68 comments

[ 3.2 ms ] story [ 112 ms ] thread
>Kelly turned his phone into the White House IT department after he said it wasn't working and the software was not updating correctly, according to the report.

On the bright side, it's not likely that an APT/nation state actor was responsible. Breaking things is pretty amateur hour.

Then again, maybe his phone sucked and they just wanted him to get one with a better mic/camera. Perhaps whatever compromising selfies were not of sufficient quality.

If it was an Android phone they might root it which would prevent updates from applying as those check the integrity of the system partition before applying.
Also possible to prevent a jailbroken iPhone from updating. In fact, it's desirable, so that you maintain your jailbreak.
You think an unaffiliated individual just recreationally hacked the White House Chief of Staff's phone?
My first guess would be random malware, actually.

I'm pretty sure that when nation state actors compromise a high-level target's phone, they avoid breaking things in such obvious fashion.

Writing software is hard. Certainly true for government software too.
It'd be a little funny if it was multiple nation-state actors breaking each others' malware inadvertently.
If I recall correctly, didn't it come out that the NSA managed to accidentally brick the core router handling internet for the whole of of Syria when trying to hack it?
(comment deleted)
If only there were some kind of governmental office of intelligence or something, that could maintain security of our government's communications. Well, I can dream, can't I.
I wondered if it might've been multiple independent compromises interfering with each other. As you say, a single competent one shouldn't be obvious.
> Officials told Politico that Kelly had not used the personal phone since joining the administration in January, and has reportedly been using a different phone since. He reportedly relies on his government phone while at the White House.

Then why did he bring it to the White House IT team because it stopped working/updating?

Edit: To clarify, it's not that he took it to the White House IT team (that's appropriate). It's the question of why he would notice if it wasn't working, the type of technical complaint described in the articles seems to argue a little against him not using it at all.

As an important government official, would you rather he gone to the Verizon store when his phone stopped working?
You’ve completely missed the point of this comment
To play devil's advocate, maybe he was using it for the first time since January and found that it didn't work.
That's the only scenario I could come up with as well. The line about "stopped updating" may be a miscommunication of "he went to update it after not using it since January, found it not working, and brought it to the IT department."
Have I? If a White House official finds their personal device has been hacked or isn't working properly, what is the right next step?
The original comment was just making a point that if he wasn't using the phone he wouldn't have noticed it stopped working/updating. The second portion could have been written as: "Then how did he notice it stopped working/updating?" to avoid some of the confusion.
While English is my first language clearly me at it no good.

I've added an edit to provide the clarity that should've been there initially.

I think they're noting that he claimed that he wasn't using it. Then, how had he noticed it wasn't working properly if he wasn't using it?
There are many possibilities. My money is based on the fact that iOS 11 just came out. "Hmm... I see that there's a new iOS....Better update my personal phone even though I'm not using it at the moment...Wow! This phone is acting weird! Better take it to the security people at work."

I don't know that's what happened, but it's certainly plausible. If it is, it speaks well for Kelly's powers of observation (noticing that the phone was behaving in an unusual way) and ability to choose a proper course of action (taking it to the security professionals at the White House, rather than, as someone else noted, Geek Squad or whatever minimum wage clerk was manning the counter at the Verizon store).

> Then, how had he noticed it wasn't working properly if he wasn't using it?

How about any number of several dozen extremely obvious possibilities. A family photo album is on the personal phone and he wanted to retrieve it, so he used the phone and noticed something was wrong with it. He needed to retrieve contact information for a friend that was stored on it. You know, the same exact reasons any of us might fire up an old phone we still have.

Chanting "Lock it up!", and then not locking it up.
> You’ve completely missed the point of this comment

Which is...?

"If he hasn't used it since January, how did he discover it wasn't working correctly?"
One can power up a device, to see if it's working, without actually using it.
And still that would result in all the data/email/messages syncing to the apps in the mobile. Just powering up -- fires up a whole bunch of background activity without one "actually using it".
Sure, but the issue in this subthread is whether he lied in saying that he hadn't "used" it since January.
They've gotta be better than Geek Squad
(comment deleted)
The Politico article is clearer.

A White House spokesman said Kelly hadn’t used the personal phone often since joining the administration. This official said Kelly relied on his government-issued phone for official communications.

The official, who did not dispute any of POLITICO’s reporting on the timeline of events or the existence of the memo, said Kelly no longer had possession of the device but declined to say where the phone is now.

