After the San Bernardino terrorist attack who killed 14 people in december 2015 the whole world watched the legal fighting between the FBI and Apple. The Perpetrators of the attack were two: Rizwan Farook and Tashfeen Malik, both killed in the resulting shootout with the police.

At the time of the attack, seems the FBI just had the iCloud backup of the phone until october 2015 when Farook disabled this function but it was impossible to extract the data from the device as it was passcode protected.

After some unofficial attempt to reach an agreement with Apple, FBI went to court to force the Cupertino company to create a special build of iOS (the iPhone Operating System) that when loaded onto the phone, will allow them to brute force the passcodes without the data being wiped. Eventually, they could guess the correct passcode and access the terrorist contacts, messages, etc.

Apple replied with an open letter  written by Tim Cook refusing to support the law enforcement in this specific matter arguing this would create "a dangerous precedent" for the security and privacy of their customers while posing a vulnerability into their best product.

On march 21, the FBI unexpectedly announced they finally found a way into the Farook's Phone. With a public declaration, Amy Hess (FBI executive assistant director for science and technology) announced FBI purchased the method from an outside party so they could unlock the San Bernardino device. All the forensic community looked at the Israeli Cellebrite company as the "outside party" who cracked the iPhone (considering that Cellebrite cracked other versions of iPhone in the past). Cellebrite, in a very smart marketing move, did not reply or made any public statement regarding the operation (the shares of the company raised by 40% since the FBI announcement). And the same day, FBI granted a $15,000 contract with Cellebrite:


Few weeks later FBI made another announcement declaring they broke into the iPhone with the help of professional "hackers" (an not Cellebrite) who discovered and brought to the bureau at least one previously unknown software flaw. The new information was then used to create a piece of hardware that helped the FBI to crack the iPhone’s four-digit personal identification number without triggering a security feature that would have erased all the data.

Cost of this service: over 1 million USD.

But the most interesting part of the story was ignored by most of the people. The FBI few days after the attack already had part of the data from the Farook iPhone. Berla, an Annapolis company specialized in Vehicle forensics, was involved in the investigation immediately after the attack and extracted the most important data from the Ford Expedition SUV, the vehicle used for the attack. The iPhone was connected to the vehicle and the car infotainment system copied part of the data.

So basically while the whole world was holding the breath the FBI was carrying out the investigation with a discrete amount of information from the terrorists pretending at the same time to fight with Apple.

End of the story:

  • FBI got the data
  • Apple demonstrated they care about the privacy of their customer refusing to comply to FBI requests
  • Cellebrite got an incredible worldwide visibility without making any single statement.

Everybody's happy!