
John Kelly's phone was breached as early as December - subcosmos
http://thehill.com/homenews/administration/354156-john-kellys-phone-was-breaches-as-early-as-december-report?amp
======
iaw
> Officials told Politico that Kelly had not used the personal phone since
> joining the administration in January, and has reportedly been using a
> different phone since. He reportedly relies on his government phone while at
> the White House.

Then why did he bring it to the White House IT team because it stopped
working/updating?

Edit: To clarify, it's not that he took it to the White House IT team (that's
appropriate). It's the question of why he would notice if it wasn't working,
the type of technical complaint described in the articles seems to argue a
little against him not using it at all.

~~~
subcosmos
They've gotta be better than Geek Squad

------
rl3
> _Kelly turned his phone into the White House IT department after he said it
> wasn 't working and the software was not updating correctly, according to
> the report._

On the bright side, it's not likely that an APT/nation state actor was
responsible. Breaking things is pretty amateur hour.

Then again, maybe his phone sucked and they just wanted him to get one with a
better mic/camera. Perhaps whatever compromising selfies were not of
sufficient quality.

~~~
chc
You think an unaffiliated individual just recreationally hacked the White
House Chief of Staff's phone?

~~~
rl3
My first guess would be random malware, actually.

I'm pretty sure that when nation state actors compromise a high-level target's
phone, they avoid breaking things in such obvious fashion.

~~~
makomk
If I recall correctly, didn't it come out that the NSA managed to accidentally
brick the core router handling internet for the whole of of Syria when trying
to hack it?

~~~
dsl
That is an unsubstantiated claim from Snowden.

CYBERCOM did launch a DDoS attack against North Korea recently, and it is
strongly suspected that they have done so previously (like in retaliation to
the Sony hack).

[https://www.washingtonpost.com/world/national-
security/trump...](https://www.washingtonpost.com/world/national-
security/trump-signed-presidential-directive-ordering-actions-to-pressure-
north-korea/2017/09/30/97c6722a-a620-11e7-b14f-f41773cd5a14_story.html)

------
ghughes
Link to the original report: [http://www.politico.com/story/2017/10/05/john-
kelly-cell-pho...](http://www.politico.com/story/2017/10/05/john-kelly-cell-
phone-compromised-243514)

------
kelukelugames
I went to an ex-NSA officer talk. He says assume all phone in DC are
compromised.

~~~
cgb223
Having lived in DC and worked with the military, I can almost guarantee that’s
the case

Or else my phone line would click every 15 seconds and forget to ring when
calling someone just for the hell of it

~~~
Teever
Phone taps are done out of band now. As an end user you will never have any
indication that your line is tapped.

~~~
beagle3
Only if you hacked into the service provider’s network. But if you are a third
party, you’ll likely MITM through one of the roaming protocols or directly on
the handset, either of which might give some indication.

------
cujic9
I feel like this is fairly innocent -- just another tech-illiterate old guy
befuddled by all this whizbang technology.

And that's worrying. We need to raise our expectations for our leaders,
especially those with high security clearance.

Seems like there should be some kind of "digital maintenance and security"
primer before receiving access to national secrets.

~~~
Turing_Machine
"Tech-illiterate old guys" don't a) notice that a software update for their
phone has been released b) try to install the update, c) recognize that
something is wrong and d) take the phone to spook-level IT guys to check out.

They don't even get to a), as a rule.

~~~
iaw
Kelly did the right thing here, as long as he truly hadn't been carrying/using
the phone then the compromise is pretty limited.

If he had been using or carrying the phone and it was a failure on the recent
update that alerted him then it represents two problems: an operational
security one and a scandal.

I hope that his integrity holds up on this one.

~~~
Turing_Machine
I'm still a little confused by the OP's assumption that he's a "tech-
illiterate old guy". He's undoubtedly been using secure electronic
communication systems for his entire career, and is certainly well-aware of
the risks involved with compromised information. He's definitely more clued in
than the amateurs who usually get this kind of government gig.

As you say, though, that makes him more culpable if it turns out he has
actually been using the phone. But my money says he hasn't been.

~~~
cujic9
Yeah, I'll admit that was a strawman so I could get to my real point about
requiring some digital competency before granting access to state secrets.

------
willstrafach
“Not updating correctly” naturally indicates he was on an older version of his
phone’s OS.

Remember, only recently we saw fixes released for some pretty serious Wi-Fi
vulnerabilities. A close-access attack on a bigh value target like him is not
out of the realm of possibility.

~~~
willstrafach
s/bigh/high

------
champagnepapi
I wonder the type of phone he had??

------
myrandomcomment
I really hope the NSA is this good at their own hacking...

------
samstave
How is it that with the hundreds of billions we spend on defense tech, why
doesn't the USG have its own, private cellular system?

~~~
Animats
It does. The U.S. Government put money into Iridium and bought half the
airtime. Iridium was about to go bankrupt and de-orbit the satellites. That
paid off very well when many US agencies had to operate in the sandbox.

~~~
samstave
Wow, I cant believe that I forgot about Iridium... my mom had a sat phone
powered by them when it was consumer... I cant recall her cell bills - but
they were massive... Didnt know they were still active.

is there a DB some place that has all the satallittes and their respective
owners/services/orbits/launch-dates/etc that is available to the public, even
if incomplete and salted with bullshit?

~~~
Animats
Iridium is quite active. Phones are about $1000, and airtime is about $1-$2
minute. Anywhere on the surface of the Earth that you can see the sky, you can
get through with Iridium. You get voice or 9600 baud data. It's extremely
useful when nothing else is available, as in much of Puerto Rico right now.

A new constellation of 66 Iridium satellites with more bandwidth is being
launched. This will take eight launches. Two launches so far; the third launch
is in 2 days, using a Space-X Falcon 9.

There are web sites with satellite orbital data.[1]

[1] [http://www.satview.org/](http://www.satview.org/)

------
aaron695
We all get his phone wasn't breached right?

Or does it need spelling out?

------
OscarTheGrinch
The russians now know our deepest national secret: Trump is actually a genius
behind closed doors, his public persona is carefully calebrated to be the bad
guy that everyone else can unite against. #BogeyManTheory

