iOS Forensic Toolkit Acquires iPhones in 20 Minutes, Including iOS 5!

by Nick Braak on November 14, 2011

in Cybercrime, Privacy

With access to *any* computer that has synced with an iPhone, or a little time to recover the plain-text password, the entire phone’s contents can be read in as little as 20 minutes, according to Elcomsoft, a well-known supplier of password decryption software tools.

From their crackpassword.com blog:

When developing the iOS 5 compatible version of iOS Forensic Toolkit, we found the freshened encryption to be only tweaked up a bit, with the exception of keychain encryption. The encryption algorithm protecting keychain items such as Web site and email passwords has been changed completely. In addition, escrow keybag now becomes useless to a forensic specialist. Without knowing the original device passcode, escrow keys remain inaccessible even if they are physically available.

Now the good news: iOS Forensic Toolkit can still recover the original plain-text device passcode, and it is still possible to obtain escrow keys from any iTunes equipped computer the iOS device in question has been ever synced or connected to. Once the passcode is recovered, iOS Forensic Toolkit will decrypt everything from the keychain. If there’s no time to recover the passcode or escrow keys, the Toolkit will still do its best and decrypt some of the keychain items.

Devices supported:

1) iPhone 3G
2) iPhone 3GS
3) iPhone 4 (GSM and CDMA models)
4) iPod Touch (1st, 2th, 3rd and 4th generations)
5) iPad (1st generation only)

Note, this product is not available to the public

“ElcomSoft restricts the availability of the toolkit to select government entities such as law enforcement and forensic organizations and intelligence agencies.”

My comment: Acquire means reading and copying *everything* off the phone, including email passwords and website passwords. Physical access to the phone is required, this cannot be done remotely.

In a hypothetical intelligence/surveillance scenario a phone could be removed from a bag or pocket, taken to a back-room, acquired and returned within an hour, whilst the owner is kept occupied with drinks, food, chat, “eye-candy” or a direct physical diversion!

Tagged as: ios forensics, iphone security, mobile forensics

{ 0 comments }

Ripoff Report moves the ripoffreport.com website back to the United States

by Nick Braak on October 21, 2011

in Online Reputation

It seems I was a day late and a dollar Turkish lira short when I posted earlier that Ripoff Report might have concerns about the ability of a Cypriot court to reach across the Mediterranean and serve a judgement on Ripoff Report’s Turkey-based webhosting provider.

In fact on or about October 6, the ripoffreport.com website and (I assume) its all-important database of complaints, rebuttals and user accounts was quietly moved back to the United States. The website now resides on the Amazon EC2 hosting infrastructure, sharing servers with Distil, a young company who offer “website scraping protection services, ” along with a variety of filtering and anti-bot features for website operators.

At face-value Distil shares some similarities with the Cloudflare service, but with many extra features geared to the protection of content. Cloudflare is more focused on availability, performance and denial-of-service protection. (The LulzSec hackers enjoyed and fully utilized protection of Cloudflare earlier this year, defying umpteen attempts to locate or bring down the LulzSec servers.)

However, like Cloudflare, Distil may act only as a “front end” to a website, leaving the true location and real IP address hidden both to the outside world and inquisitive persons such as this writer.  It is therefore possible that the Ripoff Report website and database are still located in Turkey with public access being filtered through the Distil service hosted on Amazon in the US. The move may have been planned in advance and the timing of the switchover a coincidence, rather than being a reaction to the FBME lawsuit.

An amusing footnote is that both Xcentric Ventures (Ripoff Report) counsel David Gingras and FBME bank outside counsel Thanasis Korfiotis have misspelled the name of the other party (FMBE Bank and Xcentric Ventrures respectively.)

More on this Greco-Ottoman-Sonoran-flavored story as new information becomes available….

Tagged as: Distil, Ripoff Report, ripoffreport

{ 0 comments }

Cyprus-based FBME bank sues US complaints website Ripoff Report and their Turkish web host

by Nick Braak on October 7, 2011

in Online Reputation

Cyprus-based FBME Bank Ltd. has filed a lawsuit in Cyprus in an attempt to compel Xcentric Ventures LLC, the owners of Ripoff Report (ripoffreport.com) to take down an anonymous consumer complaint. FBME claims the complaint is false, defamatory, outrageous, damaging  etc. etc.

Where the twist may lie in this Mediterranean saga is that the company that hosts the Ripoff Report website has also been named in the suit. The webhosting company and servers are located in Turkey, an unusual location for a US based website. Possibly one chosen by Arizona based Xcentric not purely for technical reasons, rather for it being out of reach of US courts and verdicts.

I am not familiar with Cypriot or Turkish law, but am aware of the close ties between at least half of Cyprus and Turkey. If FBME prevails in the Cyprus courts, it may just be possible that the webhost will be ordered to remove or redact the post on ripoffreport.com, or face time in a Turkish prison! (I’m recalling the 70′s movie “Midnight Express” whilst I write this.)

In actuality I would surmise that the webhost has little or no ability, or the authority, to edit any of the content of the website, throwing the ball back to Arizona for a decision as to how to proceed. I also surmise that Ripoff Report will not want to jeopardize the entire website and their “mutually beneficial” working arrangement over a single post, and may redact or even (gasp!) remove the post.

In a tongue-in-cheek comment on the document hosting service scribd.com, Xcentric Ventures General Counsel David Gingras quipped “It’s all Greek to me?” [sic] when he tried to read the complaint, as seen below. For the curious a link to the original offending post is included in the complaint.

FBME Bank Ltd v. Xcentric Ventures, LLC – Complaint?

[Edit: embedded document removed due to excessive tracking code employed by scribd.com. Please click the link above to view the complaint]

Tagged as: FBME, Ripoff Report, ripoffreport

{ 0 comments }

Tweets can be deemed libelous and form the basis for a defamation lawsuit

by Nick Braak on August 24, 2011

in Online Reputation, Social Media

In an excellent piece entitled What journalists need to know about libelous tweets at journalism website Poynter.org, the author cites a legal expert who warns that tweets and other twitter postings are not being treated any differently under the law.

“Statements on Twitter can form the basis of a defamation lawsuit just as much as any form of publication,” explained David Ardia, an assistant professor of law at the University of North Carolina. “It’s just sometimes with new technology, it takes a little longer for people to start to take what they read seriously enough — and more importantly for lawyers — to pay enough attention to start to bring lawsuits based on it.”

Two follow-up articles at Mediabistro cite further examples of recent lawsuits and threats of lawsuits involving celebrities and others:

Can Tweets Be Libelous? A Warning To US Journalists

Twitter Defamation Cases Are Heating Up

In some of the cases described the issues are contractual and long-standing. Others are no more than an off-hand insult or a volley in a round of heated back-and-forth.

Human nature being what it is, coupled with the incredibly easy ability for anyone to “publish” using twitter, makes it inevitable that things will get tweeted that are both untrue and intended to harm.

For those who have a reputation or assets to protect, it might be a very good idea to step away from the keyboard, or put down the smartphone for a few minutes, when feeling that raging urge to “teach that ***hole on twitter a lesson.” Once posted a tweet is effectively forever, even if you delete it.

Tagged as: defamation, libel, twitter

{ 0 comments }

← Previous Entries

Next Entries →