Martin Seeger @masek@infosec.exchange
Public

Update 3: You can find my PostMortem here: infosec.exchange/@masek/114721

Update 2: As far as I can tell, the servers that caused the leak belonged to the DOJ in Montana. We reached them in two ways:

  • Through this post we got contact to the vendor of the software. With the Serial# (in the extraction reports) they could identify whom to call.
  • A friend had a contact in one of the affected police department and they reached out to the DOJ.

Thanks to this community I was also able to get a contact within the FBI. Furthermore some media contacted me and a lot of Mastodon users provided me with additional contacts.

Event though I contacted the AG in Monatana and one PD, no one has reached out to me from the DOJ side.

Update 1: Leak is closed. Will write more tomorrow. Thank you to everyone who helped.

Phone forensics

Usually law enforcement is very secretive about them analyzing the phones of suspects.

But a forensic lab in is extremely transparent about it. They put the dump of every phone on a public share. Everyone with Internet access can access those dumps.

While I am usually a proponent of government transparency, this takes it a bit too far even for my taste.

Every phone dump is one directory and some case names can be easily connected to crime & death headline news in the U.S.

So for one case I am pretty sure, that I can even say which Sheriff is responsible for that one of the investigations.

I sent that Sheriff an email, i sent him a text message and I even spoke on his voicebox. I even sent him the extraction report from Graykey.

It is really frustrating that I get no response at all. The leak is still open.

The security researcher that found the leak also tried some contacts but had as little success as I do.

I personally believe that this leaks even constitutes a federal crime. Some cases have names ending on CSAM. The security researcher stayed away from any of those and I did not access the files on that server at all.

So does anybody know someone within the that would give a shit about that. I am getting very tired.

Martin Seeger (@masek@infosec.exchange)

## PostMortem: Assumed DOJ Montana Leak of Phone Dumps ### Type of leak Highly confidential information on a public SMB share without authentication ### Threats from the leak I see the following threats: - Integrity and Confidentiality of investigations into serious crimes compromised - Privacy of U.S. citizens compromised (very likely to contain most intimate data) - Providing 3rd parties hostile to the U.S. with blackmail material 1/4

infosec.exchange · Infosec Exchange

0
0
0

If you have a fediverse account, you can quote this note from your own instance. Search https://infosec.exchange/users/masek/statuses/114697924639525296 on your instance and quote it. (Note that quoting is not supported in Mastodon.)