Wednesday, 15 May 2013

Apple decrypts seized iPhones for law enforcement

Apple is considered an impregnable fortress, the main functions provided by the iOS operating system and related data are inaccessible to ill-intentioned but also to the law enforcement in case of investigations.
Several times we discussed on the privacy issues related the use of mobile devices, Smartphone and tables manage a huge quantity of the user’s information, have the history of his movements and of his contact.
Let’s consider also that the rapid diffusion of mobile app has increased the type and the quantity of information collected, today many applications manage any kind of data from social network contacts and communication to user’s health data.
One of principal problem during investigation made by law enforcement is to access data managed by Apple’s IOS, but the problem is not limited to Apple, in the past US police and intelligence agencies requested to principal companies such as Google to support investigation allowing the access to defendant’s mobile.
The request was to design a backdoor for governments to use in case of investigation, the argument is subject to a great debate ….  security or privacy? This is the question.
Officially the company contacted by law enforced always denied to give the access to their device security features, also for investigation by law enforcement, but something is changing. To respond to numerous requests police demands to decrypt seized iPhones Apple created a waiting list to handle the deluge of requests and this represent an historical change, because the waiting list had grown so long there would be at least a 7-week delay to have a response from Apple.
In a documented case reported by court documents, an agent at the ATF, the federal Bureau of Alcohol, Tobacco, Firearms and Explosives “contacted Apple to obtain assistance in unlocking the device," U.S. District Judge Karen Caldwell wrote in a recent opinion. She also wrote, that the ATF was "placed on a waiting list by the company."
ATF agent Rob Maynard declared that, for nearly three months last summer, he "attempted to locate a local, state, or federal law enforcement agency with the forensic capabilities to unlock" an iPhone 4S, the mobile is a property of a man in Kentucky who was charged for supplying crack cocaine.
The problem is that according the agent each police agency responded by saying they "did not have the forensic capability,", that's why the agent decided to contact directly Apple requesting support.
Apple has capability to decrypt seized devices
Apple is the unique entity able to bypass the security lock to extract data from iPhone despite there are a few software packages that claim to be able to extract some or all information stored on encrypted iOS devices such as  like Elcomsoft's iOS Forensic Toolkit and Oxygen Forensics Suite 2013.
Another case has been reported, in Nevada agents weren’t able to bypass the encryption mechanisms of the iPhone and iPad for investigation, also The Drug enforcement Administration has also faced a similar problem to decrypt message sent with iMessage chat service as per an internal document.
In all these cases Apple seems to have provided a meaningful contribute despite it isn’t clear if the company used a specific built in backdoor or has access to encrypted data using custom tools.
Apple specifically states in its privacy policy that it may disclose personal information "by law, legal process, litigation, and/or requests from public and governmental authorities within or outside your country of residence".
A CNET post revealed law enforcement can count on the support provided by companies such as Google and Apple, following a part of the interesting article:
“Last year, leaked training materials prepared by the Sacramento sheriff's office included a form that would require Apple to "assist law enforcement agents" with "bypassing the cell phone user's passcode so that the agents may search the iPhone." Google takes a more privacy-protective approach: it "resets the password and further provides the reset password to law enforcement," the materials say, which has the side effect of notifying the user that his or her cell phone has been compromised.”
The reality is that companies such as Google and Apple, but also other manufacturer are able to access to user’s data on mobile device even if they are on an encrypted device, at least in some circumstances.
Christopher Soghoian, principal technologist with the ACLU's Speech, Privacy and Technology Project declared:
"That is something that I don't think most people realize," "Even if you turn on disk encryption with a password, these firms can and will provide the government with a way to get your data."
Privacy probably is the biggest utopia of our time.
Pierluigi Paganini

Hackers create cheap device unlocks Hotel room doors Cross US

Hotel room hackers have hit the Valley and now police agencies are working together to try and find the culprit or culprits who have stolen items from hotel guests in Phoenix, Mesa, Scottsdale and Tempe.(ABC)
The hackers create an easy-to-make, cheap device that they plug into the electronic doorknob. It obtains the keycard access number and then unlocks the door, according to Tempe police.
The security flaw was first demonstrated by Mozilla software developer Cody Brocious at the Black Hat hacker conference in July. Brocious showed how he could simply unlock a hotel door in a couple of seconds by using tools that cost around $50, which he could easily hide in a dry erase marker pen or an iPhone case.
Police said the company has created a software upgrade as well as manufactured “caps” to prevent the device from being plugged into the lock.

Armenian hackers VS Azerbaijani journalists

“Ananun” published on the website “” a new "portion" of correspondence of Azerbaijani journalists who are engaged in anti-Armenian propaganda and falsifications. This time it was the turn of Bahram Batiev, journalist of "" news agency, whose working correspondence concerning to Armenian issues, is made public and is being widely discussed in the network.
One of the notable points is the cooperation with the representatives of the Azerbaijani community of Israel, presenting themselves in media as independent and neutral experts. For example, the messages of Avigdor Eskin, offering their services to the Azerbaijani side, as well as subsequent reports for the fees are posted in the network.
It is also noteworthy that in the correspondence experts Arie Gut, Lev Spivak and Michael Agaronov admit openly that they are representatives of the Azerbaijani Diaspora in Israel: "The highest assessment of the work of our Diaspora is reflected in Akbar Hasanov’s article, the famous Azerbaijani journalist."
However, for example, Peter Lucksimson, the editor in chief of "News of the Week" Israeli newspaper rebukes the Azerbaijani adulterator for distorting his interview about the "dangers of the Armenian lobby."
The correspondence with well-known anti-Armenian Guram Markhuliya, who asks to call him Aliyev, is also interesting. He expresses his desire to learn Azerbaijani "to do a something pleasant to his brothers" and also alludes to the straitened financial conditions.
The correspondence with Georgi Vanyan the organizer of the failed Azerbaijani film festivals in Armenia can also be found in the network. Bahram Batiev and Rizvan Huseynov promise Vanyan to attend his event in Georgia.
Expert Oleg Kuznetsov suggests his services, "for voicing the disposition of the Azerbaijani side.” Batiev rejects his hints at covering the cost of his services. In the end he gets his satisfaction in his "appreciative audience" of his anti-Armenian interviews placed on news agency site.
Another interesting point is the cooperation of Ukrainian resource "Hvilya" with Azerbaijani propagandists; anonymous complaints of a teacher from Krasnodar region on his Armenian colleague Varvara Markarian, for example, or the testimony of retired serviceman Stanislav Razdobreev, whose interview was "corrected", and then completely removed from "" It is noteworthy that in his personal correspondence Russian military "gives" Batiev inconvenient questions of the Armenian journalists and recognizes that lied to the Armenians. Finally the proposal of actor Joseph Harry can be noted about sitting with Bahram in Tbilisi alone and drink a glass of Armenian cognac.

Iran has started cyber attacks inside the U.S.

A previously unknown hacking group believed to be based in Iran has started cyber attacks inside the U.S., according to Mandiant Corp., a security company that’s linked China’s army to similar activity.
The Iranian group emerged within the last six months and has infiltrated the networks of at least one U.S. corporation, Richard Bejtlich, Mandiant’s chief security officer, said in an interview in Washington today.
You’re starting to see the Iranians get more active,” Bejtlich said. “We’ve got at least one case where we think it’s Iran, and we think what they are doing is trying to gain some experience on a live network.”
Bejtlich’s observation backs assertions by U.S. politicians including Representative Mike Rogers, a Michigan Republican and chairman of the House Intelligence Committee, that Iranian groups are behind recent cyber attacks.
Closely held Mandiant, based in Alexandria, Virginia, released a report in February concluding China’s People’s Liberation Army may be behind the hacking of at least 141 companies worldwide since 2006.
Mandiant is investigating the new group’s tactics and hasn’t concluded it’s backed by Iran’s government, Bejtlich said. “We don’t know if it’s the government,” he said. “We don’t know if they’re patriotic hackers.”
The group’s motivation isn’t clear, and Bejtlich wouldn’t name the U.S. company that has been infiltrated or what industry is involved.
“We haven’t seen these guys before,” Bejtlich said. “They are working their way through a network trying to figure out where can they go; who will find them; who will stop them.”
Growing Threat
Allegations that the Iranian government is behind cyber attacks are “baseless,” Alireza Miryusefi, a spokesman for the country, said in an e-mailed statement.
Iran has been repeatedly targeted in hacking attacks sponsored by other governments and wants an international legal framework to address issues surrounding cyber warfare, he said.
Mandiant tracks about two dozen groups considered to be the most aggressive attackers, known as advanced persistent threats. The majority of the groups are based in China while others are Russian or Eastern European, Bejtlich said.
Bejtlich said he is increasingly worried about cyber attacks escalating from espionage to sabotage, or the destruction of computer systems.
Persistent Attacks
“No one’s been talking about that previously,” he said. “What I worry about is that someone’s going to make a decision to do that and either not think through the consequences or understand the consequences, or even care about the consequences.”
The House has passed legislation, H.R. 624, that would encourage information sharing about threats between the government and private sector.
Bejtlich said information sharing alone won’t stop cyber attacks. The group in China identified in Mandiant’s February report continues its attacks, for example, he said.
“There are plenty of sites that are still being attacked by the same group using the same methods and the same infrastructure,” Bejtlich said. “It’s clear that even when you make information completely free and just available for download, it’s not going to solve the world’s problems.”
He said legislation is needed clarifying that companies can protect their networks from attacks, and businesses need to remain vigilant.
“We respond to companies that are armed like Fort Knox and it didn’t make a difference,” he said. “If you’re a sufficiently juicy target, they will find their way in no matter what you have.”