F.B.I. Director Suggests Bill for iPhone Hacking Topped $1.3 Million

Hmm, now why would anybody want to discredit James Comey and the FBI? Maybe someone on the verge of being indicted.....

What kind of a government or even employer, issues a piece of hardware to employees, over which they have no control? It was an employer owned phone, and the employer simply should have maintained complete control of the phone, including the ability to wipe it or read its contents. There is software to do this. At one time it was exclusive to Blackberry but now I think it is not. Governments should maintain full control of the phones they give to employees for work-related use.

This payment just makes no sense at all.

The work they needed done required simply cloning the flash memory of the phone, then rapidly brute-force cracking the 4-digit code. Every time the phone auto-erases (after ten failed tries), they automatically re-write their copy of the flash, and try the next ten combinations. There are only 10,000 combinations, so doing this 1,000 times would have cracked it, in an almost entirely automated process.

Total equipment cost maybe fifteen thousand dollars, time cost for one reasonably competent hacker, maybe a weekend? Pay any of half a dozen people I personally know here in the bay area a couple of grand and they would have done it.

Alternatively, they could have just used the dead terrorist's actual thumb (attached or detached from his body) and unlocked it even more easily.

I've read the comments here and on other websites. No one has mentioned how similar this is to actually negotiating with terrorists or paying ransom for hostages. Bounties are now technologically legitimized. How does this make us safer or more secure? I also wish it was mentioned more often that this was a County-issued phone that was given to employees without security safeguards enabled. They "hadn't gotten around to that" yet. That crucial and preventable lapse by authorities is not "common knowledge."

To think that the FBI couldn't hack this phone or at least asked another Government agency to take care of it is RIDICULOUS. The FBI budget is 8 billion dollars - for what? The FBI is trying to do something besides get into a phone - can't quite figure out what it is - hey - maybe they don't know what it is? Before any of this tragedy occurred - them and Homeland Security could have looked at Facebook for God sakes and figured out what was coming next. At every corner - Comey and the gang want to get more of our records, more of our internet traffic, more inside our phones when in fact they wouldn't know what to do with an invasion of Privacy on a MASSIVE SCALE like that. Every time this guy speaks - I think more and more that the FBI needs to be retired.

So, it seems simple enough to me: Apple works secretly (and gets paid by the FBI) to break their own encryption codes. After all, the codes were not designed to be decrypted.

In the public eye, the FBI saves face that they did not force Apple to hand over the code, and Apple saves face that they did not hand it over. And, in fact, they did not. They just worked secretly with the FBI to decrypt it.

The iphone kerfuffle distracts from the more important lesson of the terrorism incident, which is the all too easy access to automatic weaponry in this country.

They should've given it to my 12-year-old daughter. She would have hacked it for nothing.

"which would have destroyed the data inside after 10 failed password attempts"

It drives me nuts to see "The Paper of Record" make this mistake along with the rest of the press. It was not clear whether or not the erase after 10 feature was enabled, so the only proper way to state this is "which COULD have destroyed the data after 10 failed password attempts IF IT WAS ENABLED."

Normal price $1000, government price $1.3 million. Nothing out of the ordinary here...

The money was paid by the American taxpayer - not the FBI.

The FBI continues to play fast and lose with the facts. Data can be recovered from the NAND memory in a iPhone, even after it's been "erased. Last year scientists and engineers at the University of California published a research paper documenting how they were able to reliably recover data from NAND in multiple phones that had been erased using the standard DoD 5220.22-M protocol.

The percentage of NAND data recovered was higher than for hard drive DoD 5220.22-M erasure ( >90%). The DOD and DOE both continue to use physical memory destruction (metal shredders) of critical storage, because software erasure is not that effective.

Their continued cheap theatrics, "we're helpless!", is one reason they can't recruit technical talent. Who would choose to work for an organization that was 100% clueless, or 100% lying, or both.

Let me get this straight, the FBI was going to compel Apple to unlock it for FREE with a court order but was willing to PAY more than a million to a hacker to do it? And why didn't the FBI just order the hacker to unlock it with a court order? This was supposedly national security.

How much was that loosing battle to force Apple to comply with a legal search warrant costing us? It was a lot and it only served as free advertising for Apple's appeal to the non conformist in their loyal minions. It was a bargain not to by Apple's pawn.

