A project I started, aosp-build, makes it easy to rapidly customize and compile Android images for Pixel devices where you can lock the bootloader.
I have had a few different, sometimes anonymous, groups reach out trying to hire me based on this work or use my build system for unusual use cases. One, for instance, wanted advice for their own private fork of my project where they disabled the camera and similar things to supposedly meet requirements for a high security environment.
It is weird considering my open source project might have been used directly or as a reference by the FBI.
Any reason you didn't take the work? Seriously locking down a phone seems like a rewarding cross-domain engineering challenge.
I'm honestly shocked at how most ultra-high risk people just use off the shelf products, sure they are addictive devices yes, but every few months there's another story of military, celebrity or political compromise because of their phones. It seems like a ripe field if you can somehow convince the end-user it's in their interest to reduce functionality.
Working on an open source project in public is one thing, but doing private work where I don't have any idea what the target use case is, is generally a non starter for me regardless of pay.
Could be FBI, could be terrorists.
My personal mission is to help bring more privacy, security, and freedom to people so I don't really have an interest in work that does not further those goals.
I started my own security consulting firm largely so I can make a good living but also pick and choose my projects.
If I just wanted money without caring about ethics I know where to find high paying jobs at surveillance capitalism companies.
Looks like that project is @hashbang/aosp-build? Was just looking for something similar today. I have read some people attempt user-mode builds of LineageOS in order to re-lock the bootloader. Wish it was more common! Do you still contribute to this project?
Other ROMs that support locking are https://grapheneos.org and https://calyxos.org but have limited device compatibility in the name of security (primarily regarding firmware).
Thank you for this! I have wanted the ability to use high-assurance boot but also the ability to install what I want, and although the two do not in theory conflict, in practice Google wasn't really very helpful in this regard. I looked into it a couple times and found the documentation quite slim.
Hell, I'd even call it badass. The FBI created a tech startup (even with the .io domain!) and sold devices with a custom Android distribution.
It's funny because you can search for the XDA-Developers thread mentioned in the article, they were pretty shocked to find a phone with modded software and a locked bootloader.
>The F.B.I.’s operation, according to court documents that the Justice Department unsealed on Monday, had its origins in early 2018 after the bureau dismantled a Canadian-based encryption service called Phantom Secure. That company, officials said, supplied encrypted cellphones to drug gangs, like Mexico’s Sinaloa cartel, and other criminal groups.
>Seeing a void in the underground market, the F.B.I. recruited a former Phantom Secure distributor who had been developing a new encrypted communications system called Anom. The informant agreed to work for the F.B.I. and let the bureau control the network for the possibility of a reduced prison sentence, according to the court documents. The F.B.I. paid the informant $120,000, the documents said.
I'm interested to read more about Phantom Secure's "dismantling" in the context of both HSBC's slap on the wrist and the FBI starting and running a company that did the exact same thing.
Edited to add: It's fairly obvious that Phantom Secure was setup specifically to cater to organised crime communications - it appears the CEO experssly admitted this. I wonder if the company would have been better off marketing to 'security and privacy' conscious individuals, rather than, specifically, drug cartels, leaving the door of plausible deniability open.
It seems like the cartels aren't very good at threat modeling. It seems like it should be very obvious that secure comms setup specifically to cater to cartels would have a huge target on its back. Just use signal, damn.
Next we'll be hearing about all the fake VPN companies they're running. "Sign up for our secure VPN and keep your traffic away from prying eyes! Do you know how many companies are spying on you and selling your data?" I've always thought that would be an excellent mitm vector. Then get a bunch of youtubers to promote it.
I think you can't really prove an entity to be trustworthy; you can only really prove that an entity is not. I trust Mullvad about as much as it's possible to trust a VPN company... but, that's probably as good of a recommendation as you can really get.
Came here to promote Mullvad as well. Not that they can’t point back to your up address or some such but since you can login to the VPN using a unique identifier instead of an email address and password it’s a pretty decent way to decouple it from your PII.
And you can pay with cash. I always feel a bit funny dropping $10 cash in the mail with no return address but so far it’s always made it into my account.
No, I use SnailOnionCoin. It sends my cash through a number of intermediaries, each just getting a .onion adress explaining where to send it next. Every hop is also switched between cash in snailmail, western union and bitcoin to make it harder to trace the links and make sure that physical traces (like fingerprints) or legal traces (like the postal system or traditional financial transfers) don't make it to the final recipient.