Kelly has since begun using a different phone, one of the officials said, though he relies on his government phone when he’s inside the White House.

http://www.politico.com/story/2017/10/05/john-kelly-cell-pho...

"often" makes all the difference.

“Not updating correctly” naturally indicates he was on an older version of his phone’s OS.

Remember, only recently we saw fixes released for some pretty serious Wi-Fi vulnerabilities. A close-access attack on a bigh value target like him is not out of the realm of possibility.

(comment deleted)
How is it that with the hundreds of billions we spend on defense tech, why doesn't the USG have its own, private cellular system?
It does. The U.S. Government put money into Iridium and bought half the airtime. Iridium was about to go bankrupt and de-orbit the satellites. That paid off very well when many US agencies had to operate in the sandbox.
Wow, I cant believe that I forgot about Iridium... my mom had a sat phone powered by them when it was consumer... I cant recall her cell bills - but they were massive... Didnt know they were still active.

is there a DB some place that has all the satallittes and their respective owners/services/orbits/launch-dates/etc that is available to the public, even if incomplete and salted with bullshit?

Iridium is quite active. Phones are about $1000, and airtime is about $1-$2 minute. Anywhere on the surface of the Earth that you can see the sky, you can get through with Iridium. You get voice or 9600 baud data. It's extremely useful when nothing else is available, as in much of Puerto Rico right now.

A new constellation of 66 Iridium satellites with more bandwidth is being launched. This will take eight launches. Two launches so far; the third launch is in 2 days, using a Space-X Falcon 9.

There are web sites with satellite orbital data.[1]

[1] http://www.satview.org/

Doesn't that require another set of cell towers?
Not with satellite phones.
Satellite phones are not going to be used instead of properly configured cellular. They are usually far less secure, and more expensive.
The phone network is useful because you can call all other people on the phone network.

Network Effect "law" says that the network's usefulness rises exponentially with its reach.

I feel like this is fairly innocent -- just another tech-illiterate old guy befuddled by all this whizbang technology.

And that's worrying. We need to raise our expectations for our leaders, especially those with high security clearance.

Seems like there should be some kind of "digital maintenance and security" primer before receiving access to national secrets.

(comment deleted)
It was a phone he was told not to use for government security reasons. Befuddled is "whoops, I trusted the nice man in the email" not "whoops, I ignored instructions to specifically not use this device which might not be safe."
Do you have any evidence that he was actually using the phone for communication, rather than just installing a software update that he'd heard about?

The article certainly doesn't say that.

"Tech-illiterate old guys" don't a) notice that a software update for their phone has been released b) try to install the update, c) recognize that something is wrong and d) take the phone to spook-level IT guys to check out.

They don't even get to a), as a rule.

Kelly did the right thing here, as long as he truly hadn't been carrying/using the phone then the compromise is pretty limited.

If he had been using or carrying the phone and it was a failure on the recent update that alerted him then it represents two problems: an operational security one and a scandal.

I hope that his integrity holds up on this one.

I'm still a little confused by the OP's assumption that he's a "tech-illiterate old guy". He's undoubtedly been using secure electronic communication systems for his entire career, and is certainly well-aware of the risks involved with compromised information. He's definitely more clued in than the amateurs who usually get this kind of government gig.

As you say, though, that makes him more culpable if it turns out he has actually been using the phone. But my money says he hasn't been.

(comment deleted)
> I'm still a little confused by the OP's assumption that he's a "tech-illiterate old guy".

I'm not confused by that, I just plain disagree.

Yeah, I'll admit that was a strawman so I could get to my real point about requiring some digital competency before granting access to state secrets.
I went to an ex-NSA officer talk. He says assume all phone in DC are compromised.
Having lived in DC and worked with the military, I can almost guarantee that’s the case

Or else my phone line would click every 15 seconds and forget to ring when calling someone just for the hell of it

Phone taps are done out of band now. As an end user you will never have any indication that your line is tapped.
Only if you hacked into the service provider’s network. But if you are a third party, you’ll likely MITM through one of the roaming protocols or directly on the handset, either of which might give some indication.
you cant expect much from old people
I really hope the NSA is this good at their own hacking...
We all get his phone wasn't breached right?

Or does it need spelling out?

The russians now know our deepest national secret: Trump is actually a genius behind closed doors, his public persona is carefully calebrated to be the bad guy that everyone else can unite against. #BogeyManTheory