
FBI Returns Seized Devices to EFF Client - DiabloD3
https://www.eff.org/deeplinks/2015/11/eff-pleased-announce-return-our-clients-equipment
======
staunch
The tweet
[https://twitter.com/Sidragon1/status/588433855184375808?ref_...](https://twitter.com/Sidragon1/status/588433855184375808?ref_src=twsrc%5Etfw)

~~~
SeanDav
I am always amazed at the authorities reaction to this. In the entire history
of modern communications has a terrorist ever announced publicly and in
advance that he/she/they are now going to go out to place "xyz" at time
"nn:nn" and going to do "some despicable act", so please come arrest me?

There are examples of course about warning about planted explosives etc (The
IRA did this all the time), but these never include an invitation to apprehend
the actual culprit - but rather as terror tactics in their own right.

~~~
njharman
It doesn't matter. Authorities (at least their managers/directors) think in
terms of PR/Damage Control and Risk. The fallout if they did nothing and
something happened (maybe even just reporter reporting that tweet was ignored
by FBI) would be enormous. Much, much worse than fallout that occurs for
"overreacting".

And once they've reacted it's very hard to admit they are wrong or ever let go
(as in they are unwilling to accept PR/blame). Just to avoid the .001% chance
of headline "FBI had perpetrator in custody but let him go!"

Sadly, the public is a ignorant, fickle, short-sided, lynch mob. Public facing
organizations are(have to be) driven by risk mitigation rather than being
effective.

------
dan-silver
Is there any easy way to determine if the equipment can be trusted?

Does anyone offer services in this area and how much would it cost him?

~~~
mariuolo
A security researcher obviously can't trust those devices anymore.

If I were him I would sell them and buy new ones.

~~~
scintill76
Maybe I have an overactive conscience, but I'd feel kind of wrong about
selling without disclosing that I had good reason to believe it was
compromised (a serious, unfixable, almost-invisible defect), and probably
nobody would buy if I told them that.

~~~
alsetmusic
Agreed. This would be similar to knowingly selling a defective device, only
much worse.

But another thought that crosses my mind is that future disclosures and
research may give him new insight to inspect the equipment and try to
understand the extent of potential compromise. I would replace it but then
hold onto it forever. Twenty years from now, the parts could be a goldmine for
documenting what will surely be a historically significant time in the world
of surveillance and privacy.

------
gherkin0
Is this the guy who claimed he hacked into an engine control computer via the
in-flight entertainment system network?

So is this evidence that he didn't actually do that, or just that the FBI was
unable to decrypt or otherwise get anything useful from his devices?

~~~
kobayashi
Part 1) Yes

Part 2) I don't know

~~~
briandh
Part 1) This is according merely to an FBI affidavit [1] applying for a search
warrant, much less a charge or conviction. Roberts has claimed he was
misrepresented, albeit understandably coyly [2]. "Yes" is an uncritical
answer.

[1] [http://www.wired.com/wp-content/uploads/2015/05/Chris-
Robert...](http://www.wired.com/wp-content/uploads/2015/05/Chris-Roberts-
Application-for-Search-Warrant.pdf)

[2] [http://www.slideshare.net/EC-Council/a-funny-thing-
happened-...](http://www.slideshare.net/EC-Council/a-funny-thing-happened-on-
the-way-to-the-airport-chris-roberts) (slide 10; apropos nothing, this was a
very boring and actually mildly annoying talk)

------
Karunamon
Given the current security climate, if that were my stolen gear, I'd treat it
all as suspect and burn the lot in a barrel.

There's no telling who's done what to it or what kind of nasties are now in
the firmware.

~~~
ars
I think you are overestimating both the ability and the budget of the FBI.

~~~
DanBC
The FBI are a government agency, with some funds, and they had physical access
to the devices, for some time.

The devices absolutely cannot be trusted.

Whether a person cares about trusting the FBI or not (or thinks they're happy
with just flashing the firmware and replacing the harddrives) is another
thing.

------
zyxley
The question is if any of that equipment can still be trusted.

~~~
vinceguidry
Inspect it for hardware modifications, and, assuming there are none, perform a
factory reset and you're good.

The amount of engineering the Feds would have to do to ensure a hack evades
those two safeguards is prohibitive.

~~~
ranman
Agreed; people overestimate the technological expertise of the U.S. Govt. --
in my anecdotal experience they're laughably behind.

~~~
burnte
Isn't that what we thought before Snowden showed us the NSA reprogramming
firmware? I know that I said it was being blown out of proportion when the
Snowden leaks started, and boy was I wrong.

~~~
fit2rule
Snowden showed us that the 5-eyes countries are actively producing and
marketing - in their own secret organizations with secret, anti-democratic
agreements - massive-scale spy and intrusion technologies. Anti-democratic,
freedom-defeating agreements for the purpose of total information control over
human civilization.

Massive-scale, actually: full-spectrum.

There are no aspects of modern technology infrastructure that are off the
table in these realms: all systems are targets. Planet-wide.

So, its not just that the NSA will be reprogramming firmware or putting key
sniffers in your macbook or writing 0-day exploits. Its that they'll listen to
everything, anywhere along the wire, as they see fit.

------
OliverJones
Not only have tweets become news, they've become evidence of crimes. Law
enforcement and newsgathering both have been reduced to searching for
140-character wisecracks and following the wisecrackers.

Why would a serious person, especially a security researcher, write a tweet
except to manipulate the press or law enforcement?

How about a little white-hat opsec and infosec?

~~~
ikeboy
1\. The tweet wasn't news, his arrest was news 2\. The tweet wasn't evidence
for a crime, it was evidence that a warrant was justified, and other evidence
included a supposed admission to the FBI. See [http://www.wired.com/wp-
content/uploads/2015/05/Chris-Robert...](http://www.wired.com/wp-
content/uploads/2015/05/Chris-Roberts-Application-for-Search-Warrant.pdf)

------
wereHamster
I wonder if you could play two gov agencies against each other: Dear IRS, I
can't fill out the tax form because the FBI seized all my electronic equipment
which contained relevant information. FBI's response to IRS's inquiry to
return the devices: We lost them (alternative: we managed to destroy all data
contained on them, pick one depending on how much you believe in hanlon's
razor). The hypothetical me to IRS: I'm not paying any taxes until you guys
figure that shit out lol.

~~~
JadeNB
While funny, I think that this falls into the trap of believing that the
various bits of the government must operate robotically according to strict,
logical principles. There are humans in the system who, for better or worse,
can act according to what they perceive as the spirit, rather than the letter,
of the law.

------
GaiusCoffee
Is the EFF Client Chris Roberts, the game developer of Star Citizen?

