After 5 Years, Australia Finally Cracked a Drug Kingpin's BlackBerry

"An encrypted BlackBerry device that was cracked five years after it was first seized by police is poised to be the key piece of evidence in one of the state's longest-running drug importation investigations," reports the Sydney Morning Herald: In April, new technology "capabilities" allowed authorities to probe the encrypted device, which was used by one of the alleged kingpins and revealed 3000 messages over a one-month period, a Sydney court has heard. The development has paved the way for the arrest of another five members of an alleged criminal syndicate.

For at least two of the men — Frank Farrugia and Deniz Kanmez — the cracked BlackBerry was allegedly the "silver bullet" in netting their arrest, according to a source close to the investigation. Strike Force Millstream detectives arrested the five men in a series of raids from Sydney to Dubai last month. The arrests culminated a seven-year investigation into money laundering, criminal groups and at least four commercial importations between 2013-14, valued at $1.5 billion. Nearly two dozen men have been implicated...

It is the second device to be unlocked as part of the investigation, after Canadian authorities successfully cracked another BlackBerry in 2017, which was central in an earlier trial of four men linked to the syndicate.

So the system worked, without a back door

[misnohmer]

This is exactly how the system was supposed to work. When cracking down on a one and half billion dollar criminal organizations, the government able to spend the resources required to crack it. The solution didn't involve a legislated back door to allow the government to go fishing in all of their citizens phones.

Re:

[NoNonAlphaCharsHere]

Whoa. Whoa. Whoa. Dude. Slow down and take one of your pills; you're getting a little excited there.

Re:So the system worked, without a back door

[Freischutz]

Whoa. Whoa. Whoa. Dude. Slow down and take one of your pills; you're getting a little excited there.

He may be an angry dude but he is right about one thing. Some of America's biggest drug lords are the owners of opioid producing drug US based companies. This seems like at least one battle in the ongoing war on drugs that would be easy to win. Just order some visits from FBI agents armed with search warrants and U-Haul trucks to cart the evidence away in followed by a simple change in a few laws. That would be enough to stop them and you wouldn't have to search for these drug kingpins for years on end in the jungles of Mexico, just pick them up at their mansions in Florida. Yet these corporations continue to operate with complete impunity on US soil creating legions of legal drug addicts and leaving thousands of corpses in their wake.

Re:

[NoNonAlphaCharsHere]

He started off well, just made a hard right turn at reality before he really got rolling.
Admittedly, he had me until "and fake nonprofits run by the likes of Bill Gates..." and the foaming and the twitching with the Joos and the Freemasons and the Illuminati and the Lizard People...

Re:

[Pascoea]

Did I miss something? The quoted part was accurate, as a quote should be. What followed wasn't in quotes, so free to use dramatic license.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[fafalone]

Transdermal fentanyl systems rely on complex chemicals to allow the skin to absorb it. You can't absorb enough to hurt you just by touching pure fentanyl, unless you do it with your tongue. That's a drug war propaganda lie.

Re: So the system worked, without a back door

[RandomUsername99]

âoeJust order some visits from FBI agents armed with search warrants and U-Haul trucks to cart the evidence away in followed by a simple change in a few laws.âoe

Oh thatâ(TM)s it, huh? First confiscate billions of dollars worth of legally produced medicine, then simply conjure up some new legislature outlawing a product that is actually still incredibly useful despite being dangerous? I wonder why nobody else thought of that?

Re:

[drinkypoo]

They knew their product was harmful. We know this because they created medications to combat the resulting addiction. Then they broadly promoted the use of the addictive medication in order to sell the cure. If that's not illegal, then the law really is an ass.

Re:

[lessSockMorePuppet]

Because it would be an ex post facto law.

Re:

[Aighearach]

It isn't hard or expensive to manufacture clean chemicals like drugs. Why would it be "contaminated?" It is being made here in the US.

The legal opiates aren't contaminated.

You can often review the books of a nonprofit if you have the time and interest.

Re:

[bloodhawk]

don't waste effort trying logic on a conspiracy theory nutter. If logic worked on them do you really think he would be in a state where he believe the dribble he just spewed out?

Re:

[Dr. Tom]

"What the rabble once learned to believe without reason, who could refute to them by means of reason?" -- Thus spoke Zarathustra

Re:

[Aighearach]

Simply stamping somebody "INSANE" and ignoring them doesn't really show yourself to have any sort of deep understanding about the nature of the discussion.

You want to "win" an argument, so you're right; you can't win an argument on the internet at all, and certainly not against a conspiracy theorist. But it is not guaranteed that feeling right is the only purpose for communication.

