FBI’s plea for encryption back doors based on false information

2 June 2018 by Steve Blum
, ,

The Federal Bureau of Investigation gave the U.S. congress and the public bad information about the problems it has cracking encrypted phones during investigations, many times over several months. According to a story by Devlin Barrett in the Washington Post, FBI director Christopher Wray repeatedly, and falsely, claimed that agents were locked out of almost 7,800 smart phones and other devices, because of advanced encryption.

He began using the 7,800 figure last year, when he urged congress to give law enforcement back door access to encrypted devices and content…

Wray has repeated the claim about 7,800 locked phones, including in a March speech.


FBI didn't tell the whole truth about cracking encrypted iPhone

31 March 2018 by Steve Blum
, ,

When a pair of shooters attacked an employee party at a San Bernardino County facility in 2015, killing 14 people before being shot by police themselves, one of the attackers left behind an encrypted iPhone that might or might have had information relevant to the subsequent investigation.

Publicly, the Federal Bureau of Investigation’s solution was to force Apple to rewrite its iOS operating system so law enforcement could crack not only the San Bernardino phone, but any iPhone thereafter.… More

NSA shares blame with criminals for massive ransomware attack

14 May 2017 by Steve Blum
, , , ,

Cybercriminals successfully penetrated more than 200,000 computer systems in 150 countries in a continuing attack that began late last week. The initial assault was unwittingly blocked by a security blogger who triggered an off switch while trying to figure out what was going on. But that didn’t help systems that were already infected – it will can still spread from computer to computer within a network – and a new version, without the kill switch, is reported to be already out and running wild.… More

A known cyber threat is no threat to those who know it

1 January 2017 by Steve Blum
, , ,


Vermont municipal electric utility employees read the cyber security alert jointly published by the FBI and the federal homeland security department, and did what it suggested: check their computers for the specific type of malware detailed in the report. According to a press release from the City of Burlington’s Electric Department

U.S. utilities were alerted by the Department of Homeland Security (DHS) of a malware code used in Grizzly Steppe, the name DHS has applied to a Russian campaign linked to recent hacks.


FBI wants network administrators to tighten security, up to a point

31 December 2016 by Steve Blum
, , ,

Crackers working for the Russian government broke into the computer system of “a U.S. political party” during the last election cycle. That’s the unsurprising top line conclusion of a joint report issued by the federal homeland security department and the FBI. Two separate teams working for Russian intelligence agencies phished more than a thousand party functionaries and eventually gained access to administrator level privileges on the target system.

Beneath that top line, though, lurks a fascinating, and ironic, description of how state-sanctioned crackers can penetrate workaday IT networks maintained by corporations and government agencies, and what can be done to stop them.… More

Can secure data and the FBI both be in the national interest?

24 December 2016 by Steve Blum
, ,

A bipartisan congressional review of encryption policy – particularly in regards to law enforcement access to private data – came down squarely against requiring back doors or giving master keys to cops. The top line conclusion of the study was “any measure that weakens encryption works against the national interest”. But that doesn’t mean that the encryption working group established by the house judiciary, and energy and commerce committees thinks law enforcement agencies should throw up their hands and walk away.… More

Who will secure the securers?

9 April 2016 by Steve Blum
, , ,

The FBI is offering the best argument for not giving government agencies back door access to encrypted systems: those same government agencies can’t keep their own stuff locked down. According to a story on Motherboard, the FBI has put out a warning about another massive security breach

The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.


FBI shouldn't ask Apple for a backdoor into iPhones

20 February 2016 by Steve Blum
, ,

No problem making a front door.

The legal standoff between the FBI and Apple over a judge’s order to write and turnover a more hackable version of the iOS operating system raises a lot of questions about civil liberties and the U.S. government’s power to 1. dive into any data it wants and 2. force private companies and individuals to help. But it also poses a question about the technical abilities of U.S. investigators.

According to an open letter signed by Apple CEO Tim Cook and posted its website

The U.S.


If you like low pay and no privacy, the FBI has a deal for you

1 August 2015 by Steve Blum
, , ,

On the other hand, it’s probably easier to pass than the math test at Google.

If it seems like the federal government is losing the war for cyberspace, it might be because it is. And that’s due to a lack of talent in key positions, particularly at the Federal Bureau of Investigation. According to a federal justice department study, as reported by Reuters, the FBI launched what it called the Next Generation Cyber Initiative in 2012, which involved hiring 134 computer scientists and creating cybersecurity task forces at all of its 56 field offices.… More