back to article FBI boss: We paid at least $1.2m to crack the San Bernardino iPhone

FBI director James Comey today suggested the Feds paid security experts over a million dollars to crack a San Bernardino killer's iPhone. While speaking at the Aspen Security Forum in the UK, Comey was asked how much his agents paid hackers to break into Syed Farook's iPhone 5C. "More than I will make in the remainder of this …

  1. x 7

    anyone know his phone number?

    1. Rich 11

      If you dial any international number and mention his name often enough, he'll get to hear about it.

      1. Danny 14

        nothing to see here citizen.

        Move along. Move along.

    2. aqk
      Pirate

      iPhone, schmiPhone. A .50 cal is all he needs.

      Or more appropriately, an M16.

      OK, - no phone number... unless he has posted one at http://www.bealibertarian.com/

      This should really help his November candidacy.

  2. Mitoo Bobsworth

    Please lose this - loser!

    "More than I will make in the remainder of this job, which is seven years and four months, for sure,"

    Nothing is for sure, pal. (Crosses fingers, wishes REALLY hard.)

    1. 404
      Black Helicopters

      Re: Please lose this - loser!

      oh please God, not the guy from 'You're Fired'...

    2. Anonymous Coward
      Anonymous Coward

      Re: Please lose this - loser!

      Yes. he's truly a loser, the Italian head cop coughs up something around €600,000/y, and being Italy is one of the most crime-friendly countries around, your job is also pretty easier. And when your job is over, you can also end up in a job like Finmeccanica's president...

      1. Anonymous Coward
        Anonymous Coward

        Re: Please lose this - loser!

        I'd want more than 600k to be the figurehead of Italy's police.

        1. Anonymous Coward
          Anonymous Coward

          Re: Please lose this - loser!

          I'd want more than 600k to be the figurehead of Italy's police.

          I'd be quite OK with that..

          1. Danny 14

            Re: Please lose this - loser!

            officially it is only 100k, the rest are from bribes of course.

    3. HashimFromSheffield

      Re: Please lose this - loser!

      Congratulations. Dismissed just over a year later.

  3. a_yank_lurker

    So who is the golfing buddy?

    The aroma of this makes overripe sewage smell look roses.

  4. Anonymous Coward
    Anonymous Coward

    This points to use of some pretty specialized equipment

    No way is a simple 0 day exploit that anyone could find going to cost $1 million, but if you have such an exploit that also requires disassembly of the phone, decapping the SoC or something like that I could see that sort of price tag. Also explains what they meant when they said it would only work on this particular phone - either the exploit is specific to the 5c (and maybe 5, which is basically the same hardware) or they meant it was a one off that was done specifically to this phone and it isn't something they could easily repeat for another.

    1. A Non e-mouse Silver badge

      Re: This points to use of some pretty specialized equipment

      Or the FBI were so desperate to get into the phone, they paid the silly amount of money the hacker asked for.

      Supply & demand...

  5. John H Woods Silver badge

    This is all good, but ...

    ... " That's why we have to continue to talk about this [the encryption debate]."

    No. This has resolved the whole thing --- you can't stop people using strong encryption; you can't legislate to ensure that vendors compromise cryptosystems on your behalf; but governments can use serious tech and clever people to break into *specific* devices of interest. This is exactly as it should be: just a shame that his statement hints at wanting to change this ...

    1. Tom Chiverton 1
      Meh

      Re: This is all good, but ...

      " you can't stop people using strong encryption; you can't legislate to ensure that vendors compromise cryptosystems"

      The IPBill in the UK does exactly this. Might want to https://www.openrightsgroup.org/join/

  6. Anonymous Coward
    Anonymous Coward

    We paid $1.2m to ask Siri to access the contacts list. And Siri said, for that amount of money, yes!

    1. far2much4me

      No, we paid the Department of Justice lawyers $1.1m to sue Apple. Then $100 to hack the phone. The rest went for donuts and t-shirts.

  7. JC-Reg

    "It was in my view worth it" ... 1.2 million to discover nothing of any use.