It is true that most people can't have a conversation with an insane person, because they don't listen, and they don't respect t

Re:

[geekmux]

It isn't hard or expensive to manufacture clean chemicals like drugs. Why would it be "contaminated?" It is being made here in the US.

The legal opiates aren't contaminated...

Really? Then why are so many legal opioid consumers, dying?

Yes, that's right. You accept and dismiss death while ignoring who engineered that, through a pure process, precisely manufactured and controlled, right down to the laws that created pill mills.

And when legal drugs are killing more people than illegal drugs, the "contamination" in this market, becomes clear.

Re:

[Opportunist]

Maybe because legal opoid consumers don't get to use them legally to enjoy a high? I don't know why opoid medication is prescribed in your country, in mine you get it e.g. to make terminal cancer a bit less painful.

Re:

[Antique Geekmeister]

It's often overprescribed in the USA. Look up the abuses by the manufacturers of Ocycontin for examples. The result has beeen that its legitimate use is profoundly hindered by paperwork for poor, ill people.

Re:

[Anonymous Coward]

The legal opiates aren't contaminated...

Really? Then why are so many legal opioid consumers, dying?

There aren't that many legal opioid users dying relative to the illegal opioid users. Most of those are from overdose not contamination.

The problem is far more illegal opioid users come from having been legal opioid users, having their legal means of obtaining the drug removed while not having dependency issues addressed.

Once the legal option is taken away, they turn to other options to get the drug, and those options include street heroin which certainly can be "contaminated" (cut with other unknown crap)

Re:

[Aighearach]

It isn't hard or expensive to manufacture clean chemicals like drugs. Why would it be "contaminated?" It is being made here in the US.

The legal opiates aren't contaminated...

Really? Then why are so many legal opioid consumers, dying?

Hey cluestick, instead of blurting this out like a moron, you could look it up.

Go on, go look it up: Do opiate addicts who source their drugs from a pharmacy die from contaminated drugs, or is there some other situation that is responsible for the deaths? Was it a hard question to get the answer to?

Re:

[gweihir]

Before the utterly insane "war on drugs" started, Heroine and Cocaine in medical grade quality was readily available and at very reasonable cost, at least in Europe. Anybody with a steady job could easily afford it. And Heroine users usually can hold those down. Given a clean supply of constant quality, they are not even much more sick or do not really die earlier. Cocaine is a bit more problematic, but nothing really matches alcohol or smoking in its destructive effects.

Then the "war on drugs" started and

Re:

[Cylix]

Look, Bill Gates might be creating and distributing mind altering substances, but that does not make him a bad guy.

I dare say 100% of users polled say his super heroin had a positive impact on their life. They made these claims knowing full well they get coupons regardless of their statements.

The real question is why have you not tried BG Super Heroin? You must be a bigot and misogynist!

Re:

[arglebargle_xiv]

The real question is why have you not tried BG Super Heroin? You must be a bigot and misogynist!

Stay away from that shit, I tell you! I booted up my Windows 7 PC and that crap made the UI look batshit crazy, all square blocks and animated tiles and tons of pastel-coloured empty space with hair-thin fonts, the worst heroin trip I've ever had. And the scariest thing is that the effects seem to be permanent, even after I thought the BG heroin had worn off my Windows still looks like something from a drug trip.

Re: So the system worked, without a back door

[Anonymouse Cowtard]

^- Currently modded (0, Interesting). This is why I come to /.

Re:

[Anonymous Coward]

I would not exactly call having to wait 5 years to arrest criminals how it is supposed to work, if anything this can easily be used as an example of the problems of encryption and I bet that is exactly how it will be portrayed. "These scumbags got an extra 5 years freedom as they were able to conceal the evidence.", Personally I think this is an unfortunate but necessary side affect of our right for privacy. Perhaps if the government hadn't repeatedly proven time and time again that they cannot be trusted w

Re:

[Cylix]

We should also give up any aspect of privacy in our lives and allow the government to observe our fornication. If done correctly we may not go to jail. Assuming you have not committed wrong think recently.

Re:So the system worked, without a back door

[misnohmer]

Wheels of justice turn slowly. The higher the crime, the longer it takes. Large criminal cases take years to investigate, and year to prosecute, all the while the accused are free or out on bail. It's setup this way on purpose. Yes, it favors criminals, but its main purpose is to defend the innocent. Better to let 9 guilty people go than put 1 innocent person in jail - remember? If you don't like that system, move to places where they have summary judgement, where a local police chief can sentence you to severe whipping or even hanging - extremely efficient, no need for cracking encryption either, criminals unlock the phone for them in a hurry in exchange for not getting tortured or killed. Good luck to you, I hope you are never accused of anything in a system like that.
 

