The Daily Beast reports: The Obama administration may soon release 28 classified pages from a congressional investigation that allegedly links Saudis in the United States to the 9/11 attackers. A former Republican member of the 9/11 Commission alleged Thursday that there was “clear evidence” of support for the hijackers from Saudi officials.
But in Florida, a federal judge is weighing whether to declassify portions of some 80,000 classified pages that could reveal far more about the hijackers’ Saudis connections and their activities in the weeks preceding the worst attack on U.S. soil.
The still-secret files speak to one of the strangest and most enduring mysteries of the 9/11 attacks. Why did the Saudi occupants of a posh house in gated community in Sarasota, Florida, suddenly vanish in the two weeks prior to the attacks? And had they been in touch with the leader of the operation, Mohamed Atta, and two of his co-conspirators?
No way, the FBI says, even though the bureau’s own agents did initially suspect the family was linked to some of the hijackers. On further scrutiny, those connections proved unfounded, officials now say.
But a team of lawyers and investigative journalists has found what they say is hard evidence pointing in the other direction. Atta did visit the family before he led 18 men to their deaths and murdered 3,000 people, they say, and phone records connect the house to members of the 9/11 conspiracy. [Continue reading…]
The New York Times reports: On the morning of March 13, 2011, the assistant secretary of state for Near Eastern affairs, Jeffrey D. Feltman, wrote an urgent email to more than two dozen colleagues informing them that Saudi Arabia and the United Arab Emirates were sending troops into Bahrain to put down antigovernment protests there.
Mr. Feltman’s email prompted a string of 10 replies and forwards over the next 24 hours, including to Secretary of State Hillary Clinton, as the Obama administration debated what was happening and how to respond.
The chain contained information now declared classified, including portions of messages written by Mr. Feltman; the former ambassador in Kuwait, Deborah K. Jones; and the current director of the Central Intelligence Agency, John O. Brennan.
The top administration officials discussed the Bahrain situation on unclassified government computer networks, except for Mrs. Clinton, who used a private email server while serving as secretary of state.
Her server is now the subject of an F.B.I. investigation, which is likely to conclude in the next month, about whether classified information was mishandled.
Whatever the disposition of the investigation, the discussion of troops to Bahrain reveals how routinely sensitive information is emailed on unclassified government servers, reflecting what many officials describe as diplomacy in the age of the Internet, especially in urgent, fast-developing situations. [Continue reading…]
The New York Times reports: The director of the F.B.I. suggested Thursday that his agency paid at least $1.3 million to an undisclosed group to help hack into the encrypted iPhone used by an attacker in the mass shooting in San Bernardino, Calif.
At a technology conference in London, a moderator asked James B. Comey Jr., the F.B.I. chief, how much bureau officials had to pay the undisclosed outside group to demonstrate how to bypass the phone’s encryption.
“A lot,” Mr. Comey said, as audience members at the Aspen Institute event laughed.
He continued: “Let’s see, more than I will make in the remainder of this job, which is seven years and four months, for sure.”
The F.B.I. had been unwilling to say anything at all until Thursday about how much it paid for what has become one of the world’s most publicized hacking jobs, so Mr. Comey’s cryptic comments about his own wages and the bounty quickly sent listeners scurrying in search of their calculators.
The F.B.I. director makes about $185,100 a year — so Mr. Comey stands to earn at least $1.35 million at that base rate of pay for the remainder of his 10-year term. [Continue reading…]
The Washington Post reports: The Justice Department on Thursday revealed that a well-known Islamic State operative instructed a Boston-area man to kill Pamela Geller, the organizer of a controversial Muhammad cartoon contest in Texas last year.
In court documents, prosecutors said that Junaid Hussain, a British militant, had been communicating with Usaamah Abdullah Rahim, 26, who along with two friends discussed beheading Geller.
Rahim, however, changed his mind and instead decided to target a police officer. He was shot and killed in June 2015 in Roslindale, Mass., after he attacked members of an FBI-led surveillance team while wielding a large knife, officials said. [Continue reading…]
The New York Times reports: The F.B.I. defended its hiring of a third party to break into an iPhone used by a gunman in last year’s San Bernardino, Calif., mass shooting, telling some skeptical lawmakers on Tuesday that it needed to join with partners in the rarefied world of for-profit hackers as technology companies increasingly resist their demands for consumer information.
