The FBI Paid "Grey Hat" Hackers to Crack the San Bernardino iPhone
The hackers got a one time fee for their services.
Though the dust has settled between the FBI and Apple, we’re still learning new things about how the government hacked its way into the iPhone 5c at the center of a month-long court battle with digital security and encryption hanging in the balance.
Initial reports mostly concluded that Cellebrite, an Israeli digital forensics firm, was behind the iPhone hack. While the real hackers are still unidentified, the Washington Post reports that the FBI paid a “group of researchers” from various backgrounds a one-time fee to unlock the phone. While some of the researchers were altruistic digital security workers like the ones who discovered the iMessage exploit earlier this year, the Post reports that at least one member of the team paid by the FBI was a “grey hat” hacker — someone who operates in the morally grey area between “white hat” researchers and “black hat” hackers. Grey hats are researchers who find bugs, similar to white hats, but then sell their information to the highest bidder — while they’re not necessarily out to cause harm, they don’t particularly care who buys the information. They’re willing to sell to foreign governments, criminal organizations, or to the companies they’ve hacked, but their motive is self interest, not altruism.
In this case, the FBI came calling, and opened its pockets to the group of experts after they demonstrated a possible way into the iPhone 5C used by one of the San Bernardino shooters.
Apple still has no idea how the FBI team cracked its iPhone, although FBI Director James Comey has said the exploit only works on iPhone 5C models running iOS 9. The FBI abruptly dropped all its charges against Apple after finding out about the possible hack, and for the most part, the case ended there. But there are still a lot of variables floating around, even though it looks like most of the legal action is finished. That the FBI paid a bunch of morally-dubious hackers to unlock the phone isn’t necessarily surprising, but it is interesting when we look forward to what will happen next in the battle between government surveillance and private encryption.