Risk
8/9/2011
11:33 AM
Connect Directly
RSS
E-Mail
50%
50%

U.K. Police Seek BlackBerry Messages Following Riots

BlackBerry maker Research In Motion has offered to help the police with their investigation, but has not specified what data will be shared.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Much of the current rioting and looting in London has been coordinated not just via Facebook and Twitter, but also via BlackBerry smartphones that use encrypted communications, according to British authorities.

Using social networks to coordinate protests is nothing new. But when it comes to BlackBerry devices, authorities would have difficulty cracking related communications, and in particular the BlackBerry Messenger (BBM) instant messaging system that is reportedly being favored by protestors.

But on Monday, BlackBerry manufacturer Research In Motion (RIM) said that it had offered to assist investigators. "We feel for those impacted by this weekend's riots in London. We have engaged with the authorities to assist in any way we can," said RIM global sales and regional marketing managing director Patrick Spence, in a statement.

"As in all markets around the world where BlackBerry is available, we cooperate with local telecommunications operators, law enforcement, and regulatory officials," he said, adding that RIM would comply with all relevant U.K. laws, as well as the U.K. government and police forces.

Some of the BBM messages, which can be broadcast from one person to many addresses, and transferred anonymously, have been reposted on social networks and across the Web. One BBM message, for example, read: "Police are NOT ON DIS TING. Everyone meet at 7 at Stratford park and let's get rich."

By many accounts, BlackBerry smartphones are a favored device for coordinating the riots, which largely seem to comprise teenagers and people in their twenties. The choice of smartphone, then, isn't surprising, since BlackBerry smartphones account for 37% of the teenage market share in Britain. That's according to a new Communications Market Report from Ofcom, the independent regulator and competition authority for the United Kingdom. "Anecdotal evidence suggests that this preference is driven by the BlackBerry messenger service (BBM) which offers a free alternative to texting (SMS)," according to the report, which was released on Thursday.

How might U.K. law enforcement agencies recover BBM messages, without RIM's overt offer to help? For starters, they'd have to apply for a court order requiring RIM to turn over requested communications. But RIM, based in Canada, wouldn't necessarily have to comply with those requests.

Law enforcement agencies in the United States also face procedural hoops requesting such data. "Law enforcement must use legal process to obtain information transmitted via BlackBerry," said Christopher Wolf, director of the privacy and information management practice at law firm Hogan Lovells and co-chair of the Future of Privacy Forum. "They cannot just present themselves and say, 'Let me see the data traffic.' For a CIO or telecom manager who might receive a demand from the police for access, the first thing he or she should do is call the company's lawyer for help."

In its statement, RIM didn't specify how it would work with British police. Furthermore, the company wasn't immediately available to respond to requests for comment, including details of how it would protect the privacy of people in Britain who may have communicated about--but not participated in--the riots, as well as whether it would share historical location information for subscribers.

The London riots broke out on Saturday. They were apparently triggered after a 29-year-old man, Mark Duggan, was shot in a minicab in the Tottenham area of London by police officers as part of what they termed a "planned operation," on Thursday, investigating gun crime. But details of his shooting remain unclear. That lack of clarity appears to have triggered the initial riots, leading to widespread looting, numerous fires, and multiple confrontations between protestors and police officers. By Monday night, after three days and nights of incidents, the rioting had spread to eight more areas, including the cities of Liverpool and Birmingham.

U.K. police have said they will prosecute anyone who used Twitter or Facebook to instigate violence. Interestingly, however, people in areas affected by the violence have turned to Twitter to coordinate cleanup efforts. By Tuesday, the Twitter account "Clean Up London" (@Riotcleanup) had attracted more than 70,000 followers.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
Partner Perspectives
What's This?
In a digital world inundated with advanced security threats, Intel Security seeks to transform how we live and work to keep our information secure. Through hardware and software development, Intel Security delivers robust solutions that integrate security into every layer of every digital device. In combining the security expertise of McAfee with the innovation, performance, and trust of Intel, this vision becomes a reality.

As we rely on technology to enhance our everyday and business life, we must too consider the security of the intellectual property and confidential data that is housed on these devices. As we increase the number of devices we use, we increase the number of gateways and opportunity for security threats. Intel Security takes the “security connected” approach to ensure that every device is secure, and that all security solutions are seamlessly integrated.
Featured Writers
White Papers
Cartoon
Current Issue
Dark Reading's October Tech Digest
Fast data analysis can stymie attacks and strengthen enterprise security. Does your team have the data smarts?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2013-4594
Published: 2014-10-25
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.

CVE-2014-0476
Published: 2014-10-25
The slapper function in chkrootkit before 0.50 does not properly quote file paths, which allows local users to execute arbitrary code via a Trojan horse executable. NOTE: this is only a vulnerability when /tmp is not mounted with the noexec option.

CVE-2014-1927
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly quote strings, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "$(" command-substitution sequences, a different vulnerability than CVE-2014-1928....

CVE-2014-1928
Published: 2014-10-25
The shell_quote function in python-gnupg 0.3.5 does not properly escape characters, which allows context-dependent attackers to execute arbitrary code via shell metacharacters in unspecified vectors, as demonstrated using "\" (backslash) characters to form multi-command sequences, a different vulner...

CVE-2014-1929
Published: 2014-10-25
python-gnupg 0.3.5 and 0.3.6 allows context-dependent attackers to have an unspecified impact via vectors related to "option injection through positional arguments." NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-7323.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Follow Dark Reading editors into the field as they talk with noted experts from the security world.