Report on analysis ...
 
Notifications
Clear all

Report on analysis of Jeff Bezos' iPhone

13 Posts
6 Users
0 Likes
1,026 Views
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
Topic starter
 

Maybe interesting, maybe not

https://assets.documentcloud.org/documents/6668313/FTI-Report-into-Jeff-Bezos-Phone-Hack.pdf

From what I can understand, once removed the totally irrelevant trivia (I am pretty sure that normally no forensic report includes stills of security cams of the investigators room 😯 not - as a mean of proving *anything* a comparison graph with usage from 5 random iPhones trafic histories), and some technical mumble-jumble, results are far from being conclusive, and the "evidence" provided is fairly "thin".

The "woman resembling" seems to me like pure bullshit.

The second text message does seem a bit too much targeted to be a coincidence, still it is far from resembling a smoking gun.

jaclaz

 
Posted : 26/01/2020 4:08 pm
(@the_grinch)
Posts: 136
Estimable Member
 

Pretty clear this firm doesn't normally do mobile forensics. Had to purchase UFED4PC and Physical Analyzer for this case and used UFED4PC to extract an iPhone.

 
Posted : 26/01/2020 7:14 pm
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
Topic starter
 

Pretty clear this firm doesn't normally do mobile forensics. Had to purchase UFED4PC and Physical Analyzer for this case and used UFED4PC to extract an iPhone.

Yep, though it is to be understood if by "acquired" (the verb used in the report for those and other hardware) they meant "bought" (like "gone shopping for") or "procured" (like "taken from the lab warehouse") , and of course if it is the first case, a lot of questions come from that

1) maybe Jeff Bezos and his cyberintellgence team couldn't find (or could not afford wink or couldn't trust 😯 ) specialized mobile forensics investigators (possibly people sub-specialized on iPhones) already in possession of the appropriate tools[1] and already expert in their usage?

2) if these guys here actually bought UFED4PC and Physical Analyzer for this specific case, which kind of previous experience did they have in the digital forensics field related to phones and namely to iPhones?

3) or - seen from another angle - if they managed to learn how to use the above tools properly in a short time, how difficult can it be to become a professional digital forensic investigator? roll

jaclaz

[1] Which might not be UFED4PC and Physical Analyzer

 
Posted : 26/01/2020 7:47 pm
keydet89
(@keydet89)
Posts: 3568
Famed Member
 

One of the numerous things I found interesting about the report was the statement regarding the "second text" at the top of page 6.

In the early '00s, I worked in an FTE position at a telecommunications company, and there were some pretty big lay-offs on the horizon. HR staff in the building came to the security team and said that their computers had been "hacked", because word of the lay-offs was getting to the targeted staff *before* anything official was announced. The HR staff swore up and down that someone had hacked their computers.

We found out that what had *really* happened is that one of the HR staff had printed the lists, and left them sitting on the printer before they went to lunch. Apparently, someone found the printed documents, copied them, and put the originals back in the pile.

Just because Bezos didn't say anything to anyone doesn't mean that it was "non-public". After all

https://www.cnn.com/2020/01/24/tech/jeff-bezos-lauren-sanchez-text-messages/index.html

"US prosecutors have obtained evidence indicating that Jeff Bezos' girlfriend, Lauren Sanchez, sent her brother text messages that were later published in the National Enquirer in its story about their affair, according to the Wall Street Journal."

Michael Sanchez denies leaking the pictures, but still, Bezos's sharing of intimate pictures with his girlfriend didn't stay just between them.

 
Posted : 26/01/2020 9:01 pm
(@the_grinch)
Posts: 136
Estimable Member
 

My only thought is that this particular firm might be skilled when it comes to exploitation. So they don't do or know mobile forensics, but they do know how nation states go about exploiting devices/networks. All that said, I have to agree with keydet, the likely scenario is his girlfriend is at the center of it. Whether she knowingly or unknowingly provided the texts in question is what it comes down to. Easy enough for her to talk about seeing Bezo to her brother and him getting the texts from her device without her knowing.

 
Posted : 27/01/2020 12:03 am
(@bytesdigger)
Posts: 8
Active Member
 

Page 16

FTI assesses with medium to high confidence that Bezos's iPhone X was compromised via a WhatsApp video attachement that was sent from an account utilized by Saudi Crown Prince Mohamed bin Salman (MBS)

This is a bold statement, considering that the evidence is merely circumstantial (if that). Also a surface laptop would probably my last choice for a forensic station. Sounds like they bought the 1st shinny thing out of a store that runs Windows and decided to call that a forensic station.

 
Posted : 27/01/2020 2:31 am
(@armresl)
Posts: 1011
Noble Member
 

LOL ya think.

I've been preaching since I joined the site that no one is an expert in everything, yet people hang their shingle as such and until they are checked will continue to do so.

My only thought is that this particular firm might be skilled when it comes to exploitation. So they don't do or know mobile forensics, but they do know how nation states go about exploiting devices/networks. All that said, I have to agree with keydet, the likely scenario is his girlfriend is at the center of it. Whether she knowingly or unknowingly provided the texts in question is what it comes down to. Easy enough for her to talk about seeing Bezo to her brother and him getting the texts from her device without her knowing.

 
Posted : 27/01/2020 3:49 am
(@randomaccess)
Posts: 385
Reputable Member
 

Based on the wording and paragraph 5 it appears that they just bought everything new. Not that they didn't have access to them previously, just that the billionaire was happy to drop like $30k on equipment without blinking.

Also re acq with ufed 4pxc, doesn't cellebrite say you should get the same data as in an adv logical?

 
Posted : 27/01/2020 11:11 am
jaclaz
(@jaclaz)
Posts: 5133
Illustrious Member
Topic starter
 

Based on the wording and paragraph 5 it appears that they just bought everything new. Not that they didn't have access to them previously, just that the billionaire was happy to drop like $30k on equipment without blinking.

Well, besides personally being cheap, I would have preferred to use something that was already tested and proved working on more than a few cases.

How could they validate the tools if new and not previously used and tested?

Hey, wait idea , we found the first ever case where compulsory ISO 172025 doesn't sound like the bad idea it is. wink

jaclaz

 
Posted : 27/01/2020 11:59 am
(@randomaccess)
Posts: 385
Reputable Member
 

Well they had various other iPhones so they easily could have validated it against one of those before they performed the extraction on bezos' phone.
The report doesn't cover it so it's just speculation either way.

30k for a guy that has 115.5 billion is a drop in the bucket
I'm more interested if he stopped using the phone as soon as he suspected something dodgy or did he keep using it. Considering they only has access to it for 2 days whilst they acquired it I'm guessing it was still in use (but hard to know).
Based on that, they probably wouldn't have been able to get a FFS acquisition because the JB required didn't come out until July I think.

I'd be interested to know if they recommended it to LE and what the response to that was.

 
Posted : 27/01/2020 6:51 pm
Page 1 / 2
Share: