Sun Corporation stories at Techdirt.

from as-if-someone-hooked-a-Cellebrite-on-Cellebrite department

When a Cellebrite device is connected to a seized phone, the operator presses a few buttons to extract just about all the data from the device. From there, investigators can try to find the evidence they are looking for. While the FBI continues to claim that device encryption prevents law enforcement from accessing evidence, many private companies are offering solutions to the problem that the FBI says is unsolvable without a backdoor.

It looks like Cellebrite cellebrite caught on a few years ago. Somehow, during normal day-to-day business operations involving its Japanese stakeholder, it performed a data dump of epic proportions that eventually made its way into the hands of Japanese regulators. Omar Benjakob has the exclusive report for the Israeli media Haaretz.

Sensitive and confidential information relating to intelligence, defense and law enforcement agencies around the world, including the FBI and Interpol, has been leaked by the Israeli company Cellebrite, according to court documents authorized for publication at the request from Haaretz.

The information dates from 2015 to 2017 and includes nearly half a million emails belonging to senior Cellebrite officials and directors, their internal communications and interactions with customers, invoices and even contracts.

These documents first ended up in the hands of Cellebrite’s main shareholder, the Japanese Sun Corporation. From there, they traveled to Japanese government authorities, who were investigating whether Sun Corporation had used this sensitive Cellebrite information to engage in insider trading.

All of this was done without the knowledge of Cellebrite’s many customers, who shared their internal discussions with a stakeholder (who might have been expected to have access to proprietary information) and Japanese authorities. It also appears to have happened without the knowledge of Cellebrite, who then contacted their legal representatives to assess the potential fallout from this unexpected leak.

In one of the documents, lawyers hired by Cellebrite wrote: “We believe that if knowledge that such sensitive information has been provided to Japanese authorities were to be disclosed to Cellebrite’s customers, it could cause serious reputational damage. of Cellebrite (with these and other customers).”

“Cellebrite’s customers are likely to request full disclosure from Cellebrite relating to information disseminated to foreign authorities, in order to assess their exposure”, according to the legal opinion commissioned by Cellebrite in 2018 and authorized for publication. by Israeli courts. Last week.

It’s not just proprietary information, knowledge of Cellebrite’s customer base and internal communications that raise these concerns. It is also a criminal act in many countries to disseminate sensitive information related to national security efforts or criminal investigations, even if done inadvertently or without malicious intent. The exposure of this leak could see Cellebrite be investigated and accused of mishandling this sensitive information.

The leak shows that many government agencies around the world are current or former clients, including the FBI, DHS, US Marshals Service, ICE, Royal Canadian Mounted Police, Interpol, UK Ministry of Defense and, more strangely, entities like NASA and the Russian Embassy in Tokyo.

With all of this exposed, thanks to a lawsuit between Cellebrite and consultant David Spector, Cellebrite is playing the belated defense, saying it’s nothing more than Spector’s showboating and his massive leak never hurt. to anyone, let alone the now listed company.

The documents, Cellebrite said, were added to the lawsuit by Spector “for public relations purposes only, and in the clear knowledge that this lawsuit is without merit, does not hold water, and is of no public interest.”

Cellebrite pointed out that “the event described in this report occurred five years ago and had no effect on the company’s operations”.

Well, the “for PR purposes” part seems to work, even though that wasn’t Spector’s intention. Cellebrite undoubtedly assures its customers that their communications, as well as the trade secrets that make Cellebrite worth buying, will be well protected. A massive leak like this is far from reassuring.

As to whether this will have any effect on the company’s operations…well, that remains to be seen. When the leak was still secret, it may have had only a minimal effect. But now it’s common knowledge, and it could have negative effects on Cellebrite’s future.

Filed Under: data breach, david spector, hack, leak

Companies: Cellebrite, Sun Corporation