Not only your fingerprints, but the fingerprints of the dozens of people who handled the envelope and cash. Who knows what they could do with so much information?
It's been long rumored that privacy-as-a-product companies are actually three letter agency honey pots. ProtonMail actually has some connections to NSA investment firms and some former NSA staff on their board. There could be good explanations here, and there could be bad explanations, however, we don't know the role each of these components play in the larger sum; we can only guess and speculate.
In that way, an ambitious project that gives away certificates that were formerly worth a lot of money would be a pretty slick honeypot because now you could stow away private keys and have a copy of most of the encrypted webs certificates to decrypt in-flight communications.
That's not at all how Let's Encrypt or any HTTPS CAs work (or have ever worked). You send them a certificate signing request, and they respond with a signed certificate. You never give them your private key.
Functionally irrelevant to your browser though without HSTS: being able to MITM specific targets with correctly signed certificates would be extremely useful.
A CA can't steal your private keys, they can issues certs for your domain to themselves regardless of ownership. They could do this even without you as a customer, atleast untill they get caught and have their root certs revoked by tech companies.
This is why I mostly recommend a Russian VPN or one in a foreign country. Sure, your data might end up in the hands of Putins mobsters. Do you think they will share the data with your government? Unlikely...
And even if a VPN company isn't compromised, there are so many legal loopholes that would allow government to access your data. Kitten on a tree can quickly become a matter of national security.
I read about an instance where one of the cartels kidnapped a couple telcom engineers working in Brownsville to force them to help set up this kind of infrastructure.
Most consumer Android phones come with Google Play Services installed by default. Note that that is a completely different thing than the Google Play Store. It's intentionally branded to be confusing and sound like it has something to do with applications. Google Play Services is an entire closed-source operating system living above the kernel, but has hooks all the way down, into every subsystem. It offers a ton of juicy APIs to make Android development "easier", but one of the things that it does (called Google Location Services, or GLS) is interpose between GPS and other ways of location and offer a location API to applications, becoming the location provider for the device. All requests for location go through it.
GLS has scary[1] privacy implications and you cannot uninstall it. You can disable most of the scary stuff it does by not agreeing to use "high accuracy" mode for location, aka "device only". You must "consent" to this data collection because Google's lawyers believe this consent dialog meets legal requirements for this data collection. Their verbiage is horribly vague and absolutely does not communicate what data collection you are agreeing to by enabling this mode. It calls this data "anonymous" but location data, particularly traces, is anything but anonymous. At the high resolution of GPS these days, it cannot be anonymized.
[1] by "scary", I actually mean absolutely dystopian.
> GLS has scary privacy implications and you cannot uninstall it.
I have an Android without Google Location Services, the alternative location service is a Mozilla backend instead. I doubt that's much better for privacy and more likely stands out like a red flag to the Data Hoover collection agencies, but it is certainly possible to not use GLS.
I've only come across one small app that didn't play well with the Mozilla backend.
Yup. Unfortunately we're training children and college students to accept this. OS vendors are now effectively pseudo governments due to this kind of thing.
"On most Android devices, Google, as the network location provider, provides a location service called Google Location Services (GLS), known in Android 9 and above as Google Location Accuracy. This service aims to provide a more accurate device location and generally improve location accuracy. Most mobile phones are equipped with GPS, which uses signals from satellites to determine a device’s location – however, with Google Location Services, additional information from nearby Wi-Fi, mobile networks, and device sensors can be collected to determine your device’s location. It does this by periodically collecting location data from your device and using it in an anonymous way to improve location accuracy."
Consider the implications of Google collecting "anonymous" data from billions of Android phones. The technical details of scale, regularity, which sensors, their resolution, etc are highly germane here, but unfortunately not public. This is a very large blind spot in public scrutiny IMHO.
I have to agree. This is a clever way to catch criminals that doesn't particularly harm non-criminals. I'll take this over the anti-encryption campaign the FBI has been on for the past 10 or 20 years.
> I'll take this over the anti-encryption campaign the FBI has been on for the past 10 or 20 years.
