FBI got secretive Australian firm to unlock terrorist's iPhone

REVEALED: FBI got secretive Australian hacking firm to unlock iPhone of San Bernardino terrorist Farook Malik in 2016 after stand-off with Apple over mass-killer’s privacy

  • The 2015 San Bernardino terror attacks, in which 14 people were killed and 22 wounded were the deadliest terrorist incident on US shores since 9/11 
  • The FBI asked Apple to crack Syed Farook’s phone, suspecting it contained clues why he and Tashfeen Malik opened fire at a staff Christmas party
  • Apple CEO Tim Cook refused citing privacy and ethical concerns, and giving governments the power to snoop was  ‘something we consider too dangerous’
  • It provoked a furious legal battle, with the FBI going to court to compel Apple to open its encrypted software
  • The FBI approached a little-known ‘hacker’ startup from Australia called Azimuth Securities, which was able to unlock the phone
  • Their legal effort was quietly abandoned and was only uncovered in a separate legal action Apple took against a new firm connected to Azimuth

An iPhone owned by an Islamist terrorist who killed 14 was unlocked by a secretive Australian hacking firm months after the 2015 attack, it has been revealed.

Syed Farook’s iPhone 5C was opened up by Sydney-based firm Azimuth Securities in 2016 after Apple ignored court orders from the FBI to do so. 

A tense stand-off ensued, which was finally resolved when the Bureau approached Azimuth, a so-called ‘white hat firm’ of ethical hackers which helps expose security flaws, according to The Washington Post.  Azimuth was paid $900,000 by the Bureau for its services, Senator Dianne Feinstein has claimed. 

They were approached because the FBI believed the phone contained vital evidence about whether Farook, who with wife Tashfeen Malik, 27, killed 14 and wounded 22 after opening fire at a Christmas party in the Californian city in 2015, were ordered to carry out the attack.

The FBI went to court to compel Apple to build a backdoor that would bypass new security features of its then-new iOS9 operating system, which wiped the phone’s contents if a passcode was entered wrongly 10 times. Earlier operating systems had been easier for government hackers to crack. 

However, Apple CEO Tim Cook refused to help, arguing that by unlocking the iPhone’s encrypted software would allow iPhone users to be snooped on and set a dangerous precedent.

The stand-off was ultimately resolved when Azimuth Securities – founded by Mark Dowd, a marathon-running Australian tech whiz – found a way through past Apple’s seemingly impregnable security features. 

San Bernardino terrorist shooter Syed Farook, left,  orchestrated an attack on colleagues in 2015, killing 14 and badly wounding 22, with wife Tashfeen Malik

James Comey, who was FBI Director at the time of the attack, believed Apple should be forced to legally comply with the order, and that such a court order could be used to force other tech companies to open the electronic devices of suspects to law enforcement.

The FBI won a court order forcing Apple to install a bypass to its security feature.

But Apple refused, citing customer privacy, with Tim Cook saying to do was ‘something we consider too dangerous to create’. 

Cook said the feature could be used to create surveillance software to intercept messages, access health and financial data, or even the phone’s microphone or camera.

Four hours after the attack, law enforcement located the couple in their black Ford Expedition SUV, pictured, and shot them dead

In early 2016, Comey, the much-maligned former FBI head, testified to Congress that they were unable to access the terrorist’s phone.   

Around this time the FBI contacted Azimuth Securities to see if they could help. 

Dowd had already identified a flaw in software used by Mozilla Firefox that could potentially create a way in to the iPhone operating system.  

Using this weakness, another Azimuth researcher David Wang was able to get a ‘foot in the door’, The Washington Post reported. 

Wang painstakingly unlocked various security levels until with help from another Azimuth researcher he was able to gain control of the iPhone’s core processor.

They tested their discovery – which they named Condor – on about 10 iPhones, and it worked every time. 

After the shooting Marik and Farook fled in this black Ford Expedition. They were pursued by law enforcement, and later shot dead

By mid-March, Azimuth came to FBI headquarters to show Comey how Condor could unlock an iPhone without destroying its data.

After ensuring its efficacy, the FBI unlocked Farook’s phone, where it found no useful evidence, or links to other terror cells.  

The FBI abandoned its efforts to compel Apple to unlock its encrypted software protections, thus avoiding a legal precedent it could have used to force other tech companies to comply. 

