner or later, and had little or no to do with the system they had been making an attempt to get into. This was, primarily based on my greatest guess, the true agenda that the FBI was planning to push, not solely backdoor stage entry into encryption, however a courtroom precedent to power a manufacture to ship the entire information on any system they want to amass sooner or later.

Mishandling of Proof?

Moreover, plenty of questions stay to be satisfactorily answered. For instance, Apple’s engineers appeared assured that the system had remained in a powered on state because it was discovered, and will have later been turned off, nevertheless FBI engineer Stacey Perino gave testimony that it was discovered powered off. Was the proof mishandled, and by accident powered down when it was seized? Leaving it charged and powered on would have offered plenty of further strategies for extracting information from the system, together with merely utilizing Siri to tug up contacts and different data (she leaked much more in iOS than she does immediately). Feedback by each Comey and Sewell (Apple) clearly state backup would have labored, in line with Apple’s engineers. That’s solely doable if the system was discovered powered on.


No matter the true causes had been for the FBI’s actions throughout San Bernardino, one factor was for sure: FBI Director Comey’s publicly said agenda didn’t match the occasions that had been unfolding behind the scenes. The FBI clearly wasn’t concerned with moving into this cellphone at first. They canceled conferences with a minimum of one professional about it, there are not any experiences of them ever reaching out to safety researchers who had submitted Apple safety bugs, there isn’t any file of them ever checking surveillance for Farook to enter his PIN anyplace; there’s a major lack of proof to assist the notion that FBI ever wished into the cellphone. On the very least, it was about setting precedent. On the very worst, additional abuse of the All Writs Act had been within the works.

It appears as if the identical kind of personal agenda is going on now with our presidential election. The consequences of this have already turn out to be evident: Many are arguing that NC might have been swayed by Comey’s letter and the FBI’s latest public disclosures of what’s portrayed within the launched paperwork as a corruption investigation. The FBI has violated their very own procedures by releasing all of this on the bleeding fringe of an election. There isn’t a query in my thoughts that the FBI’s publicly said agenda doesn’t match their personal one right here both. As I mentioned, there’s a sample rising that FBI Director Comey appears to mislead the general public about his actual agenda, and at this level, I believe there’s sufficient smoke that Congress must be trying into his whole historical past with the company to see the place else this sample may need existed.