12 April 2016, WP: FBI paid professional hackers one-time fee to crack San Bernardino iPhone
No links to foreign terrorists found on San Bernardino iPhone so far, officials say
By Ellen Nakashima and Adam Goldman
April 14, 2016
The FBI has found no links to foreign terrorists on the iPhone of a San Bernardino, Calif., terrorist but is still hoping that an ongoing analysis could advance its investigation into the mass shooting in December, U.S. law enforcement officials said.
For instance, geolocation data found on the phone might yet yield clues into the movements of the shooters in the days and weeks before the attack, officials said. The bureau is also trying to figure out what the shooters did in an 18-minute period following the shooting.
Investigators knew all along that finding important clues on the phone, which was a work phone owned by San Bernardino County, was a long shot, officials said, but they wanted to make sure their inquiry was thorough.
"For the FBI to competently investigate a mass murder that happened in the United States, we believed we had to use all lawful tools to find out whether there was evidence on that phone that either shed more light on what these two killers had done," FBI Director James B. Comey said at Ohio's Kenyon College last week.
Last month, a third party -- professional hackers who hunt software flaws to sell [1] -- demonstrated to the bureau a method for unlocking the Apple iPhone of Syed Rizwan Farook, one of the shooters in the attack that killed 14 people.
The method proved successful, officials said, but it has not so far turned up anything that sheds new light on the motive of Farook and his wife, Tashfeen Malik, or whether they were plotting other attacks or had other associates. The couple were killed in a shootout with police after the attack on a county facility in San Bernardino.
The lack of significant information on Farook's phone was first reported [2] by CBS News.
The phone was one of three recovered by the bureau. Two were damaged beyond repair, and the third, Farook's iPhone 5C running an iOS 9 operating system, was locked with a personal identification number that Apple could not bypass or unlock. The phone also had security features, including one that would delete all the data on the phone if more than 10 incorrect guesses at the PIN are made. Another feature imposed delays of increasing duration between guesses.
In particular, the bureau wanted to know if there was data on the phone that was not backed up in Apple's servers. Farook had stopped backing up the phone to those servers in October, six weeks before the attack.
The bureau has not commented on the identity of the individuals who helped the U.S. government crack Farook's phone.
"The people we bought this from -- I know a fair amount about them, and I have a high degree of confidence that they are very good at protecting" the solution, Comey said.
The FBI's analysis of the phone's data so far is consistent with Comey's statement in December that the bureau had not uncovered any ties between the shooters and foreign terrorist organizations.
One cellphone forensics expert said that if the bureau hasn't found anything significant by now, it is unlikely to find anything highly useful at this point. "It's not an archeological dig," Jonathan Zdziarksi said. "It's more of an Easter egg hunt."
Last week, FBI General Counsel James A. Baker was asked at a privacy conference whether the data found on the phone was "worth the fight" over unlocking the phone that the government and Apple engaged in. That fight ended when the third party came forward.
"It was worth the fight to make sure that we have turned over every rock that we can with respect to the investigation," Baker said. "We owe it to the victims and the families to make sure that we have pursued every logical lead."
[2] http://www.cbsnews.com/news/source-nothing-significant-found-on-san-bernardino-iphone/