Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Risk

U.K. Police Seek BlackBerry Messages Following Riots

BlackBerry maker Research In Motion has offered to help the police with their investigation, but has not specified what data will be shared.

Strategic Security Survey: Global Threat, LocalPain
Strategic Security Survey: Global Threat, Local Pain
(click image for larger view and for full slideshow)
Much of the current rioting and looting in London has been coordinated not just via Facebook and Twitter, but also via BlackBerry smartphones that use encrypted communications, according to British authorities.

Using social networks to coordinate protests is nothing new. But when it comes to BlackBerry devices, authorities would have difficulty cracking related communications, and in particular the BlackBerry Messenger (BBM) instant messaging system that is reportedly being favored by protestors.

But on Monday, BlackBerry manufacturer Research In Motion (RIM) said that it had offered to assist investigators. "We feel for those impacted by this weekend's riots in London. We have engaged with the authorities to assist in any way we can," said RIM global sales and regional marketing managing director Patrick Spence, in a statement.

"As in all markets around the world where BlackBerry is available, we cooperate with local telecommunications operators, law enforcement, and regulatory officials," he said, adding that RIM would comply with all relevant U.K. laws, as well as the U.K. government and police forces.

Some of the BBM messages, which can be broadcast from one person to many addresses, and transferred anonymously, have been reposted on social networks and across the Web. One BBM message, for example, read: "Police are NOT ON DIS TING. Everyone meet at 7 at Stratford park and let's get rich."

By many accounts, BlackBerry smartphones are a favored device for coordinating the riots, which largely seem to comprise teenagers and people in their twenties. The choice of smartphone, then, isn't surprising, since BlackBerry smartphones account for 37% of the teenage market share in Britain. That's according to a new Communications Market Report from Ofcom, the independent regulator and competition authority for the United Kingdom. "Anecdotal evidence suggests that this preference is driven by the BlackBerry messenger service (BBM) which offers a free alternative to texting (SMS)," according to the report, which was released on Thursday.

How might U.K. law enforcement agencies recover BBM messages, without RIM's overt offer to help? For starters, they'd have to apply for a court order requiring RIM to turn over requested communications. But RIM, based in Canada, wouldn't necessarily have to comply with those requests.

Law enforcement agencies in the United States also face procedural hoops requesting such data. "Law enforcement must use legal process to obtain information transmitted via BlackBerry," said Christopher Wolf, director of the privacy and information management practice at law firm Hogan Lovells and co-chair of the Future of Privacy Forum. "They cannot just present themselves and say, 'Let me see the data traffic.' For a CIO or telecom manager who might receive a demand from the police for access, the first thing he or she should do is call the company's lawyer for help."

In its statement, RIM didn't specify how it would work with British police. Furthermore, the company wasn't immediately available to respond to requests for comment, including details of how it would protect the privacy of people in Britain who may have communicated about--but not participated in--the riots, as well as whether it would share historical location information for subscribers.

The London riots broke out on Saturday. They were apparently triggered after a 29-year-old man, Mark Duggan, was shot in a minicab in the Tottenham area of London by police officers as part of what they termed a "planned operation," on Thursday, investigating gun crime. But details of his shooting remain unclear. That lack of clarity appears to have triggered the initial riots, leading to widespread looting, numerous fires, and multiple confrontations between protestors and police officers. By Monday night, after three days and nights of incidents, the rioting had spread to eight more areas, including the cities of Liverpool and Birmingham.

U.K. police have said they will prosecute anyone who used Twitter or Facebook to instigate violence. Interestingly, however, people in areas affected by the violence have turned to Twitter to coordinate cleanup efforts. By Tuesday, the Twitter account "Clean Up London" (@Riotcleanup) had attracted more than 70,000 followers.

Attend Enterprise 2.0 Santa Clara, Nov. 14-17, 2011, and learn how to drive business value with collaboration, with an emphasis on how real customers are using social software to enable more productive workforces and to be more responsive and engaged with customers and business partners. Register today and save 30% off conference passes, or get a free expo pass with priority code CPHCES02. Find out more and register.

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
AI Is Everywhere, but Don't Ignore the Basics
Howie Xu, Vice President of AI and Machine Learning at Zscaler,  9/10/2019
Fed Kaspersky Ban Made Permanent by New Rules
Dark Reading Staff 9/11/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon Contest
Current Issue
7 Threats & Disruptive Forces Changing the Face of Cybersecurity
This Dark Reading Tech Digest gives an in-depth look at the biggest emerging threats and disruptive forces that are changing the face of cybersecurity today.
Flash Poll
The State of IT Operations and Cybersecurity Operations
The State of IT Operations and Cybersecurity Operations
Your enterprise's cyber risk may depend upon the relationship between the IT team and the security team. Heres some insight on what's working and what isn't in the data center.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-4147
PUBLISHED: 2019-09-16
IBM Sterling File Gateway 2.2.0.0 through 6.0.1.0 is vulnerable to SQL injection. A remote attacker could send specially-crafted SQL statements, which could allow the attacker to view, add, modify or delete information in the back-end database. IBM X-Force ID: 158413.
CVE-2019-5481
PUBLISHED: 2019-09-16
Double-free vulnerability in the FTP-kerberos code in cURL 7.52.0 to 7.65.3.
CVE-2019-5482
PUBLISHED: 2019-09-16
Heap buffer overflow in the TFTP protocol handler in cURL 7.19.4 to 7.65.3.
CVE-2019-15741
PUBLISHED: 2019-09-16
An issue was discovered in GitLab Omnibus 7.4 through 12.2.1. An unsafe interaction with logrotate could result in a privilege escalation
CVE-2019-16370
PUBLISHED: 2019-09-16
The PGP signing plugin in Gradle before 6.0 relies on the SHA-1 algorithm, which might allow an attacker to replace an artifact with a different one that has the same SHA-1 message digest, a related issue to CVE-2005-4900.