Apple’s Public Dispute With The FBI, Explained

Apple has recently courted controversy over its resistance to a demand by the U.S. Federal Bureau of Investigation (FBI). Namely, the FBI wants Apple to help its investigators hack into the iPhone of San Bernardino shooter Syed Rizwan Farook, and a federal magistrate has ordered the tech giant to comply. Apple CEO Tim Cook has said the company plans to fight the ruling.

The bureau, with the support of the Department of Justice (DoJ) and the White House, argues that its proposal is analogous to a warrant-authorized search. FBI officials speculate that information stored on Farook’s device may help them ascertain the circumstances that led to the San Bernardino tragedy, identify any accomplices the perpetrators may have had, and possibly prevent future attacks by violent extremists. The bureau’s director James Comey has suggested that he is not trying to set a legal precedent by pursuing the Farook case.

On the other hand, Cook contends that a version of the iOS operating system designed to override security features would constitute a “backdoor to the iPhone” and would indeed set a dangerous precedent for digital privacy around the world.

Technically, a backdoor to the iPhone already exists, in the sense that Apple has the ability to create and upload to its devices software that would override security features. The determining factor is whether the author possesses Apple’s secret digital signing key, since Apple devices won’t run software that doesn’t bear this signature.

 

The FBI’s proposal, and why Apple is resistant

Farook’s phone and the data stored on it are protected by a pin number that only the shooter knew. The FBI plans to conduct a “brute-force attack”—in other words, connect a device to the phone that can attempt many numerical passcode guesses in quick succession. But Farook has enabled a security feature that causes his iPhone to temporarily lock after 10 incorrect guesses. Depending on the settings, there is a possibility that data stored on the phone could be automatically erased after the tenth attempt.

The government wants Apple to design and upload onto the iPhone a version of iOS that would allow investigators to attempt an infinite number of passcode guesses without getting locked out, and without incurring the risk of data erasure.

But the company has raised several objections.

•  Cook fears Apple’s creation of “backdoor” software could have far-reaching implications. And his concern isn’t isolated to the future actions of American individuals and agencies. Apple is a transnational corporation that does business in dozens of countries around the world, including authoritarian regimes. If the U.S. government can demand that Apple help law enforcement hack an iPhone, what is to prevent a dictatorship from enlisting Apple technicians to break into the electronic devices of suspected dissidents?

•  The Farook case is not, in fact, unique. Rather, the U.S. Justice Department has requested Apple’s help to extract data from at least 12 other iPhones. Apple brass have expressed concerns that by writing security-override software on behalf of law enforcement, their company could come to be perceived as an appendage of the national security state—and thereby lose customers’ trust.

•  Security-overriding software for the iPhone could empower cyber-criminals. Cook has suggested that by creating a new version of iOS for the purpose of overriding security protections, Apple would run the risk that this software might fall into the wrong hands. However, the existence of Apple’s private signing key already poses a similar threat; armed with that signature, a skilled programmer with expertise in iOS could theoretically hack into any iPhone.

Does the government have ulterior motives?

Last fall, the Obama administration’s National Security Council formalized a “decision memo” which tasks state agencies with finding ways to circumvent digital encryption and security protections. Apple’s authorship of “backdoor” software would be a big step in that direction.

Given the significance and implications of the Farook case, don’t be surprised if an appellate court eventually rules in the tech giant’s favour. But U.S. government agencies’ efforts to gain access to digital devices will surely continue. In fact, through a tool called DROPOUTJEEP, the U.S. National Security Agency probably has backdoor access to at least some iPhones already. 

10 Ways to Protect Yourself and Your Business from Fraud

As the old saying goes, “an ounce of prevention is worth a pound of cure.” This is true for keeping colds at bay and for preventing personal and business fraud. When you consider that most business fraud can be attributed to a lack of proper control over information and assets, then you can instantly see the importance of prevention. It doesn’t matter if you are a small business or a vast conglomerate; there is a demonstrable benefit to be found through being diligent in protecting yourself from fraudulent activities. The following are the top ten ways to protect yourself and your business from fraud.

1.      Upgrade Onsite Security: 

A thief who breaks into your company offices or warehouse could not only steal property but also valuable information. That information can include credit card account numbers, computer passwords and all other forms of sensitive information. Once those numbers are obtained, the criminal could go on a virtual buying spree before you can make it into work the next day. This is why upgrading your on site security in the form of proper locks, alarms and security gates are crucial for preventing theft.