Will Strafach, an iOS security researcher, told the Post Azimuth may have avoided ‘a very bad precedent’ for Apple ‘where everyone’s phone would have weakened security’.

Azimuth’s involvement in unlocking the iPhone was only revealed by chance five years later after a separate legal action filed by its former researcher Wang.

He had gone on to found a new Florida-based firm Corellium in 2017, which tests Apple’s security features using virtual iPhones.

Apple sued Corellium in 2019 to force it to reveal its hacking techniques, claiming they were ‘attempting to profit by selling access to Apple’s copyrighted works’. 

Azimuth, which has since been sold to a large Government contractor L3 Harris, was forced to testify in the lawsuit as Apple sought to uncover who might have benefited from the access.

Court documents, obtained by the Post, show L3 and Azimuth said their clients were ‘highly-sensitive and a matter of national security’.

The judge dismissed Apple’s copyright suit against Corellium.  

The 2015 San Bernardino terror attacks, in which the ISIS-supporting couple killed 14 and wounded 22, were at that time the deadliest terrorist incident on US shores since 9/11.

On December 2, Farook, an inspector with the county public health department, and wife Malik left their six-month-old daughter with Farook’s parents and said they were going to a doctor’s appointment.

Instead, they drove to a work Christmas event armed with semi-automatic weapons, bombs. The couple, who were wearing ski masks and tactical gear, then sprayed their victims with bullets. 

They were subsequently shot and killed after a police pursuit. 

Farook’s phone, which belonged to his employer and operated on a iOS 9 system, quickly became a key focus for investigators, who wanted to know whether the couple were operating independently or receiving orders from a terrorist cell.

A Justice Department report later found the couple had been spent years steeped in online extremism. 

Farook had planned to carry out an attack as early 2012, before he met his wife and prior to the creation of ISIS.

Farook was born in Chicago to Pakistani parents. Malik was born in Pakistan and later obtained permanent residency in the US after marrying Farook.  

The two exchanged messages online about committing atrocities even before Malik had arrived in the US, and had been consuming ‘poison on the internet’ for years.

They traveled to Saudi Arabia in the years leading up to the attack and amassed a stockpile of weaponry.  

A neighbor of Farook’s Enrique Marquez was later convicted of terror offences for buying two rifles used in the attack. 

Malik had pledged allegiance to ISIS leader Abu Bakr al-Baghdadi in a Facebook post written on both of their behalf just before the attack.

Prior to the 2015 iPhone update, the FBI had previously been able to crack 4-digit pin numbers with relative ease, but a feature in the new operating system made it delete the entire contents of the phone if the wrong pincode was entered more than 10 times. 

James Comey testified to Congress in early 2016 that the FBI was unable to access the San Bernardino shooter’s iPhone. At around the same time, the agency approached Azimuth Securities

Apple CEO Tim Cook refused to allow the FBI access to its encrypted software, saying to do so would create be ‘too dangerous’

Azimuth Securities hackers found a way around the encryption using a program they called Condor, and came to FBI headquarters in Washington DC to demonstrate it

The secretive ‘hacker’ firm run by a 41-year-old coder who loves running marathons

Mark Dowd, the co-founder of Azimuth Securities, 

Mark Dowd, the founder of Azimuth Securities, has been described as ‘the Mozart of exploit design’.

The 41-year-old marathon runner can, according to a Washington Post source, ‘can pretty much look at a computer and break into it’.

According to a biography on the company website, Dowd spent several years as a senior researcher at IBM’s Internet Security Systems (ISS) X-Force and as a principal security architect for McAfee. 

During his time there he discovered ‘high-profile vulnerabilities in ubiquitous Internet software’ such as Microsoft Exchange, Internet Explorer, Mozilla Firefox, Adobe Flash, Checkpoint VPN.

Dowd had discovered the backdoor into the iPhone even before the FBI came calling through a Mozilla Firefox ‘that Apple used to permit accessories to be plugged into an iPhone’s lightning port’, the Washington Post reported.  

According to 2018 Vice article, Dowd is ‘cares who uses his company’s tools’, lest they fall into the wrong hands or be used for wrongdoing.

His company only deals with members of the so-called Five Eyes, a global intelligence sharing group made up of the United States, United Kingdom, Canada, Australia, and New Zealand, according to Vice.

Source: Read Full Article