San Bernardino County DA: Dec. 2 terrorist may have been planning cyber attack
SBSun: A legal brief filed Friday in U.S. District Court in Riverside by San Bernardino County’s top prosecutors said Syed Rizwan Farook may have planted a virus on his work-issued iPhone that could launch a cyber attack capable of infecting and crashing the county’s computer network.
iPhone Amicus Brief that explains the infecting malware.
The brief, filed by District Attorney Michael Ramos and Chief Deputy District Attorney Gary Fagan, is one of several that were filed this week supporting a federal magistrate’s Feb. 16 order compelling Apple Inc. to help the FBI access an encrypted work-issued iPhone used by Farook.
“The iPhone is a county owned telephone that may have connected to the San Bernardino County computer network,” Ramos and Fagan wrote in their friend of the court brief, one of several filed this week in support of the government. “The seized iPhone may contain evidence that can only be found on the seized phone that it was used as a weapon to introduce a lying dormant cyber pathogen that endangers San Bernardino County’s infrastructure.”
A plethora of briefs were also filed by some the world’s biggest technology companies, digital privacy advocates and civil liberty organizations including Facebook, Amazon.com, Pinterest, Microsoft, Snapchat, Yahoo, and the American Civil Liberties Union in support of Apple.
Armed with assault rifles and clad in tactical gear, Farook, 28, and his wife, Tashfeen Malik, 29, walked into the Inland Regional Center in San Bernardino shortly before 11 a.m. Dec. 2 and opened fire on a crowd of about 70 people, killing 14 people and wounding 22 others. The Redlands couple were killed in a shootout with police hours after the attack.
Most of those killed or wounded in the mass shooting, including Farook, were employees of the county’s environmental health services division, who were attending a training seminar that morning.
FBI agents found two smashed mobile phones in a dumpster behind Farook’s Redlands townhouse, and his work-issued iPhone 5C was found, intact but passcode encrypted, in a black Lexus parked in front of the residence. Investigators believe that phone contains communications between Farook and some of the victims and possible other information that could be germane to the criminal investigation.
Ramos and Fagen are the first to broach the subject of a possible cyber attack Farook may have been planning.
AdvertisementFarook’s employment with the county provided him access to information that could have made the county vulnerable to a security breach and exposed employees to danger, Ramos said Friday in a telephone interview.
He said survivors of the shooting and family members of those killed in the attack are trying to move on with their lives but still have questions about the attack, such as why they were targeted and if they face future threat.
“All of this information could be on that one phone. (Farook and Malik) were using phones and hard drives, we believe, to prepare for these terrorist attacks,” Ramos said.
He said U.S. Magistrate Sheri Pym’s Feb. 16 order followed the letter of the law, and the U.S. Constitution.
“A federal magistrate determined there was probable cause to issue a search warrant to have Apple allow the FBI access to that information on the phone,” Ramos said. “Nobody’s rights are being violated. No one’s.”
Survivors of the shooting and family members of those who died still have questions about whether there was a third shooter, according to the prosecutors’ brief.
“Although the reports of three individuals were not corroborated, and may ultimately be incorrect, the fact remains that the information contained solely on the seized iPhone could provide evidence to identify, as of yet, unknown coconspirators who would be prosecuted by the district attorney for multiple murders and attempted murders in San Bernardino County,” the brief states.
Those sentiments were raised in another friend of the court brief filed Thursday on behalf of some of the victims of the shooting and surviving family members, one of whom wrote a personal letter to Apple CEO Tim Cook saying many victims claim to have seen “three assailants, not two, walking around in heavy boots as they carried out their murders.”
FBI spokeswoman Laura Eimiller said that forensic evidence indicates two weapons were fired at IRC, and that victim/witness accounts often vary during traumatic events.
While the majority of victims said they saw two shooters, some said there was only one and others said there were three, Eimiller said in an e-mail.
“Our investigation is continuing and we will continue to evaluate any new information that is developed or that comes our way,” Eimiller said.