Skip
Current Issue
This Month's Print Issue

Follow Fast Company

We’ll come to you.

2 minute read

Technology

Sources Doubt Anonymous Gray Hats Cracked San Bernardino Shooter's Phone. So Who Did?

The FBI has contracted with the SunCorp subsidiary for $338,581 in gear and services since the December 2 San Bernardino attack.

Sources Doubt Anonymous Gray Hats Cracked San Bernardino Shooter's Phone. So Who Did?
[Photo: Flickr User Carlo Mirante]

The identity of the group that helped the FBI access the encrypted data from San Bernardino shooter Syed Farook’s iPhone is still a mystery.

The common thinking now is that it was a group of anonymous "gray hats"—that is, security pros operating in the gray area between legit research and criminal hacking. But not so fast, say some in the security community; the mysterious helper might yet be Cellebrite, the Israeli security company originally thought to have cracked the phone for the FBI.

The FBI has contracted with the Sun Corporation subsidiary for $338,581 worth of gear and services since December 2, 2015—the date of the San Bernardino attack—according to Federal Procurement Data System records. Neither the FBI nor Cellebrite would say if this was indeed payment for the hack.

Cellebrite and other Sun Corporation companies are in the business of helping extract encrypted data from cell phones—like the iPhone 5C used by Farook, for instance.

The FBI won a court order in mid-February demanding Apple’s help in cracking the Farook phone. Apple refused, and so began a six-week testy exchange of court filings and public statements. The FBI finally abandoned the order on March 21, saying that a "third party" had come forward with a hack to gain access to the phone.

Interestingly, that very same day, the FBI issued a $15,278.02 purchase order for Cellebrite.

In a March 23 report in the Israeli newspaper Yedioth Ahronoth Cellebrite was identified as the party thought to have provided the FBI with the Farook phone hack. Over the following few days, stock of Cellebrite’s parent company, Sun Corporation, rose 20% on the Tokyo Stock Exchange.

Even after a widely read April 12 Washington Post story saying a group of "professional hackers," not Cellebrite, had identified a "zero day" software vulnerability in the Farook phone's software, Sun Corporation’s share price remained high. Its shares closed at 736 yen March 22 before surging to 1,006 yen in the wake of the hack report. Sun Corporation is still trading at 945 yen per share today, which may suggest that the investor community continues to believe Cellebrite helped the FBI.

Sources tell Fast Company that gray hats working for Sun Corporation companies have in the past identified vulnerabilities in systems and devices and sold them for profit.

One source said that if it was truly an anonymous private hacker group that helped the FBI, there would have been chatter about it on the "dark net"—the unindexed web—where hackers routinely brag about their exploits. There wasn't.

The source, who has worked in cyberdefense for the government, says it’s possible that the FBI originally let slip that Cellebrite had provided the hack, but then tried to walk it back by pointing members of the media toward an anonymous gray hat group.

FBI director James Comey suggested Thursday that the FBI paid hackers as much as $1.3 million for the Farook phone hack, but our source has serious doubts that the price was that high. Only in a couple well-publicized competitions has a price anywhere near that amount been paid for a zero-day exploit, the source says.

loading