Published: Fri, January 13, 2017
Business | By Max Garcia

Phone hacking firm Cellebrite gets hacked, 900 GB of user data stolen

Cellebrite, an Israeli firm that supplies "forensics tools" to agencies around the world, including United States law enforcement, appears to have suffered a serious hack.

In a Thursday statement, Cellebrite confirmed it recently experienced "unauthorized access to an external web server", tacitly verifying a report from Motherboard that 900 GB of data from the company's servers had been compromised and handed over to the news site.

But, the leaked data obtained by Motherboard along with the information cited by the Intercept and several other sources yet again confirm that the company may not be the 21st century's knight in the shining armor that it touts itself to be. The cache includes customer information, databases, and a vast amount of technical data regarding Cellebrite's products. In an article, Cox wrote that the trove contained messages from authorities in Russia, Turkey and the Arab Gulf. Cellebrite has received more than $2 million in purchase orders from the F.B.I. over the past four years.

After being notified of the breach, Cellebrite acknowledged in a statement that the company had experienced "unauthorized access to an external web server", and said it is now investigating how the security breach took place and the extent of the damage.

Cellebrite was founded in 1999 and is headquartered in Petah Tiqva in Israel and specialises in mobile lifecycle and mobile forensics.

It added that it did not believe there was any risk to customers as a result of this incident but customers were advised to change their passwords.

The statement continued: "The impacted server included a legacy database backup of my.Cellebrite, the company's end user license management system". The firm makes devices that allow law enforcement to extract and decode data such as contacts, pictures and text messages from more than 15,000 kinds of smartphones and other mobile devices. "The company had previously migrated to a new user accounts system", it said. It is now in the process of notifying affected customers and is in talks with the relevant authorities over the breach, according to a company statement on Thursday.

Cellebrite, the Israeli company that shot into the limelight after it successfully broke into the iPhone belonging to one of the San Bernardino terrorists, is in the news again.

Cellebrite was allegedly used its digital forensic expertise to help the Federal Bureau of Investigation with their San Bernardino shooting case. On its website, Cellebrite claims to serve over 15,000 law enforcement and military users. But its involvement in the San Bernardino case was never proven.

Like this: