Data Breach

1.7 TB of data stolen from digital intelligence firm Cellebrite leaked online

1.7 TB of data stolen from Cellebrite, a digital intelligence company that provides tools for law enforcement, were leaked online.

The Israeli mobile forensics firm Cellebrite is one of the leading companies in the world in the field of digital forensics, it works with law enforcement and intelligence agencies worldwide.

One of the most popular services provided by the company is the UFED (Universal Foresenic Extraction Device) which is used by law enforcement and intelligence agencies to unlock and access data on mobile devices.

Hacktivists argued that the tools have been used in the past against journalists, activists, and dissidents around the world.

Many reports [1, 2, 3, 4] claim the technology provided by Cellbrite was used by government to spy on journalists and citizens, violating human rights. Cellebrite has to be aware of the human rights violations of its customers, human rights advocated remarks the company has the responsibility to carry out due diligence on its government clients and monitor misuse of its technology.

The company then became the target of activists and animated whistleblowers.

The data of the Israeli company and of another Swedish forensics firm, MSAB, have been leaked online by the Enlace Hacktivist collective, with the support of a whistleblower, and later through the DDoSsecret platform

“Jan 13, 2023: An anonymous whistleblower sent us phone forensics software and documentation from Cellebrite and MSAB. These companies sell to police and governments around the world who use it to collect information from the phones of journalists, activists, and dissidents.” reads the announce published by Enlace Hacktivist on its page. “Both companies’ software is well documented as being used in human rights abuses[1][2][3] The leaks are available for download as torrents or direct download”

The archive shared by the archivist via Torrent includes the entire Cellbrite suite, along with a huge trove of file used for the localization of software, and technical guides for customers.

Follow me on Twitter: @securityaffairs and Facebook and Mastodon

[adrotate banner=”9″][adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – hacking, Cellebrite)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.

Recent Posts

Cisco addressed high-severity flaws in IOS and IOS XE software

Cisco addressed multiple vulnerabilities in IOS and IOS XE software that can be exploited to…

13 hours ago

Google: China dominates government exploitation of zero-day vulnerabilities in 2023

Google's Threat Analysis Group (TAG) and Mandiant reported a surge in the number of actively…

20 hours ago

Google addressed 2 Chrome zero-days demonstrated at Pwn2Own 2024

Google addressed two zero-day vulnerabilities in the Chrome web browser that have been demonstrated during…

1 day ago

INC Ransom stole 3TB of data from the National Health Service (NHS) of Scotland

The INC Ransom extortion group hacked the National Health Service (NHS) of Scotland and is threatening…

1 day ago

CISA adds Microsoft SharePoint bug disclosed at Pwn2Own to its Known Exploited Vulnerabilities catalog

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds a Microsoft SharePoint vulnerability disclosed at the…

2 days ago

The DDR Advantage: Real-Time Data Defense

This is the advantage of Data Detection and Response (DDR) for organizations aiming to build…

2 days ago

This website uses cookies.