When the U.S. government wanted to crack into a dead terrorist’s iPhone several years ago, they turned to a little-known cybersecurity startup in Australia to help them do it, a Washington Post investigation has revealed. Azimuth Security, located in Sydney, specializes in providing providing “best-of-breed technical services” to clients, according to its website.
Those services allowed the FBI to unlock the cell phone of Syed Rizwan Farook who, along with his wife Tashfeen Malik, shot and killed 14 people in Southern California during the so-called “San Bernardino terrorist attack” in 2015. At the time, the government naturally wanted to know if the couple had ties to foreign extremists groups, and the killer’s phone data was seen as a natural way to find out.
So, the government paid Azimuth some $900,000 to help them literally crack the case. The firm’s contract with the government was exposed by the Post on Wednesday and confirmed by additional reporting from Motherboard. The news solves a years-long mystery about the identity of the hackers, the likes of which has been a well-kept government secret until now.
Though based in Australia, Azimuth is actually owned by L3 Technologies, a large American defense contractor that offers a variety of defense and intelligence services to large federal agencies like the Pentagon and the Department of Homeland Security, among others.
According to the Post, it was one of the company’s former researchers, iOS cracking “specialist” David Wang, who helped develop a one-time exploit chain to break into Farook’s phone. Named “Condor,” the exploit was tested multiple times at FBI headquarters to ensure that it could safely intrude into the phone’s systems without damaging data. Later, the feds would use it to successfully break into the device, finding that, contrary to their suspicions, the couple had no ties to foreign terrorist networks. (Interestingly, Wang is now being sued by Apple in an ostensibly unrelated matter, according to the Post.)
The San Bernardino iPhone case sparked what became known as the new “Crypto War”—a battle between Apple and the federal government over encrypted technology. Prior to actually cracking the phone, the federal government essentially attempted to bully Apple into decrypting its own product—with the FBI suing the phone maker for access in 2016. The tech giant refused, and the lawsuit was subsequently dropped.
At the time, critics argued—and were later proven correct—that the feud wasn’t really about technical access to the phone. Instead, the feds were merely trying to set a legal precedent that would allow them to call on the private sector to decrypt products for them in the future or install backdoors in encrypted tech. Indeed, a 2018 Justice Department inspector general’s report showed that the FBI didn’t really try that hard to find other options before it toted out its lawsuit against Apple. It just wanted to compel the tech company to do its work for it.
Writing in 2018, the privacy-centered Electronic Frontier Foundation commented that:
“From the onset, we suspected that the FBI’s primary goal in its effort to access to an iPhone found in the wake of the December 2015 mass shootings in San Bernardino wasn’t simply to unlock the device at issue. Rather, we believed that the FBI’s intention with the litigation was to obtain legal precedent that it could compel Apple to sabotage its own security mechanisms.”
If anything, the new details about the case only verify the idea that the federal government already has more than enough tools to break into any device in the country, should it so choose. Indeed, as Azimuth’s existence proves, there’s a booming market devoted to selling that access to police. Giving the government an expanded legal authority to compel companies to backdoor their own products seems, well, kind of lazy, frankly. So long as they’re the top policing entity in the country, we might as well expect the FBI to do the police work themselves.