The problem is that these things go hand in hand. The criminals wont buy from the poisoned channel if they can get the security they need from the standard consumer models. If you go to T-mobile, and you get the option everyone gets and it is end-to-end encrypted properly and there aren't any remote exploits then the criminals will just use that.
Non-criminal privacy focused people are much more likely to use standard devices with publicly known apps such as Signal. You couldn't buy this phone in stores, it was specifically distributed on the black market.
It wasn't a good choice if you're privacy-conscious anyway, since there was no source code available, so you couldn't check it actually does what it claimed.
> Innocent (and clueless) people seeking privacy had their privacy violated by this action.
You state this as fact without any proof. The AFP and FBI assert that 100% of the users were engaged in criminal activity. Given the distribution method, which included vetting by a known criminal organization, the requirement to have an account created by administrators that are again known to be criminal, and the ability to only contact others on the same network, I tend to believe that assertion until I see proof otherwise.
> The AFP and FBI assert that 100% of the users were engaged in criminal activity.
Don't take cop statements at face value unless they're proven in open court.
If you're not familiar with the US policies around such things, lying is part of the job for police there. Most cases end up in plea bargains, which allows prosecutors and cops to avoid having to actually prove anything in court to secure a guilty verdict as part of a plea agreement.
Very few police accusations actually end up being proven with evidence.
Be that as it may, they've still offered more evidence than you. I don't take assertions from random HN commenters without any supporting evidence at face value either.
> The Department of Justice has charged multiple people who allegedly worked for Anom in part for obstructing law enforcement by using this [remote] wipe feature.
I thought anom was a government company the whole time- why would they be charging themselves? Is this simply a case of the right hand not knowing what the left is doing, or did the company used to be actually a sketchy outfit and got acquired/pressured to play along with the sting operation?
Because the FBI only needs a warrant to wiretap people in the US. Nobody in the US was arrested as a result of this. The 4th amendment to the US constitution doesn't protect, for instance, Australians in Australia.
Literally speaking, the 4th Amendment is just a legal right. Most human rights declarations don't require warrants either, they're mostly much more loosely worded than legal rights documents.
> The right of the people to be secure in their persons, houses, papers, and effects, against unreasonable searches and seizures, shall not be violated,
It specifically says that the natural right will not be violated, how is that a legal right?
The constitution is a legal document that is formally upheld by the US legal system. Many of the ideas within it were derived from other places, but it, itself, is a codified legal document.
It is a legal document guaranteeing a natural right. The Bill of Rights doesn't codify much of anything, it lays out certain things further laws can't tread on without extraordinary permission granted.
It guarantees much more than a natural right, and does so with the backing power of a legal institution. For example, the UDHR doesn't even mention the word "warrant", and it doesn't do anything to compel enforcement.
The BoR is, by plain definition, a codification of rights. To codify means to make into law, which is what it is: a law, implementing the formal recognition rights... and it does so by making illegal specific abuses.
That's not the way the US Bill of Rights frames it. It says that purely by existing people have certain rights, and society chooses which ones should be protected and which should be surrendered. By having means of communication, I naturally have the right to free speech. The government can only limit that freedom.
It's supposed to be a way of showing that the government is subservient to the citizens, as it does not have the power to grant citizens rights. I doubt it's effective though, as most people seem to think the Constitution grants rights.
> It says that purely by existing people have certain rights
Maybe that's just me, but that's way too abstract for me. Have planets and stars always had certain rights purely by existing as well?
> and society chooses which ones should be protected
Well in that case you could make the case that every single person has every single right anyone could possibly have and the society chooses a subset of these rights as actual laws. I guess this is a way to eat your cake and have it, too, since it makes the difference between my and your view unobservable.
The constitution grants legal rights on the basis that natural rights already exist.
You are right that people have rights without the constitution. Other people are right that the constitution grants rights. The confusion is that you are both talking about different types of rights.
We just fundamentally disagree on whether the Bill of Rights grants people legal rights or restricts the actions the federal government can make. I get that you probably don't think there is a difference, as even I think the difference is largely semantic. I still see it as a difference.
I recognize the difference between the two -- but those two concepts are not inseparable, the one causes the other. The restrictions that the constitution imposes created a set of legal rights.
A law that says "the government can't legally do [x] to me", by definition, creates a legal right that I have "a right not to have the government do [x] to me". They are semantically different in perspective, but causal in relationship.