    I seriously doubt the American taxpayer would agree with that statement.

    1. a_yank_lurker

      Re: "It was in my view worth it" ... 1.2 million to discover nothing of any use.

      Anyone with a marginally functional brain knew that there would be nothing of value on the phone. This taxpayer wants the criminals in the DO(In)J tried, convicted, and executed for treason and fraud.

      1. Anonymous Coward
        Anonymous Coward

        Re: "It was in my view worth it" ... 1.2 million to discover nothing of any use.

        Maybe, but in an investigation you can't really left anything behind. You can't really know until you prove it. Many investigations went bad because someone gave something for already known, and it wasn't.

        1. Pascal Monett Silver badge

          The guy is dead. Whatever he did and whoever he contacted are known elements. What he said to those contacts is probably known as well. Given the care he demonstrated in disposing of his private equipment, it was a million-to-one that he'd be stupid enough to leave anything on the work phone - and now we know he wasn't.

          If it had cost $10,000, then fine, I would agree and say go ahead, crack it. If the guy was alive, definitely crack it whatever the cost. But over a million bucks down the drain to crack a dead guy's phone that is virtually guaranteed to not have any info ? That is waste, pure and simple.

          1. Danny 14

            the real reason was to force apples hand. They needed to save face when that didn't work out for them.

  8. chris 17 Silver badge
    Joke

    Comey Bar Steward

  9. Gene Cash Silver badge

    So waitaminnit... the FBI paid hackers, the kind 'o blokes it usually slaps in jail, over a million bucks?

    1. FuzzyWuzzys

      Easy enough

      The old adage, "Keep friends close but enemies closer.". If you know where the bad guys are, you can lean on them when you want a "favour". Trawl the database of whom they hauled in recently, offer them $500k, dropped charges on current rap, promise to be a good boys/girls in future and a free t-shirt to crack the phone.

      1. goldcd

        I would hope the competent bad guys

        make a point of not being identified and caught.

  10. Alistair
    Windows

    TERROR FEAR NOW IN YOUR HOME!

    Give up your rights to let us protect you.

    Be afraid, very afraid.

    Because we say so.

    Because protecting you is so expensive, we need more money.

    1. Anonymous Coward
      Anonymous Coward

      Re: TERROR FEAR NOW IN YOUR HOME!

      Alternatively Dilbert had the other side last week -- CEO comment to underling "either we open up our customers data or we faciliate terrorism - come back when you've found out which one is more profitable"

  11. Herby

    Note to FBI...

    Watch the TV show 60 minutes. You might find out something and do it for far cheaper!

    See: here. Keeping up to date on the news might help as well.

    1. Anonymous Coward
      Anonymous Coward

      Re: Note to FBI...

      I think that's a man in the middle attack, you'd need to know or be able to find the phone number of an active target to make use of it. It doesn't give the info stored on an inactive phone.

      You might be able to get that kind of info on living terrorists by decrypting the contents of a dead terrorists iPhone of course....

  12. Anonymous Coward
    Anonymous Coward

    I don't ask the FBI to keep me safe - they are not up to the job anyway.

    I just ask that they do their real job: investigate law breakers so charges can be brought against them.

    If they can't do that - and it appears they're devoting less and less of their time to the task - lets just shut them down.

  13. Doctor Syntax Silver badge

    '"It was in my view worth it," he added. Of course, nothing useful was found on the iThing.'

    And we're not even told what was found that wasn't useful. So what evidence do we have, other than Comey's own statement, that the phone was broken at all?

    From his point of view, of course, it was worth it as a face-saving way to climb down from a position he thought he could win and then found he couldn't.

  14. Graham Marsden
    Coat

    Did someone try...

    ... 1... 2... 3.... 4...

    (Remind me to change the combination on my luggage!)

    1. Tessier-Ashpool

      Re: Did someone try...

      That's pretty relevant, actually. Some luggage locks – the TSA approved ones – are deliberately compromised so that 'the authorities' can easily break in unnoticed. He has this crazy dream that you can apply this mentality to strong encryption.