Amy Hess, the Federal Bureau of Investigation’s executive assistant director for science and technology, made the comments at a hearing by members of Congress who are debating potential legislation on encryption. The lawmakers gathered law enforcement authorities and Silicon Valley company executives to discuss the issue, which has divided technology companies and officials in recent months and spurred a debate over privacy and security.
The hearing follows a recent standoff between the F.B.I. and Apple over a court order to force the company to help unlock an iPhone used by one of the San Bernardino attackers. Apple opposed the order, citing harm to the privacy of its users. The F.B.I. later dropped its demand for Apple’s help when it found a third-party alternative to hack the device. [Continue reading…]
The New York Times reports: In early 2003, F.B.I. agents hit a roadblock in a secret investigation, called Operation Trail Mix. For months, agents had been intercepting phone calls and emails belonging to members of an animal welfare group that was believed to be sabotaging operations of a company that was using animals to test drugs. But encryption software had made the emails unreadable.
So investigators tried something new. They persuaded a judge to let them remotely, and secretly, install software on the group’s computers to help get around the encryption.
That effort, revealed in newly declassified and released records, shows in new detail how F.B.I. hackers worked to defeat encryption more than a decade before the agency’s recent fight with Apple over access to a locked iPhone. The Trail Mix case was, in some ways, a precursor to the Apple dispute. In both cases, the agents could not decode the data themselves, but found a clever workaround.
The Trail Mix records also reveal what is believed to be the first example of the F.B.I. remotely installing surveillance software, known as spyware or malware, as part of a criminal wiretap.
“This was the first time that the Department of Justice had ever approved such an intercept of this type,” an F.B.I. agent wrote in a 2005 document summing up the case.
The next year, six activists were convicted of conspiracy to violate the Animal Enterprise Protection Act in the case. An appeals court upheld the convictions in 2009, and said that the use of encryption, among other things, was “circumstantial evidence of their agreement to participate in illegal activity.”
Ryan Shapiro, a national security researcher and animal welfare advocate, provided the documents in the case to The New York Times after obtaining them in a Freedom of Information Act lawsuit. Several important details remain secret, including whether the tactic worked. The wiretap was disclosed at trial but the software hacking was not, said Lauren Gazzola, one of the defendants, who now works for the Center for Constitutional Rights. [Continue reading…]
Reuters reports: The company that helped the FBI unlock a San Bernardino shooter’s iPhone to get data has sole legal ownership of the method, making it highly unlikely the technique will be disclosed by the government to Apple or any other entity, Obama administration sources said this week.
The White House has a procedure for reviewing technology security flaws and deciding which ones should be made public. But it is not set up to handle or reveal flaws that are discovered and owned by private companies, the sources said, raising questions about the effectiveness of the so-called Vulnerabilities Equities Process.
The secretive process was created to let various government interests debate about what should be done with a given technology flaw, rather than leaving it to agencies like the National Security Agency, which generally prefers to keep vulnerabilities secret so they can use them. [Continue reading…]
The Washington Post reports: The FBI cracked a San Bernardino terrorist’s phone with the help of professional hackers who discovered and brought to the bureau at least one previously unknown software flaw, according to people familiar with the matter.
The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data, the individuals said.
The researchers, who typically keep a low profile, specialize in hunting for vulnerabilities in software and then in some cases selling them to the U.S. government. They were paid a one-time flat fee for the solution. [Continue reading…]
The Intercept reports: The FBI’s plan to enlist community leaders in “Shared Responsibility Committees” all across the country with the goal of identifying “radicalized” individuals is raising alarm among civil rights activists.
The Shared Responsibility Committees, known as SRCs, “are expanding the informant program under the guise of an intervention program, which it is not,” said Abed Ayoub, legal director of the American-Arab Anti-Discrimination Committee (ADC).
The FBI’s ideas is to have social service workers, teachers, mental health professionals, religious figures, and others interdict young people they believe are on a path towards radicalization. The program was first revealed last November, and while details remain scant, it is widely believed to have been developed along the lines of similar “anti-radicalization” programs in the United Kingdom.