"They" didn't pay $1.3-million -- WE paid it... and for NOTHING.

It seems to me that the value of the exercise depends on what's been learned from the conversations uncovered on the phone. I for one would be interested in learning if others were involved in planning the attack or just the husband-wife couple?

Depending on the current bitcoin exchange rate.

The hacking might well have been undertaken by Apple itself under a secrecy agreement. That ended the legal dispute without sacrifice of its position.

So did the FBI sole source or put it out for bids?

Get Apple to pay!

The legal fees to keep fighting with Apple would be AT LEAST twice that. Probably much more.

It wasn't a $1.3 million dollar fishing expedition - the FBI now knows how to do this for everyone's iPhones. That's actually pretty cheap.

The entire issue of the locked phone came about because prior to iOS 8, Apple could extract the requested data from a locked phone without actually unlocking it because the data wasn't actually encrypted. With iOS 8, the data at issue was now also encrypted and not accessible to Apple. Apple can't just unlock the phone - they would have to write an entirely new version of iOS leaving a "backdoor" for access. The government cannot force a private company to write software the way they want, let alone forcing a private company to write software that deliberately leaves users vulnerable to hacking.

Given that the US government has already proved abysmal at protecting information, no "backdoor" access could ever be deemed secured.

Aside from that, most smartphone running business applications (ie business emails) are now run through Mobile Device Management, regardless of who owns the phone. Whether the MDM permits access to personal data depends on the terms of the MDM, and not all MDM applications are under the control of Apple. If this had happened now, the phone at issue would have been under MDM by San Bernadino County (the owner of the phone at issue) and they would likely have been able to access the phone.

Will colleges soon offer courses in hacking? Hacking 101 will be economically feasible in which to enroll!!!

Brings a new definition to the word 'out sourcing'. All it tells us is that anything can be hacked, for a price. The hacking provides a shield from law enforcement, given they can tell the court to have the law enforcement agency to go get their 'hacker'. Seems Apple has now invented the 'go get a hacker' defense.

It is a symptom of the times when an organization is ready to defy the law – a Constitutionally correct court order – to maintain its image and increase its profits. A companion article in today’s NYT points out that China – now Apple’s fastest growing market – would not permit such behavior: “Chinese lawyers have pointed out that the country’s antiterrorism law requires companies to help with decryption when the police or state security agents demand it for investigating or preventing terrorist acts.” Of course, China defines many more activities that we consider ordinary crimes to be “terrorist acts.”

There are literally hundreds of locked iPhones in the possession of US authorities for which courts have ordered access. The FBI has paid for this phone to be unlocked; now that they’ve proven it can be done, the remaining cases will be pursued in court, and Apple will lose; the phones will be unlocked.

Tim Cook made this case a cause célèbre – why? Quiet cooperation was the obvious route; indeed, this is not the first device Apple has been asked to unlock, and has done so before. Did he really believe Apple’s commercial success put it above US law? Trying to defy the Chinese when they come calling won’t work. I expect, though, the Chinese will ask quietly and, to protect that market, Apple will cooperate quietly. It’s still, always, about the money.

Your headline reads "$1.3 Milllion" like that's a lot of dough. A rounding error.

Moreover, the FBI got results. Can't say the same for the mega billions paid the Obamacare consultants for software development. A friend of Michelle. A Canadian - not US - company.

It failed miserably. They had to pay a fortune in workarounds to Silicon Valley.

Unless there was some very specific information that was not publicly known that led the FBI to expect a big pay off from the data on the phone, this is outrageous. From everything I gleaned about this case in the news, San Bernardino seemed very much an isolated case and nothing that would lead to any significant information about a vast terrorist cell or coordinated effort. When are we going to start realizing that not all terrorists are the same? Had this been a phone related to something like the highly coordinated Paris attacks, it would be more understandable.

But it seems like slightest reference to terrorism makes both law enforcement and the public loose all sense of proportion. Seems like any effort of thinking in terms of a cost/benefit analysis, like how much effort and money to spend vs how useful or significant the information gained is likely to be, goes out the window. Had this couple been significant ISIS operatives, they would have left a digital footprint bigger than just an iPhone. How cracking this one device became such a holy grail is beyond me.

