Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Australia Blackberry Crime

After 5 Years, Australia Finally Cracked a Drug Kingpin's BlackBerry (smh.com.au) 70

"An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state's longest-running drug importation investigations," reports the Sydney Morning Herald: In April, new technology "capabilities" allowed authorities to probe the encrypted device, which was used by one of the alleged kingpins and revealed 3000 messages over a one-month period, a Sydney court has heard. The development has paved the way for the arrest of another five members of an alleged criminal syndicate.

For at least two of the men — Frank Farrugia and Deniz Kanmez — the cracked BlackBerry was allegedly the "silver bullet" in netting their arrest, according to a source close to the investigation. Strike Force Millstream detectives arrested the five men in a series of raids from Sydney to Dubai last month. The arrests culminated a seven-year investigation into money laundering, criminal groups and at least four commercial importations between 2013-14, valued at $1.5 billion. Nearly two dozen men have been implicated...

It is the second device to be unlocked as part of the investigation, after Canadian authorities successfully cracked another BlackBerry in 2017, which was central in an earlier trial of four men linked to the syndicate.

This discussion has been archived. No new comments can be posted.

After 5 Years, Australia Finally Cracked a Drug Kingpin's BlackBerry

Comments Filter:
  • by misnohmer ( 1636461 ) on Sunday August 02, 2020 @11:59PM (#60359349)

    This is exactly how the system was supposed to work. When cracking down on a one and half billion dollar criminal organizations, the government able to spend the resources required to crack it. The solution didn't involve a legislated back door to allow the government to go fishing in all of their citizens phones.

    • by Anonymous Coward
      I would not exactly call having to wait 5 years to arrest criminals how it is supposed to work, if anything this can easily be used as an example of the problems of encryption and I bet that is exactly how it will be portrayed. "These scumbags got an extra 5 years freedom as they were able to conceal the evidence.", Personally I think this is an unfortunate but necessary side affect of our right for privacy. Perhaps if the government hadn't repeatedly proven time and time again that they cannot be trusted w
      • by Cylix ( 55374 )

        We should also give up any aspect of privacy in our lives and allow the government to observe our fornication. If done correctly we may not go to jail. Assuming you have not committed wrong think recently.

      • by misnohmer ( 1636461 ) on Monday August 03, 2020 @03:44AM (#60359683)

        Wheels of justice turn slowly. The higher the crime, the longer it takes. Large criminal cases take years to investigate, and year to prosecute, all the while the accused are free or out on bail. It's setup this way on purpose. Yes, it favors criminals, but its main purpose is to defend the innocent. Better to let 9 guilty people go than put 1 innocent person in jail - remember? If you don't like that system, move to places where they have summary judgement, where a local police chief can sentence you to severe whipping or even hanging - extremely efficient, no need for cracking encryption either, criminals unlock the phone for them in a hurry in exchange for not getting tortured or killed. Good luck to you, I hope you are never accused of anything in a system like that.
         

    • I'm saving this. More ammunition to fight the tech illiterate who seek to rob us of our liberty.
    • by thegarbz ( 1787294 ) on Monday August 03, 2020 @03:21AM (#60359651)

      This is exactly how the system was supposed to work.

      That's one person's perspective. Let me provide two other perspectives:

      Drug kingpin: Encryption should be unbreakable.
      Police: Encryption should have backdoors.

      You're speaking from the perspective of a 3rd party, happy that the government is able to crack providing the resource cost is high to do so. It worked in this scenario, but the reality is it usually works more in the favour of the criminal organisation.

      Just to be clear, I agree with you, but just pointing out the obvious bias of your opinion, a bias that is formed based on your position in this matter and the legal history that protects your privacy.

