Now that Vault 7 has been released, I realized something about the San Bernadino massacre in California.
The San Bernadino massacre was a mass shooting committed by a Muslim couple who supported ISIS in December, 2015. Farook and Malik were a married couple who came into Farook’s place of work on the day of a Christmas party and training event and started shooting, killing 14 people and injuring 22. The couple had been radicalized over the internet and stockpiled weapons, ammunition, and bomb-making equipment in their house. After the shooting, they left the building in a rented SUV, where a police shootout resulted in their deaths.
During the investigation after the terror attack, the FBI sued Apple when Apple refused to write software that would allow the FBI to access Farook’s password protected Apple smartphone. Apple’s chief executive, Tim Cook, described this request as “chilling,” explaining that creating that kind of software would allow the FBI to have “a master key, capable of opening hundreds of millions of locks.” While the FBI swore up and down that this would be the only time they would use the master key, Apple stuck to their guns. For weeks, the FBI insisted that only Apple could help them unlock it – that there was no other way.
In Congress, FBI Director James Comey stated about unlocking the phone, “It has been two months now, and we’re still working on it.” A week later, the FBI took it to court to try to force Apple to unlock the phone.This became a high-profile case – then something strange happened.
While the lawsuit was ongoing, the FBI suddenly pulled out of the case. They said that they had found a third-party who had cracked into Farook’s phone for them, and asked the federal judge to close the case. Then they released a statement saying that they could not (would not?) comment on the “technical aspects” used to unlock the phone. They also wouldn’t tell us who did it for them. To add insult to injury, they refused to share the details with Apple, who worried that the FBI’s exploitation of the iPhone could lead to the product becoming more vulnerable. At the time, people suspected the Israeli firm Cellebrite of being the third-party vendor.
But it didn’t end there. In September 2016, the Associated Press sued the FBI along with two other news organizations. They wanted to find out exactly who the government paid and how much taxpayer money they spent to crack this phone. Their argument was that there was no legal basis to withhold this information, and that the public has a right to know whether the third-party they used had adequate security, was reputable enough to get paid by the government, and would use the information it had for the public interest.
Serious concerns, but the FBI did not seems to think so. The lawsuit resulted in the FBI releasing 100 pages of heavily censored documents related to the agreement.
Here’s what we know:
- The third-party vendor was required to sign an NDA (non-disclosure agreement)
- The FBI was approached by at least three companies who wanted to crack the phone, but none of them had the ability to do it fast enough for the FBI
- The files were marked “secret”
Here’s what we don’t know, because it was censored:
- Who the third-party was
- What the hack cost
- How the phone was hacked
- Who the three companies were
So here’s how this could be connected to Wikileaks’ huge Vault 7 drop today.
Let’s start from the beginning. Wikileaks 8000+ page leak alleges that the CIA knew how to hack iPhones all along.
If the CIA knew how to hack into iPhones on a “root” and even “kernel” level, surely a password crack would not be beyond their capabilities. And the CIA and FBI communicate regularly, don’t they? Or do they? Traditionally, communication between the two departments has been strained. After 9/11, the two departments tried to get better at communicating so that they could battle terrorism more effectively. According to a transcript of this 2004 speech (which was meant to outline the FBI’s goals in expanding communication with other departments, including the CIA) from Willie T. Hulon, a previous FBI deputy assistant director for Counterterrorism:
The Bureau fully contributes intelligence analysis to the President’s Terrorist Threat Report (PTTR). These products are coordinated with the CIA, DHS, and other federal agencies.
So we can establish that the FBI and CIA do collaborate with one another. From later on in the transcript:
We have established much stronger working relationships with the CIA and other members of the Intelligence Community. From the Director’s daily meetings with the Director of Central Intelligence and CIA briefers, to our regular exchange of personnel among agencies, to our joint efforts in specific investigations and in the Terrorist Threat Integration Center, the Terrorist Screening Center, and other multiagency entities, the FBI and its partners in the Intelligence Community are now integrated at virtually every level of our operations. In addition, the FBI is a participant in the Gang of Eight meetings.
The FBI currently has Agents and Analysts detailed to CIA entities, including the DCI’s Counter Terrorist Center (CTC). We also have FBI agents and intelligence analysts detailed to the NSA, the National Security Council, DIA, the Defense Logistics Agency, DOD’s Regional Commands, the Department of Energy, and other federal and state agencies.
And the communication/overlap between the two departments is extensive. This leads to the obvious question:
If (as the Wikileaks documents allege) the CIA knew very well how to hack into Apple’s iPhones, and the CIA and FBI communicate regularly (communication which the FBI’s official .gov site describes here), why did the FBI sue Apple in 2016?
Let’s take it one step further. Why did the FBI pull out of the lawsuit so suddenly so that they could have a shady transaction with an undisclosed third-party? Could it be that the “third-party” was really the CIA, stepping in to help?
Is it possible that the entire lawsuit with Apple was merely a cover-up for the CIA so that the FBI could set the stage for the CIA to be able to claim in the future that their departments knew nothing about cracking Apple phones? After all, any logical person would wonder why the FBI would have sued at all if they could get the info from the CIA themselves. While we don’t have the answers yet, I think these are questions that need to be asked.