Jan 13, 2017 Posted in Breaches, News

Cellebrite Systems Breeched

Cellebrite (https://cellebrite.com) is an Israeli company that specializes in mobile forensics.

They have created a well known product that is called Universal Forensic Extraction Device (UFED). This tool basically can extract data from most mobile devices. They are able to also unlock mobile devices with a passcode. I have used a much older version of this tool in the past. You may see the catch the details in my Research Project here –> https://www.stealthbay.com/hardening-mobile-phone-devices/

What was taken

Based off a popular website called “Motherboard” who first posted about this breech. Cellebrite has lost over 900GB worth of data. Now, that is a lot of information and data that was taken. My assumption is that a lot of the data is related to tools and software made use of for forensic investigations.

Motherboard also believe the data is related to evidence files from seized mobile phones, and logs from Cellebrite devices.

How it occurred

The hackers attacked Cellebrite’s web servers. Through, there they were able to allegedly gather usernames and passwords related to the Cellebrite databases. That, then allowed them to gather client data such as: web site client usernames/passwords, software tools and possibly much more that has not been released. No major full details have not been released, but if the hacker had gained access to the database. Then, all bets are off in terms of being able to data mine all of the databases for any and all information within them.

Takeaways

I want to place a huge importance on how and why getting away from legacy systems is the right thing to do. And, to add to that conducting security assessments is vital for a company that handles any type of customer data or business tools on a publicly open server. Businesses should at the minimum conduct annual security assessments on all external facing servers. The best businesses out there conduct these types of security assessments usually on a quarterly basis.

From my personal experience countless businesses with public servers out there simply do not meet our current security standards or practices. These standards are set from NIST and other various information security organizations that maintain and initiative to educate users on information security principles.

Businesses that keep up with new security trends and standard seem to weed away most hackers. Most simply put, there is just much more work involved in taking down or breaching a much more secured system. People will flock off to the easy systems since it saves them time.

In some sense the hacker did Cellebrite and many other organizations a favor. Hopefully, it opens some eyes out there so that businesses and people in general better protect their systems and data.

The major takeaway from this article and breech should be that companies need to access their systems on an ongoing basis.

Motherboard – http://motherboard.vice.com/read/hacker-steals-900-gb-of-cellebrite-data