Evening frens.
What did I miss?
Evening frens.
What did I miss?
bummer
1 of 2
EXCLUSIVE: Postal Inspectors Have Used iPhone Hacking Tools Hundreds of Times
By Ken Silva January 25, 2022 Updated: January 25, 2022
The U.S. Postal Inspection Service (USPIS) owns sophisticated hacking tools that can breach iPhones, and has used them hundreds of times over the last several years, according to USPIS records.
Law enforcementâs use of hacking tools such as Cellebrite and GrayKey has attracted considerable attention in recent years, particularly following reports that the FBI used the Israeli-based Cellebrite to help access the iPhone belonging to San Bernardino shooter Syed Rizwan Farookâthough there has since been reporting to the contrary. More recently, records obtained by Vice Motherboard last year revealed how police departments use GrayKey.
The use of such tools by the USPIS, the law enforcement arm of the Postal Service, is disclosed in its 2019 and 2020 annual reports, but has gone largely unpublicized until now. The Epoch Times has also reviewed an internal Postal Service letter, which shows that one technician in the USPIS digital evidence unit used GrayKey to crack more than 150 iOS devicesâiOS being the mobile operating system for the iPhone.
Altogether, the records suggest that the USPIS has cracked hundreds of iPhonesâgenerally thought to be one of the most secure commercial phones on the marketâas well as other devices.
âThe Cellebrite and GrayKey tools acquired in FY 2019 and 2018 allow the Digital Evidence Unit to extract previously unattainable information from seized mobile devices. During FY 2020, 331 devices were processed, and 242 were unlocked and/or extracted by these services,â the USPIS 2020 annual report says. âThe success of the program and ever-increasing demand for services required the purchase this year of a second GrayKey device for use on the East Coast.â
The 2020 report reveals an uptick in phone cracking from 2019, when the USPIS accessed 177 devicesâ34 using Cellebrite and 143 with GrayKey, according to that yearâs annual report.
The internal USPIS letter suggests that the increase continued last year, revealing that one technician alone cracked more than 150 iOS devices.
âIn May 2020, FLS [Forensic Laboratory Services] acquired a second GrayKey iOS tool for extractions of locked iOS devices. Password protected devices is one of the biggest challenges facing the digital evidence community today,â the letter says.
âSince acquisition, [the technician] has successfully unlocked/bypassed, extracted, and examined over 150 locked iOS devices. The additional GrayKey unit has allowed FLS to balance the workload for the three locations with specialized mobile tools, essentially eliminating the backlog for these examinations.â
Given that the USPIS is a federal law enforcement agency that predates even the FBI, its use of tools such as GrayKey isnât necessarily surprising, said retired FBI agent Marc Ruskin.
âThey have jurisdiction for a much wider variety of cases than youâd think because any type of wire fraudâa large scope of white-collar crime involves wire fraudâor the use of the mail falls under their jurisdiction,â said Ruskin, author of âThe Pretender: My Life Undercover for the FBI.â
Ruskin told The Epoch Times he worked with Postal Inspectors on investigations twice during his career, and âthey tend to be very good as far as professionalism and intelligence.â
One of the more prominent cases involving the USPIS was the 2001 anthrax mailings, and Postal Inspectors have served on numerous joint terrorism investigations since then.
However, Ruskin questioned what oversight and safeguards are in place at the USPIS to ensure that privacy rights are protected and GrayKey/Cellebrite arenât abused.
âWe donât know what safeguards are in place. If the guidelines are flimsy, they may be permitting warrantless searches,â Ruskin said. âUnder what circumstances are warrants required?â
USPS and USPIS did not respond to emails and calls seeking answers to those questions. USPSâs inspector general has referenced âcase management reporting guidelinesâ that establish requirements for how Postal Inspectors should conduct and document their investigations, but that document does not seem to be publicâunlike similar guidelines governing the FBI, which are available online.
(contd.)
2 of 2
Even with guidelines, the USPIS may not be subject to the same scrutiny or oversight as other law enforcers, Ruskin added.
âWhile they may be subject to the same legal limitations, in fact there may be less oversight because they have a lower visibility,â he said. âEveryoneâs looking at what the FBI and ICE are doing constantly, but whoâs looking at the Postal Inspection Service?â
The Epoch Times has filed a Freedom of Information Act (FOIA) request for UPSIS guidelines and other records related to tools that can crack iPhones.
Cellebrite and GrayKey developer Grayshift, for its part, also did not immediately respond to inquiries about whether it audits its customersâ use of its products, or has other safeguards to prevent abuse.
Cellebrite has come under particular scrutiny in recent years for doing business with authoritarian regimes. The company announced in October 2020 that it would stop doing business in China and Hong Kong.
Following last yearâs revelations about USPIS monitoring anti-lockdown protestors via its Internet Covert Operations Program (iCOP), privacy activists have warned that USPIS is in danger of âmission creepââwhen an agency has access to more tools or information than it needs to complete its designed mission, leading it to expand into another role outside of the designated mission to utilize those tools.
âThe Postal Inspection Service has a well-defined mission in protecting the mail, but the agency has often overstepped its bounds,â the Electronic Information Privacy Center (EPIC) stated earlier this month. âThe Postal Inspection Service now claims a âwide jurisdictionâ to preserve the âsafety, security, and integrity of the nationâs mail system from criminal misuse.ââ
More broadly, privacy activists have concerns about the proliferation of tools like GrayKey and Cellebrite, which have become steadily cheaper and more ubiquitous over the years.
âForensic searches of cell phones are increasingly common ⌠The searches are often overbroad, as well. Itâs not uncommon for data unrelated to the initial suspicions to be copied, kept, and used for other purposes later,â the Electronic Frontier Foundation (EFF) said in a March 2021 explainer.
âFor instance, police can deem unrelated data to be âgang related,â and keep it in a âgang database,â which have often vague standards.â
EFF added, âMany police departments donât have any policies in place about when forensic phone-searching tools can be used.â
https://www.theepochtimes.com/exclusive-postal-inspectors-have-used-iphone-hacking-tools-hundreds-of-times_4235704.html?utm_source=gab