Cellebrite, a digital forensics firm known for helping law enforcement crack into locked smartphones, has itself fallen victim to hackers.
Technology news website Motherboard said Thursday that it had obtained 900 gigabytes of data related to the Israel-based company. It said the trove of data includes customer information, databases and technical data about the company’s products.
Cellebrite released a statement Thursday acknowledging that one of its external web servers had been hacked, adding that that it’s investigating the extent of the breach.
Motherboard journalist Joseph Cox said that an unidentified hacker gave him 900 gigabytes of data from Cellebrite’s servers.
In a series of messages posted to Twitter, he said that most of the data consisted of technical information, evidence and log files but that some of the information contained customer data. In an article , Cox wrote that the trove contained messages from authorities in Russia, Turkey and the Arab Gulf.
Cellebrite could be in for more unwelcome attention. Cox said that Motherboard would “likely be doing more stories from the data.”
According to Cellebrite, the server in question included a database backup of an old license management system. It said the hackers accessed basic user contact information and encrypted passwords for users who had not yet moved to the company’s new system.
While Cellebrite says it’s not aware of any risk to customers as a result of the breach, it’s still advising them to change their passwords.
Hacking the hackers
Cellebrite, founded in 1999, has contracts with the FBI dating back to at least 2013. The firm makes devices that allow law enforcement to extract and decode data such as contacts, pictures and text messages from more than 15,000 kinds of smartphones and other mobile devices. It also makes commercial products that companies can use to help their customers transfer data from old phones to new ones.
The company found itself in the spotlight last year after some industry observers speculated that it might have helped the FBI hack into an iPhone used by one of the killer in the San Bernardino, California, mass shooting. That phone was the subject of a major legal fight between the FBI and Apple; the company refused to help break iPhone security. The FBI dropped its case after finding another way into the phone.
Cellebrite claims to do business with thousands of law enforcement and intelligence agencies, militaries and governments in more than 100 countries. But its involvement in the San Bernardino case was never proven.