Subscribe

FBI paid top dollar to hack San Bernardino shooter's iPhone

The FBI has given a clue as to how much it paid an undisclosed hacker to break into the San Bernardino, Calif., shooter's iPhone after Apple refused to help. 

  • close
    People wait in front of an Apple store in Munich, Germany before the worldwide launch of the iPhone 6s in September 2015. The FBI has given a clue as to how much it paid an undisclosed hacker to break into an iPhone of an attacker in the San Bernadino, Calif., mass shooting.
    Matthias Schrader/AP/File
    View Caption
  • About video ads
    View Caption
of

Searching for the holes that allow a hacker to break into software code has gone from being a quirky activity to a legitimate and lucrative business. 

Asked how much the FBI paid for the hacking job into the iPhone 5c used by an attacker in the mass shooting in San Bernardino, Calif., FBI Director James B. Comey Jr. first said, "A lot." 

More specifically, he said the FBI paid "more than I will make in the remainder of this job, which is seven years and four months, for sure." His annual salary is around $185,100, which suggests the bounty is at least $1.35 million, Eric Lichtblau and Katie Benner reported for The New York Times.

The revelation follows weeks of controversy after the Justice Department tried to force Apple to design a security override, as the tech company's resistance launched a debate over cybersecurity.

Some have suggested $1.35 million is a low estimate, but either way, the FBI paid a high price in a field that is growing larger and more expensive as security vulnerabilities become more valuable to criminals and law enforcement alike.

US firm Zerodium offered bounties of $1 million each for any "working exploit" providing a yet-undiscovered pathway into Apple's latest mobile operating system, The Christian Science Monitor reported.

A high price tag for hacking jobs such as this is not uncommon. Scrupulous hackers who tell companies where their security vulnerabilities are so they can fix them are becoming established in the field of cybersecurity, Paul Roberts wrote for the Monitor:

In the past decade, a growing, global marketplace for software vulnerabilities has transformed a talent for sniffing out security holes in software from a resume bullet point to something akin to Stephen Curry's jump shot or Novak Djokovic's serve: a rare skill that commands a high price. But with everything from software publishers to spy agencies and shadowy cyberarms dealers competing for prized vulnerabilities, experts warn that there are both risks and rewards for both society and the economy in what is quickly becoming a Gold Rush for the Digital Age.

The market is becoming more complex as the monetary opportunities increase, with companies such as HackerOne and Bug Bounty HQ providing a platform to connect talented hackers with companies wanting to test their security.

"It's like finding a gold nugget," Mark Litchfield, a security researcher who once netted $63,000 from the legitimate bug-finding program of a single company, told the Monitor. "Sometimes it's like finding my own gold mine."

The prices are high because talented hackers have so many options for buyers. Some talented bug finders are compelled by conscience to report security breaches only to the companies that can fix them, but others must be motivated by a lucrative bounty. Companies that ask hackers to report their findings tend to pay less than criminals or intelligence officials (Microsoft's fee of $100,000, for example, is considered high).

This means the FBI's undisclosed payout may have been the most expensive publicized hack in history, Reuters reported. It is easy to see why asking Apple to simply override its own security, had the tech company been willing, would have been much cheaper. 

About these ads
Sponsored Content by LockerDome
 
 
Make a Difference
Inspired? Here are some ways to make a difference on this issue.
FREE Newsletters
Get the Monitor stories you care about delivered to your inbox.
 

We want to hear, did we miss an angle we should have covered? Should we come back to this topic? Or just give us a rating for this story. We want to hear from you.

Loading...

Loading...

Loading...

Save for later

Save
Cancel

Saved ( of items)

This item has been saved to read later from any device.
Access saved items through your user name at the top of the page.

View Saved Items

OK

Failed to save

You reached the limit of 20 saved items.
Please visit following link to manage you saved items.

View Saved Items

OK

Failed to save

You have already saved this item.

View Saved Items

OK