Transcription

The FBI claims they've hacked the failed Trump assassin's phone, but how? Also in your hacking news roundup, AT&T suffers a historic breach, and Apple bans VPN apps in Russia. But first, the Feds have put out a statement, FBI technical specialists successfully gained access to Thomas Matthew Crooks' phone, but how? The hacking methods at the FBI's disposal totally depend on which model of phone the assassin had, and thanks to pictures leaked to the press, we have some clues. The photo is really low-res, but if we do some enhancing, it's clearly some kind of android. Looks like we have three cameras on the back, a flash, and the brand name at the bottom. My money's on some kind of Samsung, and I could be totally wrong, but perhaps the A25? Let's assume the phone was locked with fingerprint recognition. Could the Feds, after they finally got up onto that roof, just have touched his finger to the reader in order to unlock it? There are reported cases of law enforcement exploiting a corpse's finger to unlock a phone, but this is only possible soon after a person dies, because fingerprint scanners rely on the electric charge running through your body, and once that's gone, then you're just out of luck. As for facial recognition, the guy's face looked a little rearranged from the photos floating around on X, so I'm not sure that was much of an option. In fact, we know the FBI's methods were a little more technical, because according to The Verge, field agents in Pennsylvania had tried and failed to break into his phone, so the device was sent to the FBI lab in Quantico, Virginia. There, it's been leaked to the media that the phone was unlocked with tech from Celebrite. Celebrite is an Israeli forensics company which makes these things, a hardware and software package which, simply put, can break into and unlock many modern phones. This all relies on vulnerabilities in iPhones and Android devices, which Celebrite keeps secret. Even the capabilities of these tools is totally unknown, or at least it was until a couple of days ago when Celebrite's list of supported devices was leaked. So how this works is that the data that can be extracted from an Android phone depends on whether it's hot or cold. A cold device is a device that's just been rebooted, user data is totally inaccessible until you enter your passcode, at which point a decryption key is loaded into memory and the phone becomes hot. The phone is still considered hot even if it's locked again, because that key is still stored in memory. In this state, it's easy to extract data. This column shows that for the latest Samsung phones, the FEDs can exfiltrate everything. This applies to pretty much all the newest Android phones, though there are some devices which for whatever reason this isn't possible. However it's a slightly different story if the phone is in a cold state, as in it's only just been rebooted. In this state the phone has to be brute forced, but this is possible for pretty much most of the newest Android phones, including the phone of the assassin. We don't know how the brute forcing works on a technical level, Celebrite is known for their secrecy, and even tells the FEDs in training material to keep their methods, and I quote, hush hush. So what did hacking the assassin's phone reveal? Well according to media reports, which don't cite their sources, but I mean it's all we have to go on, not much apparently. But what I can reveal, is today's sponsor, Protonmail. What I love about Proton is that it's not just a privacy focused mail service, it's a privacy focused ecosystem, which makes de-googlifying your life easy. On the privacy end, Proton is protected by strict Swiss privacy laws, which means there's certainly no warrantless mass surveillance. What really stands out though is Protonmail's privacy section on the app store, they don't collect any of your personal data. The Gmail app though is a different story, Google collects over 50 data points on you, we're talking location, contacts, photos, and a lot more. Google simply lives and breathes on monetising your personal data, Proton doesn't, so they simply have no incentive to track the hell out of you. However what stopped me from switching to Proton for a good while, was that I thought I'd be compromising on functionality in some way, surely privacy comes at some kind of a cost. But no, Proton's cloud storage and calendar services fully integrate into mail, and switching to Protonmail is surprisingly easy. Their easy switch tool imports your calendars and contacts from whatever service you already use, but importantly it also imports your actual emails, so you don't have to give up on that all important email history. And best of all, Protonmail has a free tier so you can easily try it out, but their Proton Unlimited plan which comes in at just $10 a month, supports multiple email addresses, custom domains, and gives you access to their whole suite of services including a VPN, 500 gigabytes of cloud storage, and their password manager. The value here is simply unreal, I recommend this plan to everyone, family, friends, just everyone. Big thanks to Proton for sponsoring this video and make sure you go check them out using the link in the video description. AT&T has just suffered a truly historic breach. A hacker has stolen the database of the call and SMS records of nearly all of AT&T's customers. This even includes smaller MVNO carriers which use AT&T's network. In total this affects more than 100 million people. The records in the database span from May 2022 to October 2022, so if you were an AT&T customer during that time, or if you so much as sent a