(Cyberwar.news) For weeks there has been speculation that the FBI utilized a top Israeli cyber forensics firm to break into a locked iPhone used by one of the San Bernardino, California, terrorists, but a new report claims the federal law enforcement agency actually turned to mercenary hackers, the Washington Post reported this week.
The paper said that the FBI was notified by professional hackers of at least one previously unknown software flaw, according to intelligence officials familiar with the matter. The new information was used to create a piece of hardware that enable the bureau to crack the iPhone’s 4-digit personal ID number without activating a security feature that would have erased all of the phone’s data.
The hacker researchers, who normally keep a low profile, specialize in identifying vulnerabilities in software and, in some cases, sell them to the U.S. government. The professionals who identified the terrorist iPhone flaw were paid a one-time fee, the Post said.
The paper reported further:
Cracking the four-digit PIN, which the FBI had estimated would take 26 minutes, was not the hard part for the bureau. The challenge from the beginning was disabling a feature on the phone that wipes data stored on the device after 10 incorrect tries at guessing the code. A second feature also steadily increases the time allowed between attempts.
As has been previously reported, the FBI did not need the services of Cellebrite, an Israeli firm that specializes in cyber forensics.
Now, the government is weighing whether or not to disclose the flaw to iPhone maker Apple Inc., but that decision will likely be made by a group appointed by the White House.
Those who assisted the FBI come from the often shadowy underworld of hackers and cybersecurity researchers who profit from identifying software flaws in companies’ operating systems.
Some of them, known as “white hats,” disclose the vulnerabilities to the firms who designed the software, or to the public so they can be fixed. This group is generally regarded as ethical.
“Black hats,” however, use such information to hack into networks and steal personal information and corporate secrets.
There is a third group – “gray hats” – and at least one person who helped the FBI falls into this category, the Post reported. Members of this group are considered ethically murky – that is, researchers who sell OS flaws to companies that make surveillance tools or to governments.
Critics have charged that gray hats often help governments spy on their citizens. But their tools may also be used to track terrorists or hack into an adversary who is spying on the U.S.
In recent days, FBI Director James Comey said the tool only has limited applicability – iPhone 5Cs running the iOS 9 operating system.