The FBI did not respond to multiple requests for comment.
Experts acknowledge the need to have options beyond sending young people to jail for making threatening statements. The committees purport to offer such an option, by allowing members to offer non-binding recommendations to law enforcement about whether certain individuals should be arrested or offered rehabilitation for their alleged radicalization.
But critics say that despite the FBI’s benign characterization of the SRCs, the proposal amounts to nothing more than an expansion of already existing FBI informant programs. The committees “would be doing the work of the FBI, gathering information. This initiative failed in the U.K., it’s not like this is a new idea,” said Ayoub.
The U.K. program called “Channel” has been widely blamed for alienating the communities it targeted while inflaming attitudes towards authorities. Arun Kundnani, an adjunct professor at New York University and expert on U.K. counterterrorism policy, said he worries that the U.S. program would “suffer from the same problems, such as drawing non-policing professionals into becoming the eyes and ears of counter-terrorism surveillance, and thereby undermining professional norms and relationships of trust among educators, health workers and others.” [Continue reading…]
The New York Times reports: The banging on the door jolted Sal Shafi awake. F.B.I. agents were looking for his son. “Where’s Adam?” they yelled. “Where’s Adam?”
Terrified, Mr. Shafi led the agents, guns drawn, up the stairs toward his son’s bedroom. He watched as they led his 22-year-old son away in handcuffs, backed by evidence of Adam Shafi’s terrorist ambitions.
He had come to the attention of officials not by a well-placed informant or a sting operation. His father, concerned and looking for help, had simply picked up the phone and led the government right to his son. For months, over the objections of his lawyer, Mr. Shafi had been talking to the F.B.I., believing he was doing the right thing.
“My God,” he thought, soon after the arrest in July. “I just destroyed Adam.”
Had things been different, Mr. Shafi, 62, a Silicon Valley executive, might have become a much-needed spokesman for the Obama administration’s counterradicalization campaign. Who better to talk to other parents about the seductive pull of terror organizations? Trust the government, he would tell them. They do not want to take away your children.
Despite nascent efforts to steer young people away from terrorism, the government’s strategy remains largely built on persuading people to call the F.B.I. when they first suspect a problem. [Continue reading…]
In a post on one of the intelligence community’s favorite blogs on Wednesday, Litt, general counsel for the Office of the Director of National Intelligence, outlined new intelligence data-sharing guidelines that he said will be released soon.
The post, on Just Security, was essentially a response to reporting last month from the New York Times’s Charlie Savage that the NSA would soon be sharing with other government agencies the raw, unfiltered intelligence from the depths of its massive overseas spying programs.
“There has been a lot of speculation about the content of proposed procedures that are being drafted to authorize the sharing of unevaluated signals intelligence,” Litt wrote.
The New York Times story raised concerns that the data, which inevitably includes information about Americans, would become too easily accessible by intelligence agencies including the FBI, potentially leading to fishing expeditions. [Continue reading…]
BuzzFeed reports: Just days after breaking into a terrorist’s iPhone using a mysterious third-party technique, FBI officials on Friday told local law enforcement agencies it will assist them with unlocking phones and other electronic devices.
The advisory, obtained by BuzzFeed News, was sent in response to law enforcement inquiries about its new method of unlocking devices — a technique the FBI said was successful at gaining access to the iPhone 5C belonging to one of the shooters in the deadly San Bernardino, California, attack.
“In mid-March, an outside party demonstrated to the FBI a possible method for unlocking the iPhone,” the message said. “That method for unlocking that specific iPhone proved successful.” [Continue reading…]
After a very public stand-off over an encrypted terrorist’s smartphone, the FBI has backed down in its court case against Apple, stating that an “outside party” – rumoured to be an Israeli mobile forensics company – has found a way of accessing the data on the phone.
The exact method is not known. Forensics experts have speculated that it involves tricking the hardware into not recording how many passcode combinations have been tried, which would allow all 10,000 possible four-digit passcodes to be tried within a fairly short time. This technique would apply to the iPhone 5C in question, but not newer models, which have stronger hardware protection through the so-called secure enclave, a chip that performs security-critical operations in hardware. The FBI has denied that the technique involves copying storage chips.
So while the details of the technique remain classified, it’s reasonable to assume that any security technology can be broken given sufficient resources. In fact, the technology industry’s dirty secret is that most products are frighteningly insecure.
Fortune reports: The U.S. government’s announcement Monday that it hacked into the San Bernardino terrorist’s iPhone ended the FBI’s legal feud with Apple. But while many observers thought the incident left both the FBI and Apple looking foolish, there does appear to be a winner emerging from the case.
Shares of Suncorp, a Japanese technology company traded on the Tokyo stock exchange (ticker: 6736), soared 17% on Tuesday following the government’s court declaration that it “successfully accessed the data stored on [Syed] Farook’s iPhone.” In all, Suncorp’s shares have more than doubled in the six weeks since February 16, when Apple published its letter refusing to help the FBI.
Suncorp, which specializes in mobile data transfer as well as equipment for a popular Japanese pinball-like game called pachinko, owns Cellebrite, the Israel-based company that reportedly helped the FBI crack the iPhone.
Apple’s stock, meanwhile, was up just about 2% Tuesday afternoon, despite the fact that it is now free of legal expenses relating to the FBI case as well as the technological burden the government tried to impose.
Suncorp’s shares started rising last month, and really took off after the government said last Wednesday that an “outside party” had demonstrated “a possible method for unlocking” the iPhone. An Israeli newspaper quickly identified the unnamed company as Cellebrite, a government contractor that makes a mobile forensic device for extracting and decoding data from smartphones and tablets. Since then, Suncorp’s stock has risen nearly 40%, while Japan’s Nikkei 225 stock market index has been basically flat, and fell slightly on Tuesday.
The odd thing about the company’s dramatic stock rise is that neither the FBI nor Suncorp has confirmed the company was involved in unlocking the phone. In fact, the FBI has said very little so far about how it might have cracked the iPhone. [Continue reading…]
The Daily Beast reports: The FBI has said practically nothing about the “tool” that helped the FBI get inside the phone, as a U.S. law enforcement official called it in a hastily arranged press conference on Monday evening. Nor would the official say whether investigators might use it again on the dozen or so other iPhones the FBI is reportedly trying to gain access to, or whether the bureau would share the tool with local law enforcement agencies, who are believed to have hundreds of phones just waiting to be cracked.
“I think the best answer I can give you is it’s premature to say anything about our ability to access other phones,” said the official, who discussed the case with reporters on condition of anonymity and said almost nothing about where the FBI will go from here.
But he didn’t have to. Comey’s earlier remarks, coupled with the government’s decision to drop the warrant request, sent a message to other tech companies: Work with us, or don’t. We’ll get what we need without you.
Notably, the U.S. official didn’t say whether the FBI would disclose its newfound technique to Apple, which has a vested interest in protecting the security and privacy of its customers. But Cellebrite, an Israeli company, has been identified in some news accounts as the company that came to the FBI’s rescue. It signed a contract with the bureau worth more than $15 million last week.
In other words: The American government may have used foreign hackers to crack the signature product of America’s top technology company.
But it’s hard to imagine Apple didn’t have some idea what was coming. One of Cellebrite’s other clients is Apple itself. [Continue reading…]
The Atlantic reports: In late April 2013, a tweet from the Associated Press claimed that a pair of explosions at the White House had injured President Barack Obama. Markets reacted nearly instantly, sending stocks plunging. But when, a short time later, Press Secretary Jay Carney told reporters there was no explosion, the market quickly righted itself.
The news organization’s Twitter account was hacked, it turned out. A group calling itself the Syrian Electronic Army claimed credit. In only a few minutes, their rogue tweet demonstrated the market-moving power of 140 characters sent from a credible source.
The Syrian Electronic Army has also defaced websites belonging to the U.S. Marines, Harvard University, and Human Rights Watch, as well as websites and Twitter feeds of other major news organizations like the BBC, CNN, and The Washington Post. The group’s members remained anonymous, going by pseudonyms like “The Shadow” and “The Pro.”
But on Tuesday, the Justice Department revealed the identity of three members of the group, charging them with computer hacking and placing two of them on the FBI’s “Cyber’s Most Wanted” list. The FBI is offering a $100,000 bounty for information leading to their arrest. [Continue reading…]