Hacker publicly releases 900GB of data stolen from Cellebrite

News by Roi Perez

Following a breach on the Israeli mobile forensics firm Cellebrite which saw 900GB of its data stolen, the hacker responsible has released what are claimed to be the company's phone hacking tools.

A hacker claiming responsibility for last month's Cellebrite 900GB breach has allegedly published a trove of files from the Israeli mobile firm.

The files supposedly relate to Android and BlackBerry devices, and older iPhones. It is suspected some of the files may have been copied from publicly available phone cracking tools.

The hacker says this demonstrates that hacking tools, even when made by legitimate companies, will inevitably find their way to the public.

"The debate around backdoors is not going to go away, rather, its is almost certainly going to get more intense as we lurch toward a more authoritarian society," the hacker told Motherboard in an online chat.

"It's important to demonstrate that when you create these tools, they will make it out. History should make that clear," they continued.

The anonymous hacker claimed to have taken the newly released data from a remote Cellebrite server, and said they had extracted the files from UFED images.

They told Motherboard that the files were encrypted, which was likely in an attempt to protect Cellebrite's intellectual property, but that they managed to bypass the protections.

Cellebrite is an Israeli company which specialises in extracting data from mobile phones for law enforcement agencies.

In early 2016, the Department of Justice and Apple entered into a legal battle as Apple refused to build a custom operating system that would allow law enforcement to look into the iPhone of  of the San Bernardino shooter, Syed Farook.

There were  concerns at the time that, if such an operating system was created, it could leak and become public.

Tony Gauda, CEO of ThinAir told SC Media UK that, “the breach at Cellebrite is a privacy advocate's nightmare come true. Software exploits that allow law enforcement to exfiltrate data during criminal investigations become extremely dangerous when in the wrong hands, and firms such as Cellebrite must acknowledge the huge target they have on their backs.”

The US Department of Justice tried to legally compel Apple to open the phone. Apple still refused and the FBI allegedly contracted Cellebrite to carry out the task for them.

A spokesperson for Cellebrite told Motherboard in an email: "The files referenced here are part of the distribution package of our application and are available to our customers. They do not include any source code."

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews

Interview - Everyone has an Achilles heel: The new security paradigm

How can we defend networks now that the perimeter has all but disappeared?
Brought to you in partnership with ExtraHop