Local Police Contract the Same Hacking Firms as the FBI

C. Aliens

Local Police Contract the Same Hacking Firms as the FBI

As part of an ongoing investigation into law enforcement’s forensic procedures regarding cellphones, Muckrock filed Freedom of Information Requests with several police Departments in the US. The organization wanted information related to utilization logs, guidelines, policy, and even payment contracts. They requested the payment information from commercial hacking companies like Cellebrite and Susteen. And recently, some of the information yielded the data they wanted.

The data came from Tulsa Police Department and Tucson Police Department, and Mesa Police Department. Only the latter provided guidelines for internal policies surrounding the situations where the tools can be used. The guidelines, Muckrock discovered, basically allowed phone hacking in virtually any crime.

Mesa Police Departments allow this type of forensic examination in the following situations:

• Homicide
• Sexual Assault
• Child Crimes
• Aggravated Assault and/or Robbery
• Property Crimes
• All other felonies
• All misdemeanors

All three Police Departments revealed the contracts with companies from which they purchased hacking software or tools from. Tucson mainly used equipment from the notorious hacking firm from Israel, Cellebrite. Mesa also used Cellebrite. And Tulsa used several, but most recently renewed contracts with Susteen and Oxygen Forensics.

All three companies offer very similar products. And we know about some of the tools from Cellebrite as a result of the uproar that followed the battle between the FBI and Apple. However, then we only looked into the connection between federal agencies and Cellebrite.

“[Not only the FBI rely on] Cellebrite for getting into mobile devices. According to the Intercept, the Israeli company has contracts with the US Drug Enforcement Administration, the Secret Service, and the Department of Homeland Security. Branches of the US military use Cellebrite’s researchers and tools to extract data from phones taken from suspected terrorists. State and local law enforcement agencies across the US have contracts with Cellebrite.”

Basically every law enforcement agency in the US has a contract with the firm. They are understandably one of the most well-known. For the sake of brevity, I will use a paragraph of a report from the NLETC NIJ on the efficacy of Cellebrite’s UFED. “UFED extracts vital data such as phonebook, camera pictures, videos, audio, text messages (SMS), call logs, ESN IMEI, ICCID and IMSI information,” the report explained. Additionally, the software allows SIM cloning and data can be extracted from the SIM and the phone itself via physical connection, Bluetooth, offer infrared.

What one writer, Cory Doctorow, found interesting was the sheer number of cases where these police departments extracted data from mobile devices. And particularly the amount of data collected from hacking software that was often partially ripped from publicly available tools (such as jailbreaking software for iPhones).

And, on top of that—using Cellebrite as an example, again—this data came from tools potentially leaking data to the public or leaving data vulnerable to hackers. Such as an incident in January 2017 where a hacker obtained 900GB of data from Cellebrite’s servers. And then leaked all of it in February.

Tucson Police Department used their hacking tools 316 times throughout the last 12-months. Tulsa used their software 783 times. For Tulsa, that means the police department either extracted the entire file system; performed a physical extraction; performed a logical extraction; pulled device images; or removed a user password (or phone decryption through a software backup). They provided sample sheets of whether or not the phone was searched with a warrant or simply with consent from the owner.

But given the software’s incredibly invasive nature, as Muckrock pointed out, even those who consented may have had no idea what kind of search was being performed. Oxygen’s software, for instance, is advertised for its in-depth social mapping of a phone’s stored contacts. (Visually very similar to any of the three Maltego clients). The information is borderline invasive into potentially innocent contacts; and all of those device searches did not take place during a RICO investigation.

Ultimately, the documents showed that law enforcement has no trouble lifting and decrypting entire images from virtually any phone on or off the market. And as the documents from Mesa PD revealed, they can use the UFED in almost any crime, including potentially harmless misdemeanors where a phone search is not essential or even relevant. As we move into an era where law enforcement searches every device within Bluetooth range, the fallout from an event similar to the Cellebrite hack now carries a massive and ever-increasing threat to the public.