In-brief: Cellebrite, an Israeli firm that sells mobile phone forensic tools, was the victim of a hack that stole information on customers – many of them law enforcement agencies and governments.
An Israeli firm that helps law enforcement agencies and governments around the globe hack into cell phones, has had a huge trove of customer data stolen and leaked online, the company acknowledged on Thursday.
Cellebrite of Petah Tikvah, Israel, said that it experienced “unauthorized access to an external web server” resulting in the theft of a database used to manage customer software licenses. The announcement follows a report by the web site Motherboard that claims a 900 Gigabyte database containing information on Cellebrite customers was provided to its reporter by unknown parties.
Cellebrite said it is investigating the issue and notifying its customers.
The company makes and sells a number of devices that customers can use to siphon data from mobile phones including text messages, call logs, email and browsing history and more. The company and its security researchers were described by The Intercept as the “FBI’s go-to hackers for mobile forensics.”
The source of the hack is not known, though Motherboard said access to Cellebrite systems has been traded in underground hacker forums. According to Cellebrite, the stolen database was left exposed when Cellebrite migrated to a new “user accounts system.” Stolen information includes basic contact information of customers who registered for alerts or notifications about Cellebrite products as well as hashed passwords for users who have not yet migrated to the new user management system.
Cellebrite said that it is “not aware of any specific increased risk to customers as a result of this incident,” but advised customers to change their passwords as a precaution.
The hack bears similarities to the compromise of two other grey market hacking firms: Gamma Group, makers of the Fin Fisher surveillance technology, and the Italian firm Hacking Team in July, 2015. Both those hacks were the work of a hacker using the moniker “Phineas Fisher.” Both also involved the release of sensitive company data. In the case of Hacking Team, Phineas Fisher dumped 400 gigabytes of company data from internal emails and confidential company documents to the company’s source code. Subsequent examination of the data showed that Hacking Team sold its services to repressive regimes all over the world, including Russia, Morrocco, Sudan and Saudi Arabia.
Initial examination of the Cellebrite data suggests the same, with indications that Russia, Turkey and the United Arab Emirates did business with the firms, in addition to agencies of the U.S. government.
Support tickets that were part of the stolen database also provide insights into how the Cellebrite hardware and software was being used.
“I want to know how to extract Blackberry,” read one support message from the Bahraini Ministry of Interior police force, Motherboard reported.