Accounts dept not going to like this expense claim, as FBI director reveals fee for unlocking terrorist iPhone
The director of the FBI has shed light on how much the bureau paid an unnamed third party to unlock the iPhone 5C that belonged to San Bernardino terrorist, Syed Rizwan Farook.
Last week it was reported that the FBI had actually paid so called ‘grey hat’ hackers to crack Farook’s iPhone, after Apple refused to co-operate, arguing that the FBI essentially wanted it to create a “backdoor” that could allow it to unlock any iPhone in the future.
Until now, it was unknown how much the FBI actually paid to unlock the iPhone.
But FBI director James Comey has this week offered a big clue as how much these “grey hat” hackers charged the FBI to unlock the device.
Comey was speaking at the Aspen Security Forum in London, and was asked by a moderator how much the FBI paid for the software that eventually broke into the iPhone.
Reuters reported that according to figures from the FBI and the US Office of Management and Budget, Comey’s annual salary as of January 2015 was $183,300 (£127,000). This means that without a raise or bonus, Comey will make $1.34 million (£928,740) over the remainder of his job.
And this also means that the FBI paid the third party hackers at least $1.34m to unlock the iPhone.
It should be remember that the software used to unlock the iPhone will also allow the FBI to other 5C iPhones running iOS 9, after Director Comey admitted its unlocking software only works on older Apple smartphones. “We have a tool that works on a narrow slice of phones,” Comey said recently.
Late last month the FBI dropped its legal case against Apple after it finally managed to unlock the iPhone 5C with the help of an unnamed third party.
There was speculation at the time that the FBI had employed the services of Cellebrite, a legitimate mobile forensics company based in Israel. That firm has been used by other law enforcement departments to unlock mobile devices.
But after getting no joy from Apple, it seems that the FBI was approached by “grey hat” hackers with an unlock procedure.
The FBI then used this information to “create a piece of hardware” that helped it to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data.
That fact that the FBI used the services of a group of hackers will no doubt raise some ethical questions.
So called ‘white hat’ hackers are responsible security researchers who disclose the vulnerabilities so the flaws can be fixed. ‘Black hat’ hackers are the hackers commonly reported in the media that attack computer systems in order to steal personal data and other valuable information.
In between these two groups sits another classification of hackers, sometimes known as ‘grey hat’ hackers.
These hackers are highly controversial, as they are considered ethically dubious at best, because they sell the flaws and vulnerabilities to businesses (and indeed governments) for them to exploit. They do not inform the vendors concerned for example and sometimes even violate laws.
Critics argue these grey hat hackers provide information that governments can use to spy on their citizens, in return for financial gain. These ‘grey hat’ hackers have no allegiance, and could also sell those exploits to rival businesses, or indeed terrorist organisations.
Are you a security pro? Try our quiz!