Tag Archive for: Decided

Apple brass discussed disclosing 128-million iPhone hack, then decided not to


Apple brass discussed disclosing 128-million iPhone hack, then decided not to

Getty Images

In September 2015, Apple managers had a dilemma on their hands: should, or should they not, notify 128 million iPhone users of what remains the worst mass iOS compromise on record? Ultimately, all evidence shows, they chose to keep quiet.

The mass hack first came to light when researchers uncovered 40 malicious App Store apps, a number that mushroomed to 4,000 as more researchers poked around. The apps contained code that made iPhones and iPads part of a botnet that stole potentially sensitive user information.

128 million infected.

An email entered into court this week in Epic Games’ lawsuit against Apple shows that, on the afternoon of September 21, 2015, Apple managers had uncovered 2,500 malicious apps that had been downloaded a total of 203 million times by 128 million users, 18 million of whom were in the US.

“Joz, Tom and Christine—due to the large number of customers potentially affected, do we want to send an email to all of them?” App Store VP Matthew Fischer wrote, referring to Apple Senior Vice President of Worldwide Marketing Greg Joswiak and Apple PR people Tom Neumayr and Christine Monaghan. The email continued:

If yes, Dale Bagwell from our Customer Experience team will be on point to manage this on our side. Note that this will pose some challenges in terms of language localizations of the email, since the downloads of these apps took place in a wide variety of App Store storefronts around the world (e.g. we wouldn’t want to send an English-language email to a customer who downloaded one or more of these apps from the Brazil App Store, where Brazilian Portuguese would be the more appropriate language).

The dog ate our disclosure

About 10 hours later, Bagwell discusses the logistics of notifying all 128 million affected users, localizing notifications to each users’ language, and “accurately includ[ing] the names of the apps for each customer.”

Alas, all appearances are that Apple never followed through on its plans. An Apple representative could point to no evidence that such an email was ever sent. Statements the…

Source…

Rogue CBP Agent Decided To ‘Drain The Swamp’ By Tracking Down A Journalist To Sniff Out Her Sources

The DOJ has decided it can safely threaten First Amendment protections, so long as it’s done in the pursuit of leakers. The Trump Administration has leaked like no other, prompting AG Jeff Sessions to triple-up on former president Obama’s war on whistleblowers. Omelets/eggs broken, I suppose, if the end goal is dialing back leaks to only the ones the administration approves of.

It’s cool to target journalists’ communications again. That’s the general mood of the DOJ, which slapped itself on the wrist during Eric Holder’s tenure for hoovering up AP journalists’ communications, only to reverse course when the desire to prosecute leakers surpassed its desire to not look like a thuggish force of government oppression.

The indictment of Senate Intelligence Committee advisor James Wolfe contained a lot of journalists’ communications and metadata obtained from several sources, including service providers these journalists used. This was disturbing enough, suggesting the new normal for leak investigations is targeting members of the press to work backwards to their anonymous sources.

But there’s even more shadiness going on than is observable from that single indictment. A self-appointed freedom fighter with the unbelievable last name of Rambo was apparently trying to suss out journalist Ali Watkins’ sources. (Watkins’ email and communications data were subpoenaed during the Wolfe investigation.) The first hints that something weird and disturbing was going on behind the scenes was published by The Washington Post. It detailed the apparently rogue (and illegal) actions of a government employee prior to the delivery of the Wolfe indictment.

The actions of a Customs and Border Protection agent who confronted a reporter covering national security issues about her confidential sources are being examined by the CBP’s Office of Professional Responsibility, the agency said in a statement Tuesday.

The agent, Jeffrey A. Rambo, contacted journalist Ali Watkins last June as the Trump administration was ramping up its investigations of unauthorized leaks to reporters, and he identified himself as a government agent.

Rambo met with Watkins at a restaurant in Washington after initially contacting her by email. A reporter taking such a meeting with a potential source would not be unusual.

But after he arrived, Rambo said the administration was eager to investigate journalists and learn the identity of their confidential sources to stanch leaks of classified information. He questioned Watkins broadly about her reporting and how she developed information, according to the people familiar with the incident, who spoke on the condition of anonymity to discuss a sensitive matter.

The “examination” is now an official investigation, the New York Times reports. More details about Rambo’s actions have surfaced, suggesting flagrant abuse of sensitive government databases for the purpose of tracking down Watkins and pressuring her to divulge her sources.

The agent, Jeffrey A. Rambo, who usually worked in the San Diego area, was temporarily assigned at the time to the National Targeting Center, a facility in Sterling, Va., operated by Customs and Border Protection that stores data on the travel of millions of Americans and foreigners. Such information is supposed to be used only under strict rules by immigration and law enforcement officials.

Now the Department of Homeland Security’s inspector general and investigators from the border agency are examining whether Mr. Rambo used the travel data improperly or illegally and whether anyone else was involved.

It doesn’t appear anyone directed Rambo to meet with Watkins and attempt to discover the identities of her sources. From the statements given to the New York Times, it appears Rambo was simply a self-starter bursting with misdirected gumption.

It remains unclear whether Mr. Rambo handled or heard about an official F.B.I. request to the center for Mr. Wolfe’s travel records, and, if so, whether that led to the discovery that Ms. Watkins was his traveling companion. According to Ms. Watkins’s accounts, Mr. Rambo spoke with enthusiasm to her about Mr. Trump’s crackdown on leaks, telling her that “we’re finally going to be able to drain the swamp,” raising the possibility that he had searched the database for her records on his own initiative.

It really doesn’t matter whether Rambo felt draining the swamp was his own personal mission or someone on the inside suggested he check the situation out. Either way, it’s an abuse of Rambo’s position and access. The DOJ started screwing the pooch with its demand for journalists’ records and communications and Rambo came along to botch the job and clumsily bury the canine after performing a hit-and-run on his own career. This is scary stuff and it’s not being helped by the anti-journalist attitude being fostered by the man at the top of the governmental food chain.

Permalink | Comments | Email This Story

Techdirt.