SAN FRANCISCO — Former government officials are questioning whether the FBI used every possible means at its disposal to break into an iPhone used by the San Bernardino shooters before asking a federal court to compel Apple to help.
In interviews with BuzzFeed News Wednesday, the former officers with the FBI and NSA acknowledged that U.S. intelligence agencies have technology that has been used in past intelligence-gathering operations to break into locked phones. The question, they added, was whether it was worthwhile for the FBI to deploy that technology, rather than setting a precedent through the courts.
“There are capabilities that the U.S. government has, that are used for intelligence collecting only and that wouldn’t be used for a criminal matter because they would have to come up in open court,” said Austin Berglas, a former Assistant Special Agent in charge of the FBI's New York Cyber Branch who is now head of Cyber Investigations and Incident Response at the private consultancy firm K2 Intelligence.
Those capabilities, Berglas said, include so-called “zero-days,” or exploits that take advantage of flaws in software that have not been disclosed to the makers of the software. Entire black markets exist for the sale of zero-days, which in the hands of the right (or wrong) people can be used to hack into phones or laptops undiscovered. While the exploits are rarely acknowledged by the government, Amy Hess, the head of the FBI’s Science and Technology department, acknowledged in a recent interview with the Washington Post that the FBI uses zero-days. A number of civil liberty groups have attempted to find out more about the NSA’s use of the exploits, which is widely suspected to be more sophisticated, and effective, than the FBI’s technology.
“If it is an issue of national security you will see the most sophisticated tools, the zero-days,” said Berglas. “We wouldn’t give up the tools we use to protect our national security for use in an individual criminal case.”
The FBI did not respond to a request for comment from BuzzFeed News on whether the bureau had zero-days that could be used on the San Bernardino shooter's iPhone.
The FBI and Apple have become locked in a battle that could decide the future of tech companies’ compliance with government orders after a U.S. magistrate on Tuesday ordered Apple to help the FBI unlock an iPhone belonging to Syed Rizwan Farook, one of the two shooters behind the Dec. 2, 2015 attack on a community center in San Bernardino, California.
The judge’s order came after FBI Director James Comey told the Senate Intelligence Committee last week that the bureau had been unable to unlock Farook’s iPhone. NSA Director Michael Rogers said in an interview with Yahoo Wednesday that the agency had been able to obtain metadata from phone records, which includes the time and duration of phone calls — but not the content of emails and text messages. Apple CEO Tim Cook has vowed to challenge the court’s order.
Robert Cattanach, a former attorney for the U.S. Department of Justice and a partner at the Dorsey & Whitney law firm, told BuzzFeed News that there was little precedence to help guide the current case.
“Apple faces a dilemma. It certainly does not want to be seen as impeding a legitimate law enforcement investigation, but out of principle it has drawn the line in affirmatively assisting law enforcement attempting to access information that its users — even terrorists — relied on as being inaccessible. Apple claims that even disabling the auto-wipe feature (which it protests it has no current ability to do) would start the tech company down a slippery slope,” Cattanach said.
The federal district court’s order asked that Apple design a custom software package that would allow law enforcement officials to make an infinite number of attempts to guess the password to unlock the device that belonged to one of the San Bernardino shooters. “For its part, the FBI certainly views this setting as an ideal test case to move the needle in the delicate balance between privacy expectations and national security interests,” Cattanach said.
The FBI would have filed all its previous attempts to unlock the phone to the court under a seal, Cattanach said, adding that it was highly unlikely the FBI, or the NSA, would admit — even in sealed documents — what sort of capacity they had to break into phones.
“There is no way on earth the NSA would disclose even to the FBI what they can and cannot do to hack an iPhone,” said Cattanach. “The capabilities of the NSA are a closely guarded secret. The FBI might ask for help but the NSA would say, ‘Thanks but no thanks,’ based on my experience.”
Many of those closely guarded secrets, however, were revealed in the files released by whistleblower Edward Snowden. Attempts by the NSA to hack into Apple’s iPhones and iPads were detailed in a recent report by The Intercept, although it is unclear to what degree they were successful. Zero-days, the most effective tools used to access devices, are notoriously expensive and difficult to obtain. A single zero-day exploit can take researchers months or years to discover, and even then, it only remains effective for as long as the software company doesn’t discover the problem and patch it.
Mark Weatherford, former deputy undersecretary at the Department of Homeland Security and current chief cyber strategist at the data security center company vArmour, told BuzzFeed News in an email that he believed the FBI’s request would establish a terrible precedent.
“Without casting aspersions about how well (or poorly) the government protects sensitive information (OPM, IRS), enabling the government to enter via a backdoor is truly a Pandora's Box issue," said Weatherford. "Once any such hack is created, it will physically live somewhere that is now forever susceptible to being compromised. This also begs the question: What would be the reaction of the U.S. government if this was China, Russia, or Iran trying to force Apple to hack a citizen phone for their own reasons?”
Former NSA intelligence officers who spoke to BuzzFeed News said they could not comment on the use of zero-day exploits, though one, who left the NSA last year, said they were the “most expensive but effective tool.”
“These are, like, the most expensive tools in the arsenal. They are not the sort of thing you break out for a single case, a single phone,” said the former NSA officer, who agreed to speak only on condition of anonymity. “Without saying whether or not we use zero-days, I’ll just say that if we did, they would only be in situations where we needed to use our most expensive but effective tool. In today’s world though, I think it’s pretty widely known that zero-days are that joker card, and that they exist.”
Sheera Frenkel is a cybersecurity correspondent for BuzzFeed News based in San Francisco. She has reported from Israel, Egypt, Jordan and across the Middle East. Her secure PGP fingerprint is 4A53 A35C 06BE 5339 E9B6 D54E 73A6 0F6A E252 A50F
Contact Sheera Frenkel at firstname.lastname@example.org.
Got a confidential tip? Submit it here.