2.      Properly Secure Business Records:

Even with the extra alarms, there might be personnel who will be tempted to access important business information. That is why it should always be kept under lock and key after business. While it is convenient to have a list of all your account passwords handy, you really want to make sure that “prying eyes” won’t get a peek.   

3.     Add Shredding To Your Routine:

A shrewd identity thief will know right where to find the information they need and it’s not always in your office, but in your dumpster. Any paper that is being thrown out with any kind of company information should be shredded first. This is especially true for a small business that might not have secure dumpsters.  

4.     Don’t Divulge Over the Phone:

The natural instinct for anyone answering a company phone inquiry is to be helpful and courteous. That “help” might extend too far towards a potential identity thief who is trolling for information through a random “customer” call. Unless you initiate a call, don’t give out any vital company information over the phone to a stranger. 

5.      Lock Down Your Computers:

You might think it is easy to keep track of people who come through your office on a regular basis. However, when you consider all the messengers, delivery men, service technicians, sales persons and custodians you can see that the stream of outside workers, even in a small business, can be enormous. This is why your computers should have password protection. They should also be shut down when you are away from your desk.

6.      Install Computer Firewalls:

The protection from your computer needs to extend throughout the internet through updated firewall security measures. You need to protect your network systems from potential hackers who troll for businesses to steal from. If you have an IT professional who takes care of your IT network and systems, ask them for their recommendations. 

7.      Establish Strong Anti-Fraud Policies:

Your employees are going to be your best line of defense to prevent fraud. However, they can also become your weakest link. This is why you need to establish clear policies with regard to sharing company information. A rep from your company shouldn’t be out in the world broadcasting sensitive information. It could be unintentional, but that won’t matter if a fraud occurs from using this information.

8.      Set Up a Fraud Hotline:

Sometimes an employee could witness an act of fraud but they don’t want to directly report this incident to a manager. Setting up a fraud hotline or email address can provide staff members with the opportunity to share any knowledge of fraud. This type of hotline also tells anyone who might be thinking about a fraud scheme that they are being watched by their co-workers.

9.      Take Immediate Action:

The moment there is a report of a suspected fraud incident you should begin a thorough investigation. By taking immediate action you’ll let your staff know this type of behavior won’t be tolerated.

10.  Sever Ties With Ex-Employees:

When renting a new apartment, you should request that new locks be installed. This is also a smart policy with regard to ex-employees, especially those who were fired under undesirable circumstances. You need to make sure any previous access these employees had to sensitive information be changed. This could be swapping out passwords, canceling company credit cards and yes, in extreme cases, changing the locks.

Protecting your small business from hackers

It’s not only the large corporations that are targeted by criminals, but also small businesses such as yours. This is because small businesses do not have the resources that they require to protect their IT infrastructure. Here are a few reasons why you should improve your IT security especially if you’re a small business:

• You need to protect your customer’s credit card information. There is even a greater risk of fraudulent activity as a majority of credit card transactions are online.

• Manage your brand reputation. By having the best IT security in place, you protect your business and customers and, most importantly, maintain your reputation as a secure place to do business.

• Protection from viruses /spyware. Another potential risk is viruses, which can create chaos on your business. Many viruses can shut down entire computer networks and even email systems. Once a virus has infected your computer, it will start sending emails to anyone listed in your address book, harming your reputation. This threat alone should be enough of an incentive to improve your IT security.

Once your infrastructure is compromised, the cost to purchase new software and hardware or even to manage crisis communications can be high. It doesn’t matter if the threat comes from an employee, a virus or a hacker, there are some easy ways to prevent and avoid these events. Here are some tips in protecting your company:

1. Get a reliable host service for your website and database. Make sure that they are reliable and have a good reputation. Ask for client testimonials when vetting vendors.

2. Verify that all your employees are using the current and up to date browsers. One of the easiest ways viruses and spyware can infect a computer is by exploiting weaknesses found in the browser.

3. Make sure that an anti-virus program is installed on all computers. This includes your servers. Keep the program current at all times.

4. Manage all your passwords at a single place using a password manager. And ask your employees to create passwords that are random. Do not use easily remembered passwords such as family names, pet names and such. Ask your employees to not keep the passwords where they are easily accessible.

5. Monitor internet usage. As employees could inadvertently come across malware or phishing sites allowing their computers to be hacked.

6. Protect your Wi-fi connection. Password protect your connection and make sure that your hardware is modern.

These are some steps that you can take to prevent unauthorized security breaches and will provide you with a solid foundation to protect yourself from basic malicious attacks.