Re:

[hacker_news_rocks]

I'm saving this. More ammunition to fight the tech illiterate who seek to rob us of our liberty.

Re:So the system worked, without a back door

[thegarbz]

This is exactly how the system was supposed to work.

That's one person's perspective. Let me provide two other perspectives:

Drug kingpin: Encryption should be unbreakable.
Police: Encryption should have backdoors.

You're speaking from the perspective of a 3rd party, happy that the government is able to crack providing the resource cost is high to do so. It worked in this scenario, but the reality is it usually works more in the favour of the criminal organisation.

Just to be clear, I agree with you, but just pointing out the obvious bias of your opinion, a bias that is formed based on your position in this matter and the legal history that protects your privacy.

Re:

[misnohmer]

Of course, but why stop at encryption? The extreme points of view you mention are valid at a much wide scope:

Drug kingpin: there should be no law enforcement at all, except for private armies enforcing the kingpin's rules
Police: law enforcement should have unlimited powers, including just shooting criminals whenever the police believe they are guilty

So yes, there will absolutely be people at each edge of the spectrum. A reasonable society sets up law enforcement and justice system. Unfortunately it is impos

Re:

[Dr. Tom]

retweet

Re:

[Impy the Impiuos Imp]

Do we even need to get into how mandated backdoors are a regular tool of oppressive governments to track dissent?

Our misguided politicians and police lament crimes, when billions around the world live with "a boot stepping on their face, forever."

Re:

[Opportunist]

I'm with the drug lord here. It's kinda like with the pedos, the chance of them having a negative impact on my life are simply lower.

Re:

[Dr. Tom]

unfollow

Re:

[Opportunist]

What? "Me first, to hell with the rest" is the American way.

Re:

[AmiMoJo]

I'm surprised that the accomplices they just arrested didn't spend the last few years creating new identities and disappearing, given they knew that the police had the phone. Did they just assume it would never be cracked?

Re:

[SvnLyrBrto]

I'm pretty sure that creating a new identity... one that will hold up to more than the most cursory scrutiny anyway... is a lot harder than most people realize. When I was a teenager in the BBS scene, I had the whole series of Anarchist/JollyRoger Cookbook, Poor Man's James Bond, Steal this Book, Hayduke/Revenge, and similar, books and text file archives. Most of these, were (obviously, in retrospect) written in the days of the civil unrest, phreaking, and early hacking, of the late '60s through the '70s

Re:

[SirCowMan]

Except, Blackberry's did have a backdoor for the most part, unless you're using BES. In which case, they shouldn't - that's the intent - but likely still did. Roughly contemporary: https://www.schneier.com/blog/... [schneier.com]

Re:

[VictoriaBMW]

Hey ! Looking for some fun to get into? Me too! Let's get to know each other on a much more personal level ==>> https://is.gd/profile26438 [is.gd]

Re:

[aviators99]

>The solution didn't involve a legislated back door to allow the government to go fishing in all of their citizens phones.

Are we sure? The first thing I thought of was that they were able to figure out one of the NSA backdoors, which was a direct result of legislation (PATRIOT Act).

Re:

[S_Stout]

True, but we will eventually hit a point where it will be impossible to get in without a backdoor, and that's what governments are trying to get ahead of.

Like solving exp probs in linear time by waiting..

[retiarius]

Quote: "Back when Moore’s Law was the norm, there was a linear algorithm for all exponential problems: wait for computers to improve, then run the program."

Re:

[Opportunist]

The thing with encryption is that you can future proof it exponentially with just a tiny bit of inconvenience. Waiting 5 seconds instead of 1 to open a file makes the encryption future proof for 500 years instead of 1.

Re:

[gweihir]

The thing with encryption is that you can future proof it exponentially with just a tiny bit of inconvenience. Waiting 5 seconds instead of 1 to open a file makes the encryption future proof for 500 years instead of 1.

Very true. But that requires several thing, and, surprisingly, the first one is actual insight into how cryptography works. For example, I know a fortune 500 bank that does not have a crypto expert, and I needed to explain basic things to them. And then you get the "usability over everything" people, that mess everything up. These are primarily in the user-side. And then you get flawed implementations (because code must be cheap), flawed update models (because code signing is too complicated), and a lot of

Re:

[Opportunist]

I have a perfect solution for this: "Here's a paper for you to sign that I told you about the security implications, and as a CISO you're pretty much expected to understand what's written here, because you certainly have this job for your qualifications, ain't it so."