Yeah, I completely understand your point of view. I think if the intention of the Bill of Rights was to grant legal rights they would not have used the language they did. All the talk of "infringement" and "enumeration" make it clear they were going out of their way not to grant rights.
If people said "the constitution grants the right for our free speech not to be infringed" I'd probably ignore it. That's not how any discussion goes though.
Here's why I think this matters in this instance. By saying the 4th is "just a legal right," you are saying that the Constitution only grants it to certain people and the government can spy on anyone else. But by saying it's only a limitation, there's no qualifier on whose rights they can infringe.
The citizens of the world who believe in universal human rights should gather consensus with the world lest they have nothing to do but continue to talk about how much of a bummer things are on a HN forum.
Of course, international rights also need international enforcement, since a right without enforcement is just a nice thought. Perhaps we'll also have a world order to enforce these rights.
> Of course, international rights also need international enforcement, since a right without enforcement is just a nice thought. Perhaps we'll also have a world order to enforce these rights.
Universal human rights have exploded to be adopted by much of the world, without an international government.
Rights are not just nice thoughts. Even oppressive governments don't have the resources to control everything everyone does (of course). Just adopting the outlook, just believing you are free will make you free to a great extent.
Seeing the current state of freedom and rights across the world, I'd much rather have to deal with my own national crooks than a worldwide organization purporting to fight for my rights
Citizens are groups of humans who decide on different subsets of rights. E.g. humans in Germany are not allowed to be educated while young outside of the buildings of the state.
Sure, but that doesn't change the basic point - you can't use an argument for human rights to confer citizen-only rights.
If you're the US government, and you're justifying your power by saying that you respect human rights, and then you do a bait-and-switch and provide citizen's rights but not human rights, you just lied.
That being said, strictly speaking I disagree, citizens do not have full authority on rights and neither are all rights conferred to classes of citizens.
No, they didn't. That document literally discusses that they only wiretap overseas messages, likely because they couldn't legally wiretap US messages (though it should be noted that the Australian police did have a warrant for the wiretaps in their jurisdiction).
Probably the same reason why planting a bug in someone's home is illegal, but selling an always a smart speaker (aka always on microphone) to them and getting them to install isn't.
So, in the same way that corporations support Open Source projects to use to their own ends, organised crime will now be donating substantially to Open Source Encrypted-End-to-End messaging software right? ... Right?
In a way, privacy advocates could be thanking crime lords for their support in the future.
Maybe I'm dumb. Why would a user who bought a phone that turned out to be an Anom device need their identity protected from 'retaliation'?
To be clear: I'm perfectly happy for them to be anonymous for any reason or no reason. I'm specifically wondering who theoretically would want to retaliate against someone purchasing said devices and why. First sale doctrine still applies even to known honeypotted devices, right?
I can't see the FBI actually killing someone for passing on a used phone. That's a lot of risk for zero benefit.
I can see just generally wanting to stay off their radar, though. Even law-abiding folks can get arrested for being in the wrong place at the wrong time, and you don't want someone to see "passed an FBI-tapped phone to a tech media site" in your file. Or maybe their work requires a security clearance, that could hurt you there.
Is there any information on how the FBI captured the messages? It says they caught millions. I'm surprised large criminal networks nowadays don't have grey hats on tap to be able to analyse the devices they use, the packets they send etc.
It seems out of scope for the FBI to be working to catch criminals abroad, especially at this scale. I don't like it. It reminds me of the J. Edgar Hoover days.
I'm confused. I understand these phones were (very likely) used by the FBI to surveil suspected criminals. What I don't understand is how the FBI got the phones to those people, and even stranger why those people would trust these phones to be safe?
The FBI's plan was even more bold. Rather than penetrate an existing encrypted phone company used by criminals, it would secretly start and market its own encrypted phone firm. While criminals used the devices, the FBI would be able to read what they were saying.
The challenge was that running a fake encrypted phone company was not that different from running a real encrypted phone company.
"We can't just run a good investigation; we have to run a good company,"
...
It was essentially a problem of marketing, Young said. The FBI needed to imbue this fake company with credibility so that criminals would buy and use the phones.
The FBI/CIA has a long history of doing this. I met a guy once who ran a fake pro shop in New York to spy on visiting Russians (in a part of town they were known to frequent) during the Cold War.