      1. This post has been deleted by its author

  15. Oengus

    Why do the work ourselves

    Yes, if we're able to go to a federal judge and make a showing of probable cause that you are a foreign terrorist, a spy or someone engaged in serious criminal activity and you're using that device to do that.

    So if we can't are too lazy to convince a federal judge to give us a warrant we'll just phone our mates in the NSA and get them to provide as much data as we want (related to the case or not) and our other mates in the FISC will ensure that no one can complain.

  16. Bob Dole (tm)
    FAIL

    I'd like to see a detailed receipt please

    The US Government is notorious for lumping unrelated things under a similar heading. $1.2m to hack the phone? Unlikely. Unless you consider the amount of money spent on the case, the salaries of the people that have been working on getting into the phone since they first acquired it, paper for the photocopier, overtime for being in court, etc, etc.

    It's kinda like the software package that DHS put together for $5.7b which couldn't even monitor email. Sure, a lot of money was spent but we, the people, have no idea what it was really spent on.

    1. That_Guy

      Re: I'd like to see a detailed receipt please

      The likely truth is that $1.2M was paid to access the phone, but the overall cost of the case was far higher.

      1. Anonymous Coward
        Black Helicopters

        Re: I'd like to see a detailed receipt please

        @Bob Dole

        Hey, the Area 51 officer's club wasn't going to get a new swimming pool all by itself, you know!!

  17. noj

    we'll believe you when you can PROVE you're telling the truth.

    "It's easy to paint the FBI or the FBI director as the enemy of privacy. I love privacy. I'm a huge fan of strong encryption."

    Q: How many lies can an FBI Director tell before he's censored?

    A: As many as he wants to.

    1. kain preacher

      Re: we'll believe you when you can PROVE you're telling the truth.

      More like till he tells the wrong lie about the wrong person.

  18. JeffyPoooh
    Pint

    "...we have a responsibility to keep people safe..."

    Ah, I found it. This is where it all went wrong.

    "...we have a responsibility to keep people safe..."

    There's no limit to the amount of daft-evil that could be unleashed from this starting point.

    "It's for your own protection...", he said, as he herded the last few citizens into their pens, and locked them in. "You'll be safe here. Good night." Then he turned, and walked away. Out into his very lonely and potentially dangerous freedom.

  19. Anonymous Coward
    Anonymous Coward

    If you're worried that your dam, pipeline -or indeed nuclear power station- will be attacked by hackers, you might try taking it off the fucking internet.

    Oh, it was a little fearmongering to get more budget. Carry on then...

  20. Anonymous Coward
    Anonymous Coward

    Fools and their money are easily parted

    So now there is an exploit for Apple phones, that can be used to gain access to the phone, and you funded it.

    And it will leaks, or be developed in parallel or be resold again and again to many countries.

    And all those businessmen and politicians who travel around with their phones, cannot trust the encryption on those phones. *You* found nothing. The perps were already dead and you can't prosecute corpses anyway. You did a "terrorists be afraid" political game to undermine encryption and our security, and you did it with public money.

    If you want to run for office with your ideas, then do so WITH YOUR OWN MONEY NOT FBI BUDGET.

  21. g e

    "there are really bad people in this world"

    And none too few of them in the USA with taxpayer-funded employment

  22. Bloakey1

    Not just for That Phone.

    Hmmm.

    i would like to point out that the primary driver in getting this technology / software was that phone but think of what fun they can have on phones of a similar ilk. This time next year it will transpire it cost 10 dollars per phone that they utilised it on.

  23. Anonymous Coward
    Anonymous Coward

    $1.2m

    Cheaper than lawyers.

  24. Tom 7

    We paid AT LEAST...

    I guess they dont know how much their cut comes to yet.

  25. Mike Moyle

    "We paid at least $1.2m to crack the San Bernardino iPhone."

    $12.95 for the crack, $1,199,987.05 for the lawyers.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like