      • Of course, but why stop at encryption? The extreme points of view you mention are valid at a much wide scope:

        Drug kingpin: there should be no law enforcement at all, except for private armies enforcing the kingpin's rules
        Police: law enforcement should have unlimited powers, including just shooting criminals whenever the police believe they are guilty

        So yes, there will absolutely be people at each edge of the spectrum. A reasonable society sets up law enforcement and justice system. Unfortunately it is impos

        • by Dr. Tom ( 23206 )
          retweet
        • Do we even need to get into how mandated backdoors are a regular tool of oppressive governments to track dissent?

          Our misguided politicians and police lament crimes, when billions around the world live with "a boot stepping on their face, forever."

      • I'm with the drug lord here. It's kinda like with the pedos, the chance of them having a negative impact on my life are simply lower.

    • by AmiMoJo ( 196126 )

      I'm surprised that the accomplices they just arrested didn't spend the last few years creating new identities and disappearing, given they knew that the police had the phone. Did they just assume it would never be cracked?

      • I'm pretty sure that creating a new identity... one that will hold up to more than the most cursory scrutiny anyway... is a lot harder than most people realize. When I was a teenager in the BBS scene, I had the whole series of Anarchist/JollyRoger Cookbook, Poor Man's James Bond, Steal this Book, Hayduke/Revenge, and similar, books and text file archives. Most of these, were (obviously, in retrospect) written in the days of the civil unrest, phreaking, and early hacking, of the late '60s through the '70s

    • Except, Blackberry's did have a backdoor for the most part, unless you're using BES. In which case, they shouldn't - that's the intent - but likely still did. Roughly contemporary: https://www.schneier.com/blog/... [schneier.com]
    • Hey ! Looking for some fun to get into? Me too! Let's get to know each other on a much more personal level ==>> https://is.gd/profile26438 [is.gd]
    • >The solution didn't involve a legislated back door to allow the government to go fishing in all of their citizens phones.

      Are we sure? The first thing I thought of was that they were able to figure out one of the NSA backdoors, which was a direct result of legislation (PATRIOT Act).

    • True, but we will eventually hit a point where it will be impossible to get in without a backdoor, and that's what governments are trying to get ahead of.
  • by retiarius ( 72746 ) on Monday August 03, 2020 @01:07AM (#60359445)

    Quote: "Back when Moore’s Law was the norm, there was a linear algorithm for all exponential problems: wait for computers to improve, then run the program."

    • The thing with encryption is that you can future proof it exponentially with just a tiny bit of inconvenience. Waiting 5 seconds instead of 1 to open a file makes the encryption future proof for 500 years instead of 1.

      • by gweihir ( 88907 )

        The thing with encryption is that you can future proof it exponentially with just a tiny bit of inconvenience. Waiting 5 seconds instead of 1 to open a file makes the encryption future proof for 500 years instead of 1.

        Very true. But that requires several thing, and, surprisingly, the first one is actual insight into how cryptography works. For example, I know a fortune 500 bank that does not have a crypto expert, and I needed to explain basic things to them. And then you get the "usability over everything" people, that mess everything up. These are primarily in the user-side. And then you get flawed implementations (because code must be cheap), flawed update models (because code signing is too complicated), and a lot of

        • I have a perfect solution for this: "Here's a paper for you to sign that I told you about the security implications, and as a CISO you're pretty much expected to understand what's written here, because you certainly have this job for your qualifications, ain't it so."

          • by gweihir ( 88907 )

            I have a perfect solution for this: "Here's a paper for you to sign that I told you about the security implications, and as a CISO you're pretty much expected to understand what's written here, because you certainly have this job for your qualifications, ain't it so."

            That one fails in practice. A former co-worker used to joke that "CISO" is ancient Greek for "The lamb to be killed first". Also remember the Equifax CISO? Was a music major. I have seen ineffective and neutered CISOs time and again. And ones that left because they _did_ understand what was going on and saw that they were prevented from doing anything about it. No, something like that needs to go straight to the CEO, with personal criminal liability, i.e. prison time for screwing up.

            • Good luck getting to even talk to the CEO as some pentesting nobody.