>A pro shop is a sporting-goods shop within a public or private-membership amateur sporting activities facility of some kind, most commonly a golf course, where it will typically be located in the country club building. In the case of golf pro shops, such stores usually provide equipment such as golf balls, clubs, shoes, and tees, as well as golf-themed gift items, and sometimes snacks or refreshments. Aside from golf courses, pro shops are also frequently found at bowling alleys, pool and snooker halls, tennis and racquetball courts, ice and roller hockey rinks, and football (soccer) facilities.
I imagine it's a good "in" to learn about their social life, which can lead to secrets being divulged. If you know where and how often they play sports, it's probably not terribly hard to arrange for your colleague to bump into them at the golf course (or wherever) and try to strike up a friendship. It's not as if the spy agencies had cellphone GPS logs to track these guys, so the human element was important.
Even asking a regular customer, "Hey, what happened to Ivan? I haven't seen him around. Is he still in the area?" while they're shopping for sports equipment could be a conversation that provides valuable information about someone's whereabouts.
The meaning I know for that is essentially the store and sometimes a bit of a hangout spot associated with a golf course (so named because of the golf professional(s) available there). Not sure if there's other meanings.
They captured one of the distributors for a secure phone company they had already taken down. He was trying to start up his own secure messaging app so they basically funded him, added the backdoors, and used his network to market the new device. It's funny to think about but who would you trust more, some silicon valley company making a "secure" messaging app or one made by another criminal? It's not like there is a LinkedIn for international criminals so there's a physical network of trust required and this guy seemed to have had it.
Law enforcement agencies created a site to sell the phones, and then had informants and other such people "pass the word" in the targeted communities - "hey, there's this cool site where you can buy a phone that the FBI can't track!". Viral word of mouth marketing.
> The operation came into being after the FBI took down a Canadian-based encryption service called Phantom Secure. Phantom Secure was marketing its services to criminal elements, offering secure communications through the encrypted cellphones that the company provided to syndicates. When the company was dismantled in 2018, the FBI sought to fill the void in the black market for secure criminal communications. To make that happen, the agency recruited a former distributor of Phantom Secure as an informant who, in return for reduced jail time, not only helped develop an encrypted communications system called ANOM, but helped market it to insular networks of criminal buyers.
Street criminals tend to be dumb. Thugs, muggers, dealers, guys who just freak out and shoot/beat/rape someone for no reason. People like that usually aren't together enough to even think of getting a secure phone.
The FBI is after the upper echelons of organized crime, and organized crime can be terrifyingly intelligent and resourceful. As another commenter mentioned, some of the Mexican cartels have their own IT departments and private cell providers.
> organized crime can be terrifyingly intelligent and resourceful. As another commenter mentioned, some of the Mexican cartels have their own IT departments and private cell providers
What is that based on? If they are so smart, why are they in a business where they're risking their lives, living under constant legal threat, and ruining the lives of millions of others? Lots of people get very wealthy without those risks, such as many in the Bay Area? Who is smarter?
Having your own IT department isn't a sign of genius.
Intelligence != capable of socializing. You need both in order to be paid well. I think the belife that criminals are uninteligent is due to
1) Intelligent people recognizing that crime rarely has a positive expected profit
2) There might be more unintelligent people than people who are both intelligent and so incapable of socializing that they can't find work.
As long as you're not at the bottom 2-3 rungs crime can have a huge positive expected profit. It's the lifestyle that sucks which is why intelligent people don't get into it unless something in their life makes it a compelling option.
It's amazing to me to see how many people run out the tropes that intelligent people don't commit crimes. More accurately, intelligent people don't get caught committing crimes.
It doesn't guarantee it, but it sure helps! Thew world isn't perfectly just, but there is justice. It depends on you and me - are we making our immediate world more just?
They're not exactly intelligent. I've recovered a drug dealers phone from my airbnb. They use signal and coded language to send messages back and forth, but don't put a lock screen on the phone and leave pictures of their product in gallery.
I have had a few different, sometimes anonymous, groups reach out trying to hire me based on this work or use my build system for unusual use cases. One, for instance, wanted advice for their own private fork of my project where they disabled the camera and similar things to supposedly meet requirements for a high security environment.
It is weird considering my open source project might have been used directly or as a reference by the FBI.