Cellebrite, a company known for selling law enforcement cellphone-hacking technology, has itself fallen victim to cybercriminals.
Motherboard reports hackers leaked to its journalists 900GB of Cellebrite data, including “customer information, databases, and a vast amount of technical data regarding Cellebrite’s products.”
An Israel-based firm, Cellebrite Mobile Synchronization Ltd. has subsidiaries in numerous countries, including Brazil, Singapore, Germany, and the United States. The company has been owned by Japan’s Sun Corporation for roughly a decade.
During the dispute between the FBI and Apple over default encryption last spring, Sun Corporation’s stocks soared 20 percent after Reuters reported Cellebrite was aiding the FBI in unlocking the iPhone of San Bernardino shooter Syed Farook. Another 17 percent spike occurred after the FBI announced it had successfully hacked into the device. (Washington Post national security reporter Ellen Nakashima subsequently reported the FBI hadn’t used Cellebrite’s technology.)
A device sold by Cellebrite, known as a Universal Forensic Extraction Device, or UFED, is used by American law enforcement, as well military and intelligence, to extract and decode digital evidence from mobile devices. In 2013, the company discontinued its popular “UME 36 Pro” model, replacing it with the more expensive ($2,199) “Cellebrite Touch.”
According to Cellebrite’s website, the Touch utilizes “logical and physical extraction methods to support more than 7,900 profiles for mobile devices including BlackBerry, Apple iOS, Android operating systems and smartphones from Samsung, Motorola, Microsoft, Palm, and Nokia.”
Motherboard journalist Joseph Cox reports the 900GB of stolen data appears to have been taken “at least in part” from the company’s website server. “The cache includes alleged usernames and passwords for logging into Cellebrite databases connected to the company’s my.cellebrite domain,” Cox wrote.
In a statement on Thursday, Cellebrite confirmed it had detected “unauthorized access to an external web server.” The company is currently working to determine the extent of the breach, it says.