Risk
8/17/2011
12:27 PM
Connect Directly
RSS
E-Mail
50%
50%

Scotland Yard Read Encrypted BlackBerry Messages During Riots

British police officials said they used confiscated BlackBerry smartphones to "break into" encrypted communications.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
What's the easiest way to access an encrypted smartphone communications network? Have a smartphone that can listen in.

At least, that was one tactic employed by police in London as they sought better intelligence on the outbreak of riots across England. So said Tim Godwin, acting police commissioner for the Metropolitan--the country's largest police force, which is more commonly known as Scotland Yard--on Tuesday, as he appeared before the U.K. Parliament's Home Affairs Committee. The committee, which oversees many of the country's police forces, is investigating the success or failure of police tactics used during the riots.

According to Godwin, as riots broke out in 22 of London's 32 boroughs last Monday and threatened to overwhelm police officers, he made the decision to begin eavesdropping and acting on encrypted BlackBerry Messenger (BBM) communications. Godwin said that by using BlackBerry smartphones seized by police, detectives were able to "break into" BBM and gain "live time monitoring," according to the Guardian. As a result, police officers were able to secure locations before rioting broke out, as well as proactively shut down stores and businesses in areas that faced looting. Police were also monitoring Twitter and Facebook, and Godwin's testimony suggested that police may have used confiscated BlackBerry smartphones to gain access to private Twitter feeds.

In Britain, multiple politicians had called for a curfew on BBM--widely used by the rioters, who were largely young and male--as well as social networks, to help quell the unrest. (As some privacy advocates have noted, such tactics echo strategies recently employed by autocratic rulers in such countries as Egypt and Libya, as they clung to power in the face of mass riots.) But Godwin confirmed that the police considered that tactic. "We did consider seeking the legal authority to switch it off. The legality is questionable, very questionable," he said, according to the Guardian.

Interestingly, BlackBerry manufacturer Research In Motion had released a statement in which it offered to assist investigators, in accordance with U.K. laws. Numerous security experts took that to mean that any police requests for BBM communications would, as usual, require a warrant.

Using a seized device to surreptitiously access BlackBerry Messenger communications, however, is gray territory. Furthermore, by detailing the difficulties police faced in amassing intelligence about planned rioting and looting, Godwin may not only be seeking exculpation for that intelligence gathering, but also laying the groundwork for a formal police request for new laws, giving them explicit power to eavesdrop on encrypted communications during times of unrest.

According to the Guardian, Godwin told the committee that police were not "at this moment of time" seeking the ability to deactivate social networks or eavesdrop on encrypted smartphone communications channels, during times of civil unrest. But news reports suggest that police are already working with the domestic intelligence service, MI5, as well as the country's electronic signals intelligence center, the Government Communications Headquarters, to decrypt BBM communications in the hunt for people who organized riots and looting.

Beyond using confiscated BlackBerry smartphones, police monitored riot-related and looting-related public messages sent via Twitter and Facebook, which resulted in multiple arrests.

But some of the resulting sentences have been criticized as being disproportionate. Notably, on Tuesday, two men were sentenced to four years in prison on charges of inciting a riot via Facebook. One 20-year-old man created a Facebook event page for "Smash Down in Northwich Town," and set the McDonald's in his town center as a meeting point. But he was the sole attendee and was arrested by waiting police. In the other case, a 22-year-old man created a Facebook page called "Let's Have a Riot in Latchford," but removed it the next day--after 300 people had viewed it--and published an apology on Facebook.

In handing down the stiff sentences, the judge said they were meant to serve as a deterrent.

At a full-day virtual event, InformationWeek and Dark Reading editors will talk with security experts about the causes and mistakes that lead to security breaches, both from the technology perspective and from the people perspective. It happens Aug. 25. Register now.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-2595
Published: 2014-08-31
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, enables MSM_CAM_IOCTL_SET_MEM_MAP_INFO ioctl calls for an unrestricted mmap interface, which all...

CVE-2013-2597
Published: 2014-08-31
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to gain privileges via an application that lever...

CVE-2013-2598
Published: 2014-08-31
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite signature-verification code via crafted boot-image load-destination header values that specify memory ...

CVE-2013-2599
Published: 2014-08-31
A certain Qualcomm Innovation Center (QuIC) patch to the NativeDaemonConnector class in services/java/com/android/server/NativeDaemonConnector.java in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.3.x enables debug logging, which allows attackers to obtain sensitive disk-encryption pas...

CVE-2013-6124
Published: 2014-08-31
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed by a (1) chown or (2) chmod command, as demonstrated by changing the permissions of an arbitrary fil...

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.