text message to someone who was, then chances are you're in here. In the company's own words, these records identify other phone numbers that an AT&T wireless number interacted with during this time, and for a subset of the records, one or more cell site ID numbers associated with the interactions are also included. These cell site IDs correspond to specific base stations, which could actually be used to unmask your real location. To be clear, the database contains AT&T customer phone numbers, and a list of other phone numbers they either called or texted, and just how many times. The actual content of phone calls and text messages aren't included, there's also no timestamps attached or personal information like your name or email address, but that doesn't mean there aren't major privacy implications here. The real danger comes when this dataset is combined with other breaches. I refer you to the Facebook data dump of 2021 which leaked the phone numbers of half a billion people along with a bunch of their personal data. Using breaches like this, cyber bad guys can uncover exactly who each person in the AT&T database is, and figure out exactly who they're talking to, and then exploit their information in all kinds of nefarious ways, like in personalised phishing scams. But how could a breach of this scale even happen? Surely a database of such proportions would have the highest level of security and authentication, right? Wrong. The database was apparently protected by a single username and password, no multi-factor authentication in sight. In fact this breach is part of the recent string of breaches affecting snowflake customers. Snowflake is a cloud storage platform hosting the data of many large companies, but when cyber criminals realised that many of these high profile accounts were protected by nothing more than a simple username and password combo that in some cases hadn't been changed for years, they went to town, using infostealer malware to scoop up credentials before just logging in and exfiltrating data. The playbook really was that simple. In the case of AT&T, the hacker is allegedly a member of the infamous group shiny hunters. They demanded a one million dollar ransom from AT&T, but reportedly settled for just $370,000. Why it is reporting that in return the hacker provided AT&T a video proving that they deleted the data, how a video of someone just right clicking and hitting delete proves anything is beyond me. But anyway, this breach originally happened in April this year, but the department of justice gave AT&T a couple extensions in terms of their reporting requirements which is why we're only just hearing about it now. AT&T mentioned in their SEC filing that someone has already been arrested for the hack. There's not much concrete information around this, but one John Binns was recently arrested in Turkey in connection with a T-Mobile breach from 2021. This same guy is apparently behind this latest AT&T breach. But FYI this is all according to anonymous sources, so take it with a pinch of salt. Apple has removed dozens of VPN apps from the Russian app store at the request of the Russian government. This affects 25 apps including popular VPNs like NordVPN, Proton and PIA. Almost overnight those users were met with errors that their favourite VPN app is no longer available in their country or region, which is especially annoying since Russia is one of those countries where having a VPN is actually kind of useful. App developers received emails from Apple explaining that their app was being deleted on the orders of the Roskomnadzor, the Russian government agency in charge of regulating telecommunications. However, the fact that Putin doesn't like VPNs isn't really news. In 2017 Russia passed a bill which effectively banned proxies, Tor and VPNs, however they haven't done a very good job of actually implementing that law. Over the past few years Russia has been relying on technological methods like deep packet inspection which detects and blocks VPN traffic in real time. But that hasn't worked out very well because unlike a country like China which implements restrictions centrally on a country wide level, Russia just doesn't have that level of infrastructure so they rely on each individual ISP to do the dirty work for them, which doesn't work quite as well because different ISPs implement blocks differently leading to really inconsistent enforcement, which might be one reason why Russia has said screw it and just turned to Apple to ban VPN apps en masse. VPN developers as you can imagine are not very happy, with some blaming Apple for this. RedShield VPN says Apple's actions, motivated by a desire to retain revenue from the Russian market, actively support an authoritarian regime. The fact that a corporation with a capitalisation larger than Russia's GDP helps support authoritarianism says a lot about the moral principles of that corporation. But does Apple realistically have a choice here? I mean companies simply have to obey the laws of the countries they operate in, whether that's in the US, Europe or Russia. Well maybe they do have a choice, Russia recently ordered Mozilla to ban certain Firefox addons they didn't like, and after initially complying with the ban, Mozilla went back on that and lifted the ban just a few days later, and for now at least, the Roskomnadzor hasn't done anything about it. Also it should be mentioned that Apple is about to allow sideloading of apps in the EU, if Apple really cares about censorship, maybe they could voluntarily extend that coverage to Russia. As always thanks for watching and I'll see you in the next video have a good one.