Hacker Steals 900 GB of Cellebrite Data (vice.com) 69
An anonymous reader shares a Motherboard report: Motherboard has obtained 900 GB of data related to Cellebrite, one of the most popular companies in the mobile phone hacking industry. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. The breach is the latest chapter in a growing trend of hackers taking matters into their own hands, and stealing information from companies that specialize in surveillance or hacking technologies. Cellebrite is an Israeli company whose main product, a typically laptop-sized device called the Universal Forensic Extraction Device (UFED), can rip data from thousands of different models of mobile phones. That data can include SMS messages, emails, call logs, and much more, as long as the UFED user is in physical possession of the phone.
Re:Good (Score:5, Funny)
Bad people suck.
Good people swallow.
Re: (Score:3)
Bad people suck.
Good people swallow.
Sorry?? I thought good people just got screwed. I didn't realize they were actively involved in the process.
Good... Good.... (Score:2)
Sweet. (Score:2)
2 sets of rules works for no one.
Re:Seriously? (Score:5, Insightful)
Because security has no ROI...
Re: (Score:2)
is this because a breach has no consequnce?
i am sure there is atleast one example out there that showed some real consequences of a breach?!! (real==money)
Re: (Score:2)
Re: (Score:3)
Because security has no ROI...
You forgot the "until customers start going to your competitors because of your shitty security" part.
You can ask any cloud service provider about that.
Re: (Score:2)
They don't necessarily. They only have to put their database server on a network that's connected to the internet, and lose control of something else on the network. That's why computers than handle classified information cannot be connected to a network that is capable, at the hardware level, of connecting to the internet. If the wiring's there, it's not secure.
Re: (Score:2)
Everyone thinks they're immune, even when they use crypto. Then people leave the certs laying around in someone's browser cache, and it's all plain text again.
No one is immune, not me, not you. Rename your dbs to .mp4. Do weird things, low-hanging-fruit things. People stoked up on coffee just swear and move on. Their parsers fail, and their attention span gets wiped.
Don't believe me? Go to CCC and see how many people are wired.
Re: Two questions (Score:3)
You could read the summary at least.
Re: (Score:1)
Re:Two questions (Score:5, Informative)
Cellebrite was the company that "resolved" the issue for the FBI when they wanted access to a locked iPhone and Apple wouldn't help them by circumventing their own software.
So, enter Cellebrite and their cracking software to the rescue. The FBI then withdrew their request to Apple.
The whole thing was covered ad nauseam and, in my opinion, was largely a publicity stunt by Apple to showcase how secure their device is.
Re: Two questions (Score:2, Insightful)
No, it was a publicity stunt by the FBI to hide the fact that they have had the ability to get into people's iPhones all along.
Re: Two questions (Score:5, Insightful)
I think it was a political stunt to try to soft-ban encryption solutions, by overtly forcing a very prominent privacy oriented company into unlocking their own crypto by pushing in a backdoored update. The end result would be that any company that didn't have a backdoor ready to go for any device or OS that it touched would look like it was standing in opposition to law enforcement, and that this would be considered a legal risk, and therefore, no one would continue making encryption easier and/or more reliable.
Re: (Score:1)
"a publicity stunt by Apple to showcase how secure their device is"
If they were trying to showcase their security they failed in spectacular fashion. Apples refusal to obey a court order was nothing more than a marketing ploy aimed at convincing the proles that they actually give a shit about privacy.
And going after or harassing an Israeli company is really not the smartest thing to do if you don't want to spend an inordinate amount of time trying to hide from their reprisal if they deem the offense against
Re: Two questions (Score:3, Interesting)
The only reason they have been able to become a high tech and military industry powerhouse is thanks to the endless supply of money that keeps flowing in from the US. There are universities, tech, and medical campuses in Israel that are funded solely by US 'donations.' The entire country functions on favors and shady backroom deals. It is basically a nation equivalent of Hollywood.
Re: (Score:2)
Almost all of the money the US has given to Israel over the years could only be used to purchase US military tech. The most recent deal with them is the first time they are allowed to spend a higher percentage on non-US weapons.
"The entire country functions on favors and shady backroom deals"
Can you name one other country on the planet who doesn't do the same thing?
Re: (Score:2)
Re: (Score:1)
Better than Apple being an authoritarian cock sucking bootlicker like you.
Too bad they didn't publish the data. (Score:5, Insightful)
Pot meet Kettle (Score:5, Funny)
This is a company who specializes in selling products whose purpose is to bypass built in protections in order to gain access to others data without permission.
Am curious how they feel when it happens to them.
Re:Pot meet Kettle (Score:4, Interesting)
If the hacker(s) is/are smart the first thing he/they did was set up multiple deadman caches of the data that would automatically splash the data all over the web and physically send multiple copies of the data by multiple means/routes to multiple news/press/media outlets across the world if anything happened to them, as insurance against any possible reprisals/arrests/etc. I would, and I'm no uber-1337 h4x0r. Just in no hurry to find out if there's an afterlife or if my cellmate's name would actually be 'Bubba'. :)
Strat
Re: (Score:2)
I'm actually rather concerned that contrary to the implication in the summary that this is no longer simply citizen hacking but in fact escalation of state sponsored hacking. It seems we're beginning to find out more and more that nation states are engaged in hacking from the hacks we know about for sure such as the North Korean hack of Sony, through to the ones that we can make a reasonable assumption on such as the Russian hacks of the DNC (even Trump finally said on Wednesday he thinks it was the Russian
Re: (Score:2)
I'm actually rather concerned that contrary to the implication in the summary that this is no longer simply citizen hacking but in fact escalation of state sponsored hacking.
As true as the things you bring up may be re: State-sponsored hacking, none of that really matters and nor will anyone in the US/Five-Eyes nations be able to appreciably change things until spying on domestic populations by their respective domestic governments in those nations is halted/brought under control. That, by far, is the most immediate and proximate threat, and the most likely to directly and negatively affect the average person in those nations as they try to change the status quo. It is domestic
Re: (Score:2)
I think you're right, but I think it's a similar situation across the globe - realistically spy agencies in Russia, China and so forth shouldn't be doing those things to innocent citizens either so I don't think it's entirely a Western problem.
I think it's a general issue here that governments need to get together and accept that they all need to reign in their agencies before shit really does hit the fan with some mutual agreement to start actually following the Universal Declaration of Human Rights (that
Re: (Score:2)
I think you're right, but I think it's a similar situation across the globe - realistically spy agencies in Russia, China and so forth shouldn't be doing those things to innocent citizens either so I don't think it's entirely a Western problem.
Well, it's the same problem in Western nations and Russia, China, etc. Government gaining too much power and control. The only difference being that Russia, China, etc are just further down the same road. We here in Western nations can realistically only affect change in our own nations.
Because our nations are already heading down the total-surveillance road, we can only offer minimal support to those in Russia, China, etc attempting to change things in those nations. We in the West, in order to be able to
Re: (Score:2)
i am sure they feel great about the publicity that they can hack "successfully" data on phones. I mean it took FBI like months to figure out to use them.
What in the world Batman? (Score:2, Funny)
Israeli forensics software company owned by a Japanese console game development company? What kind of weird crap is that?
Re: (Score:2)
"he's clean and articulate" by politicians you do like.
Now what? (Score:1)
They get the data and see the applications and attack vectors. Unless they provide software to counter this stuff there is nothing useful here.
Re: (Score:2)
Except that Google, Apple, MS et al might have to fix the vulnerabilities if this info is released which it probably will be.
Help is on its way (Score:3)