              • by gweihir ( 88907 )

                Good luck getting to even talk to the CEO as some pentesting nobody.

                Indeed. But pen-testers are only testers. If you have a competent CISO between the CEO and the pen-testers, or for a larger organization also a bunch of competent security architects, _and_ the ass of the CEO is on the line, things would look a bit different. The worst a CEO has to fear these days is a golden parachute. That must change.

                • I don't know about your country, in mine they are already personally liable if they can't show that they did anything "reasonable" to prevent security disasters.

                  So my strategy now is to call what I recommend "reasonable". And, lo and behold, it works.

  • by Solandri ( 704621 ) on Monday August 03, 2020 @02:15AM (#60359573)
    someone of consequence was still using a Blackberry as recently as 5 years ago [statista.com].
    • so someone has to stop using a perfectly usable piece of technology....just because? I better throw out my mega drive, master system, commodore c64, amiga, etc - can't use them anymore either I suppose........
    • Yea, how preposterous that some criminals are not keeping up with the latest fads. Sounds like a gap in Apple or Google advertising, imagine the lost revenue from a $1.5B organization.

    • BB10 was quite nice, particularly as it was on the Playbook, and the Passport was a really nice phone, and did run Android apps within. The passport in particular is pretty easy to break down with modular components easily replaced. If it had the equivalent of 'root' access, I'd still be using it & really miss that keyboard - it was a great phone. The writing was on the wall though, as 2016 was the last OS update and their switch to Android was already begun.
    • by gweihir ( 88907 )

      There is no problem doing that, In fact, I use one today. Of course, I use GnuPG for all secret email and do not read that on my phone. The problem is rather bad operational security, where breaking a device after taking it away from the user gets you in. That problem has been solved decades ago.

  • by keithdowsett ( 260998 ) on Monday August 03, 2020 @02:38AM (#60359601) Homepage

    So, did they sieze a bitcoin mining array from some lowlife and re-purpose it for crypto, or just get the budget for a whole heap of time on an Amazon supercomputer?

    Anyone in Oz want to leak something interesting?

    • Nah, a technical assistance bill based in Australia, now means Canada may choose to render assistance - and now has more excuses to go along- beside Blackberry now out of the game. In theory they could also serve similar orders against American companies, who will probably tell them to piss off. Best all dealers sick 'NOFORN' in their messages, and allude to paying bribe to elected congresscritters.
    • Much more likely someone found a zero-day that allowed them to bypass critical parts of phone's security apparatus. Most phones use simple PINs combined with attempt limiting restrictions built into the OS. If you can figure out a way to bypass the restrictions, you can easily crack it in a few seconds.

      Passwords don't do much better either - very few people are willing to learn a truly randomized password and type it into their phone frequently, so standard cracking tools would make quick work of it.

      • Much more likely someone found a zero-day that allowed them to bypass critical parts of phone's security apparatus.

        Or they dug the crucial secrets out of the hardware. Typically some entropy from the PIN is also used, but given the hardware-bound secrets it's trivial to brute force the PIN off-device.

  • by Anonymous Coward

    what phone has the best anti-cracking status now?

    • by ebvwfbw ( 864834 )

      From news reports it seems that Android is best. Police seem to be able to crack Apple in a matter of days. As shown in this case if they can crack it at all, it takes years.

  • Imagine what someone could do today if they designed a similarly situated secure device.
    Of course the governments of the world today would never let said company do something dumb like release it for general use.

    • by Anonymous Coward

      Imagine what someone could do today if they designed a similarly situated secure device. Of course the governments of the world today would never let said company do something dumb like release it for general use.

      They'd get Huawei'd in an instant.

  • Once again, for a minor, once-only case, general trust in a large infrastructure is destroyed. And for a cause that is known to not have any benefits but a lot of downsides: "Fighting" drug use. Short-sighted authoritarianism at work.

Any programming language is at its best before it is implemented and used.

Working...