FBI boss: We paid at least $1.2m to crack the San Bernardino iPhone
Nice work, if you can get it
Vid FBI director James Comey today suggested the Feds paid security experts over a million dollars to crack a San Bernardino killer's iPhone.
While speaking at the Aspen Security Forum in the UK, Comey was asked how much his agents paid hackers to break into Syed Farook's iPhone 5C. "More than I will make in the remainder of this job, which is seven years and four months, for sure," Comey replied.
With a salary of about $180,000 a year, that means $1.2m or more was coughed up to unlock the shooter's handset after Apple refused to help the g-men bypass the phone's security mechanisms.
"It was in my view worth it," he added. Of course, nothing useful was found on the iThing.
The FBI had tried to compel Apple through the courts to create a custom iOS to install on the iPhone so that it could be unlocked by guessing the PIN without the device wiping itself after too many wrong attempts. Eventually, the FBI gave up and used some unnamed infosec hackers instead to extract the contents of the iPhone's file system.
You can watch the whole hour-long exchange here:
Comey also tried to play down fears that the FBI is spying on everyone, saying it was difficult to debate about the pros and cons of encryption on Twitter:
It is really hard for us to get permission to listen to someone's phone calls or collect their online communications. There's a devil – an angel in those details: sometimes people think, well, the FBI will just go listen to my phone. Yes, if we're able to go to a federal judge and make a showing of probable cause that you are a foreign terrorist, a spy or someone engaged in serious criminal activity and you're using that device to do that.
It's easy to paint the FBI or the FBI director as the enemy of privacy. I love privacy. I'm a huge fan of strong encryption. But we have a responsibility to keep people safe and there are really bad people in this world. To keep people safe, with appropriate oversight, we need to know what they're talking about. That's why we have to continue to talk about this [the encryption debate].
This is after the FBI's use of the NSA's PRISM database to snoop on American citizens was deemed unconstitutional by a watchdog – who was ultimately overruled by the US government's secretive Foreign Intelligence Surveillance Court. ®
PS: Comey also said bad guys on the internet are more likely to use their skills for espionage and organizing and communicating, than attacking physical systems, such as network-connected dams and pipelines. However, he said it was "inevitable" that criminals will move onto these serious targets.