Re:

[gweihir]

I have a perfect solution for this: "Here's a paper for you to sign that I told you about the security implications, and as a CISO you're pretty much expected to understand what's written here, because you certainly have this job for your qualifications, ain't it so."

That one fails in practice. A former co-worker used to joke that "CISO" is ancient Greek for "The lamb to be killed first". Also remember the Equifax CISO? Was a music major. I have seen ineffective and neutered CISOs time and again. And ones that left because they _did_ understand what was going on and saw that they were prevented from doing anything about it. No, something like that needs to go straight to the CEO, with personal criminal liability, i.e. prison time for screwing up.

Re:

[Opportunist]

Good luck getting to even talk to the CEO as some pentesting nobody.

Re:

[gweihir]

Good luck getting to even talk to the CEO as some pentesting nobody.

Indeed. But pen-testers are only testers. If you have a competent CISO between the CEO and the pen-testers, or for a larger organization also a bunch of competent security architects, _and_ the ass of the CEO is on the line, things would look a bit different. The worst a CEO has to fear these days is a golden parachute. That must change.

Re:

[Opportunist]

I don't know about your country, in mine they are already personally liable if they can't show that they did anything "reasonable" to prevent security disasters.

So my strategy now is to call what I recommend "reasonable". And, lo and behold, it works.

I'm more surprised that

[Solandri]

someone of consequence was still using a Blackberry as recently as 5 years ago [statista.com].

Re:

[Vomitgod]

so someone has to stop using a perfectly usable piece of technology....just because? I better throw out my mega drive, master system, commodore c64, amiga, etc - can't use them anymore either I suppose........

Re:

[misnohmer]

Yea, how preposterous that some criminals are not keeping up with the latest fads. Sounds like a gap in Apple or Google advertising, imagine the lost revenue from a $1.5B organization.

Re:

[SirCowMan]

BB10 was quite nice, particularly as it was on the Playbook, and the Passport was a really nice phone, and did run Android apps within. The passport in particular is pretty easy to break down with modular components easily replaced. If it had the equivalent of 'root' access, I'd still be using it & really miss that keyboard - it was a great phone. The writing was on the wall though, as 2016 was the last OS update and their switch to Android was already begun.

Re:

[gweihir]

There is no problem doing that, In fact, I use one today. Of course, I use GnuPG for all secret email and do not read that on my phone. The problem is rather bad operational security, where breaking a device after taking it away from the user gets you in. That problem has been solved decades ago.

New technology capabilities?

[keithdowsett]

So, did they sieze a bitcoin mining array from some lowlife and re-purpose it for crypto, or just get the budget for a whole heap of time on an Amazon supercomputer?

Anyone in Oz want to leak something interesting?

Re:

[Canberra1]

Nah, a technical assistance bill based in Australia, now means Canada may choose to render assistance - and now has more excuses to go along- beside Blackberry now out of the game. In theory they could also serve similar orders against American companies, who will probably tell them to piss off. Best all dealers sick 'NOFORN' in their messages, and allude to paying bribe to elected congresscritters.

Re:

[justinleona]

Much more likely someone found a zero-day that allowed them to bypass critical parts of phone's security apparatus. Most phones use simple PINs combined with attempt limiting restrictions built into the OS. If you can figure out a way to bypass the restrictions, you can easily crack it in a few seconds.

Passwords don't do much better either - very few people are willing to learn a truly randomized password and type it into their phone frequently, so standard cracking tools would make quick work of it.

Re:

[swillden]

Much more likely someone found a zero-day that allowed them to bypass critical parts of phone's security apparatus.

Or they dug the crucial secrets out of the hardware. Typically some entropy from the PIN is also used, but given the hardware-bound secrets it's trivial to brute force the PIN off-device.

so which phone is most secure nowadays?

[Anonymous Coward]

what phone has the best anti-cracking status now?

Re:

[ebvwfbw]

From news reports it seems that Android is best. Police seem to be able to crack Apple in a matter of days. As shown in this case if they can crack it at all, it takes years.

And that's with the phone being "old technology"

[doubledown00]

Imagine what someone could do today if they designed a similarly situated secure device.
Of course the governments of the world today would never let said company do something dumb like release it for general use.

Re:

[Anonymous Coward]

Imagine what someone could do today if they designed a similarly situated secure device. Of course the governments of the world today would never let said company do something dumb like release it for general use.

They'd get Huawei'd in an instant.

Morale: Do not trust your phone

[gweihir]

Once again, for a minor, once-only case, general trust in a large infrastructure is destroyed. And for a cause that is known to not have any benefits but a lot of downsides: "Fighting" drug use. Short-sighted authoritarianism at work.