Meanwhile other areas of law enforcement that have a more direct impact in the daily lives of a much larger number of Americans are woefully underfunded.

The FBI should not be paying cyber-criminals.

And pursuing the matter in a court of law would have cost??

If the FBI is paying millions for this kind of information, the tax paying public has a right to know a few things:
1) Who profited from this exchange?
2) Exactly how much tax payer money was spent on this?
3) Do they intend to share the zero-day flaw with Apple so that it can be patched? If not then, in my opinion, the FBI is colluding with criminals and openly admitting the criminals have better capabilities than the FBI does.
3) What if any useful information was gleaned from gaining access to this device? Was it really worth it? I do not accept an answer in the form of "well we now know they did not do X, Y or Z", because we do not know that any more now than we did before the device was accessed.
I have a great deal of concern about law enforcement officials doing business with what essentially appear to be technologically proficient criminals.

The cost should be charged to Apple who thinks it's marketing is more important than preventing terrorist attacks.

The refusal of the FBI to disclose what if anything they actually learned from that iPhone and their failure to bring new charages against any alleged co-conspirators imply that they learned nothing. The incident seems to have been driven entirely by the unwarranted belief that somehow the San Bernadino attack was sponsored by sinister foreign interests rather than by homegrown US religious fanatics.

What a monumental waste of money. There's no way the information gained from the phone is of any real value, especially this long after the attack.
The only way that this can be of value to the F.B.I. is for future use digging into the privacy of Americans.
I certainly don't feel safer.

It would be interesting to know how much Apple spent on lawyers to fight helping the FBI get at the information in the phone. I am pretty sure it was more than the FBI spent to get the information, but I am equally sure it was not as much as 7 years of Tim Cooks compensation package.

The FBI paid $1.3 million to discover that the iPhone 5c contained no relevant data. It was a search conducted without any prior knowledge or expectation of finding anything. It didn't make sense from the outset that the terrorist would have used his government-owned phone to "manage" a terrorist network. He had a private phone and burner phones at his disposal.

The FBI's only interest in that particular iPhone was its connection to a high-profile terrorist case. FBI chief Comey thought the terrorism link would provide a pretext for the courts to force Apple to reveal (or create) a back door into iOS for the FBI -- which it could subsequently use for hacking into the iPhones of other suspects, without any court order.

Now that Mr. Comedy has spent $1.3 million on a fishing expedition, it is time for him to retire to the private sector. Neither his words nor his judgment are reliable.

Does anyone really believe they had so much trouble getting into an iPhone? I mean they do know about Edward Snowden and what he leaked. This is such a charade.

Send the bill to Apple. Oh wait they don't pay any US taxes.

And they found nothing in the phone? Don't you see that our country cannot afford such extravagant expenditures any more? Please use some common sense before using taxpayer's money. Very concerning.

Why would the FBI spend $1.3 million to open a single iPhone when numerous knowledgeable people have said that the NSA has the ability to hacking into an iPhone?

Several thoughts.
A. The Director's salary is not that much. For his responsibility he should be paid at least as much as the Chairman of JP Morgan. His job saves more of our sorry bottoms than JPM ever has or ever will.
B. Now we can all understand the revolving door -- government/industry/government/industry -- you get the picture.
C. It is money more than well spent. Now if only someone could sue Apple for recovery. It was their product that had the potential to shield terrorists.
D. I do wonder what was found.

Money well spent.

The actual price - whatever-it-was - should be assessed by the court to Apple, or consider in the alternative, whether the "outside source" was Apple? Which would have been a very wise PR/Marketing move considering all of the negative publicity the matter had generated within the public domain...

...and if Apple thought that it was in it's best business interest, the cost would be $10 million. Apple is a cut throat business enterprise. I don't give Apple any credit other that this subject allowed them to be thought of as noble. A convenient fact for them.

What in the world is the necessity of making this payment public knowledge? I am continually amazed at how the government chooses to play out every detail, whether security sensitive or not, on the front pages of the newspapers for everyone, friend and foe, to read.

They'll never release it, but I'd sure like to see what they read that they considered worth $1.3 million.

What surprised me was not the cost, but why the FBI did not pro-actively know how to hack the phone before the San Bernardino attack. The use of this and similar technology by terrorists and those wishing to cause us harm should be assumed. Our national security apparatus should not be mired in reactive mode.