Court Rules FBI Can Keep Names of, Payments Made to iPhone 5C Hackers Secret

Photo: AP
Photo: AP

The FBI does not have to disclose the name of or how much it paid a private firm to crack Apple’s iPhone security, U.S. District Court Judge Tanya Chutkan ruled on Saturday.


Per Politico, USA Today, the Associated Press and Vice Media were all suing the FBI to force it to reveal more details about the company under the Freedom of Information Act. The FBI turned to the anonymous firm in 2016 after Apple refused its requests to help it bypass the security on an iPhone 5C belonging to one of the perpetrators of the 2015 mass shooting in San Bernardino, California; the massacre resulted in the deaths of 14 victims and two shooters, as well as 22 injuries.

Judge Chutkan ruled the government does not have to disclose any further details about the hack, saying they were security secrets and thus exempt from FOIA access:

In her ruling, released Saturday night, Chutkan said the name of the firm that managed to crack the iPhone and the price paid to do so are properly classified national security secrets and constitute intelligence sources or methods that can also be withheld on that basis. She also ruled that the amount paid for the hack reflects a confidential law enforcement technique or procedure that is exempt from disclosure under FOIA.

While the FBI will not be showing its receipts, Sen. Dianne Feinstein might have accidentally revealed a $900,000 price tag for the break-in earlier this year (though former FBI Director James Comey hinted at a total in the millions).

The FBI insisted Apple was the only party capable of cracking iPhone security, fighting the tech giant in court before abruptly deciding to pursue another option. Some reports have suggested the firm in question was actually a group of hackers who identified a zero-day exploit, though all that is really known is the FBI received bids from at least three companies which lacked the “ability to come up with a solution fast enough for the FBI” before turning to an anonymous vendor with which it signed a non-disclosure agreement.


"... An upperclassman who had been researching terrorist groups online." - Washington Post



But what’s there to learn? We all already know the techniques used, and none of them are news to us today.

The company was either the Israeli company Cellebrite or someone else(naw it’s them). They can deny it all they like, but it’s hilarious that they even state their area of expertise out on the open right there on Google search:

“Cellebrite Mobile Synchronization is an Israeli company that manufactures data extraction, transfer and analysis devices for cellular phones and mobile devices”

*rolleyes* guys just own up to it. The US government paid you guys a million bucks to sell them some equipment to hack the iPhone 5C. Nice chunk of change ya?

It wouldn’t surprise me one bit, if you Cellebrite fellas are selling those $500 iPhone hacking machines on Ebay and Amazon(yes that’s right, anyone can buy an iPhone hacking machine). Oh sure it doesn’t work for all variants of iOS firmware, but it does work for some.

So in a nutshell. If the average Joe/Jane can just go and order such a machine - imagine what Cellebrite can sell to the USA. It shouldn’t be a problem at this point.