Researchers working with the Central Intelligence Agency have conducted a multi-year, sustained effort to break the security of Apple’s iPhones and iPads, according to top-secret documents obtained by The Intercept.
The security researchers presented their latest tactics and achievements at a secret annual gathering, called the “Jamboree,” where attendees discussed strategies for exploiting security flaws in household and commercial electronics. The conferences have spanned nearly a decade, with the first CIA-sponsored meeting taking place a year before the first iPhone was released.
Outrage something something not surprised exclamation point.
A better title would be:
The CIA campaign to steal Apple users’ secrets
…I suppose there will be a debate where the apostrophe goes
Edited 2015-03-10 12:42 UTC
Why they can’t simply ask NSA for data?
Because they’re not allowed to work that closely together.
EDIT: And it would involve a lot of bureaucracy to do so.
Edited 2015-03-10 16:50 UTC
When has that stopped either of them?
When has that stopped either of them? [/q]
It doesn’t. It just means there is duplication of effort as both agencies end up doing the same thing, and sometimes on a rare occasion they go through the bureaucracy and work together, it’s just a lot of red tape so which ever path is the least resistance is the one they take to get the job done.
I didn’t think there was any legal reason why the NSA and CIA couldn’t or didn’t work together. Any source on that?
Because they are competitors? Are Microsoft, Google and Apple sharing information?
No, it would be more like the CPU and a GPU in the same computer. They *should* be working together and sharing resources to do the job assigned by software/government.
Instead CPU manufactures want you to spend more on the cpu and GPU manufactures want you to spend more on the gpu.
Most of the agencies are firewalled from each other as they not allowed to collaborate too closely. DHS was suppose to resolve some of that among certain agencies – FBI, TSA, etc; but it has been its own mess.
NSA and CIA are charged with different missions that in theory should not overlap much. So the corporate firewalls in place shouldn’t be an issue. Problem is they’ve both let their missions creep into other things where it becomes more of an issue.
They probably need to fill up millions of forms to apply for that piece of data because this is a inter-department request. Think about it, in USA, you’ve got CIA, FBI, NSA, Homeland security, ONI, etc, etc, etc… Why do you think they need so many departments to do exactly the same thing?
While it’s certainly likely that SOMEONE was (is) interested in obtaining cryptographic keys by hook or by crook, and I would never doubt the veracity of top secret documents obtained by <X> via <Y> (and then posted on the internet), but I have two observations:
1) Snowden worked for the NSA, not the CIA, and historically, they don’t play nicely with each other.
2) .cia is not a top-level-domain.
Obviously the CIA may have an internal network which recognizes .cia as a top level domain, and may in fact have an organization-wide wiki page at “wiki.cia”, and may even have genuine ssl certs for that domain– Someone who does, or has, worked for the CIA would have to be willing to comment.
The idea that Snowden would have root access, or even browse access, to such a wiki page seems unlikely.
It just looks… “odd” to me. Perhaps that’s deliberate.
Read the article, This was info that was briefed to the CIA, generated by a private government sponsored agency. The NSA was also there to be briefed by their findings, which is how Snowden got his hands on it.
And its well documented that Snowden had access to a lot of stuff he never should have had access to. Turns out the NSA was really good on offence, terrible at defense.
National Security Agency. Named by the same people who gave us “X ray specs” and “Democratic People’s Republic of Korea”.
^aEURoeApple led the way with secure coprocessors in phones, with fingerprint sensors, with encrypted messages. If you can attack Apple, then you can probably attack anyone.^aEUR
Sounds like Apple is taking the lead in fighting for secure data for it’s users, with the CIA as an obvious foil to their attempts.
I also agree that the CIA should run such hacking programs and be ready to crack open an iPhone or anything else given the proper warrant and criminal case.
What I don’t like is the attempt to release a compromised XCode – that should be very illegal and Apple should get it’s lawyers looking into that. Apple Inc vs US Government for software piracy?
I also don’t like how the CIA is not sharing any information with Apple. There can be some back and forth which could in turn lead to better security for innocent users and better access to criminal possessions for the authorities.
You realize you’re talking about Apple right?
The CIA is neither a law enforcement agency nor a tool for law enforcement to use. They gather intelligence on foreign threats to national security. Like seemingly all other government agencies, I’m sure they’re doing plenty they shouldn’t be… But, executing search warrants and prosecuting criminal cases certainly isn’t on the list.
Good luck with that. The government wrote their own get-out-of-jail-free card into law and named it the Patriot Act. Any time anyone is caught doing something they shouldn’t be, they simply slap classified & national security stickers on it and tell you to piss off.
Why in the world would the CIA do that?! The CIA has no interest is closing exploits and security flaws. That would be counter-productive to their purpose. It would be like a bank robber telling you how he breaks into your bank.
Apple is mostly security theater. It doesn’t take a lot of effort to break iOS security because Apple’s programmers aren’t well schooled in secure programming techniques. It doesn’t take long on new releases for some enterprising hacker or security researcher to find a flaw to render Apple “security” useless. The CIA may not be able to enter the front door, but historically, it’s not been necessary either with Apple’s products. An encryption system and coprocessor doesn’t mean a thing if the software implementation is riddled with flaws.
The CIA isn’t a law enforcement agency and, by law, is banned from operations on US soil. Therefore, no warrants wanted nor needed. Counter espionage operations are under FBI jurisdiction.
The US Federal government is immune to copyright infringement lawsuits under Sovereign Immunity, especially in cases involving national security.
It’s foolish to expect any intelligence agency to expose their sources and methods for intelligence gathering. It’d also be criminally negligent if such revelations got agents in the field killed or captured. Yes, this would include computer based intelligence.
Don’t get me wrong, I don’t support the NSA dragnet on US citizens and purposely weakening the software infrastructure trust the Internet is built upon. But purposely breaking software for blatantly unconstitutional search and seizure is a far cry from finding mistakes by others exploited for genuine targeted foreign intelligence operations.
The CIA is just doing what it’s supposed to be doing. Nothing surprising nor worthy of condemnation in this case.
Edited 2015-03-10 19:39 UTC
I had no idea this was the case. So the feds can take your company’s software, hack it, put it into circulation with false credentials, and they are legally allowed to do this?
Yes. The CIA can legally take software, alter it for their purposes, and then deploy it in overseas operations. Your company can’t do anything about it. EULAs don’t apply.
The DOD, NSA, etc have the same immunity inside their own fiefs. Naturally the government tries to avoid doing that unless it’s necessary, they make a real effort to “play nice” where departments aren’t critical, like the Dept of the Interior. Legal liability gets a little more murky because of a law passed in 1946 removing some Sovereign Immunity cases. But, when it comes to national security the gloves come off. If a company’s employees know, or find out, there’s plenty of laws on the books that discourage disclosure or interference.