Anyone working within the Digital Forensics field knows of and has likely used Cellebrite equipment and data extraction and analysis tools. There are a number of products and companies out there, the other well-known and equally well used and liked provider is MSAB who provide, among other things, the XRY mobile forensics tool. Both companies are good at what they do and most forensic experts would agree that to carry out comprehensive mobile data extraction and analysis across the wide range of devices available, you need both sets of tools to achieve the best results as no single tool does it all.
In a recent article by motherboard.com it is revealed that Cellebrite have, themselves, been hacked and had 900GB of data stolen, including customer details and even what appear to be some mobile data extraction files.
The article by motherboard.com explains the circumstances in more detail, so I won’t go over them here, but it is concerning that access was gained to both customer data and potentially evidential data of some sorts. I’m sure more detail will be announced in due course and further reports/articles will emerge with various updates, but for now we can only speculate on what exactly has happened and why this data was accessible from a single source.
One thing I do disagree with is that the article states “The hackers have been hacked”. Cellebrite do not produce hacking software and are not hackers. They crack mobile devices and complete forensic data extractions, but they are not hacking tools or hacking solution providers. You can understand the confusion, but these days the media seem to bundle in any form of computer usage that isn’t browsing or sitting in front of MS Office as “Hacking”, when it just simply isn’t anything of the sort.
There are even the hard-core, old school hackers who would tell us all how there is a difference between “crackers” and “hackers” and how the terms have been confused and misused over time (nice little explanation can be found here, if you’re interested)…but unfortunately I think it is far too late the turn the clock back on that, now.
Anyway, I digress…what I wanted to point out was that one of my fellow MSc students did some digging on the Cellebrite Exec team and noted that there was no mention of a CISO (Chief Information Security Office) present on their exec board. Could this potentially be a reason as to why security was lapse? One to think about, and even if you are experts in forensics and data extraction, without proper focus and consideration for information security policies and procedures in all aspects of your information assets then even you can fall victim to malicious attacks from determined hackers.